Security: what needs to change in 2019?

By Simon Eid, Area Vice President, ANZ, Splunk
  • Simon Eid (CSO Online)
  • 17 December, 2018 08:00

Data breaches continue to impact Australian organisations and businesses more than ever before. Last month the Australian Government’s Office of the Australian Information Commissioner (OAIC) released its most recent quarterly statistics report outlining notifiable data breaches under the Notifiable Data Breaches (NDB) scheme.

Whilst the increase in data breaches between quarters has only risen from 242 to 245, the type of incidents leading to these breaches have remained relatively consistent, with roughly 40% due to human error and 60% malicious. Of the malicious attacks, the breakdown between phishing, malware and brute force has also stayed consistent. Organisations need to be taking note that these statistics aren’t changing and begin implementing the right measures to address risks and ensure they can prevent or at least detect these types of attacks.

Reflecting on these findings, it’s clear that businesses might not be doing enough to secure their data. Here, we will take a look at what needs to be done in 2019 to reduce breaches and the important issues that businesses face within security and data protection.

Private health providers at greater risk                         

A significant re-emerging trend leading into 2019 is the impact data breaches are having on private health service providers. As one of the most breached sectors, reporting 45 breaches in the last quarter, breaches are increasingly affecting health organisations due to their complicated IT environments, with a range of legacy and proprietary systems. Traditionally, private health organisations have not invested appropriately in security controls and security visibility tools. In addition, the nature of many health organisations means there are disparate systems being used which makes it very hard to control access and prevent data breaches.

The lack of preventative action becomes clear when speaking with different organisations, highlighting that they do not have the right levels of visibility in order to detect the attacks and in turn, prevent them. Following closely behind private health providers, the finance sector and the legal accounting and management services report 35 and 34 data breaches respectively.

Prioritising the protection of data

When analysing the Australian threat landscape, it is clear there’s a lack of investment in implementing the right controls and systems to monitor for the incidents that lead to breaches. While this is the case, since the introduction of the NDB legislation in February 2018, Australian organisations and businesses have begun to take proactive steps towards the prioritisation of security and data protection, but more needs to be done. Many customers are already paying attention to the causes of these reported breaches and looking for ways to address any shortfalls they may have and need to continue to do so.

Take notice of the types of attack

Now is the time for organisations to be utilising the quarterly report to identify the causes of the breaches and ensure the right controls and visibility are in place to prevent or at least detect attacks. For example, phishing attacks accounted for 20 percent of all data breaches in the last quarter, leading to credential theft which can be easily monitored and, in some cases, prevented in circumstances where organisations have taken effective steps to bolster security. Moreover, greater education of staff on phishing attacks alone can significantly decrease incidents and it’s the job of the security team to ensure this is happening. Organisations should look to more advanced technologies such as User & Entity Behaviour Analysis which are designed to detect credential theft, misuse and data exfiltration.

New threats emerge every day and cyber criminals continue to find new ways to infiltrate systems as we go into 2019. It’s important that organisations look at these reports and identify the areas that need to be honed in to dive these statistics down and it’s the job of security teams to educate and counsel their peers with this data.