Australia’s reported data breaches increased by 19% in the last quarter of 2019. In this short post, we break down what caused them and how you can protect your business.
Australian organisations are now subject to Notifiable Data Breach laws. These laws attempt to drive better security standards for protecting personal information, and they require organisations to disclose breaches to the Office of Australian Information Commissioner (OAIC).
Companies who fail to disclose may be subject to hefty fines which also extend personally to company directors.
How were Australian companies breached?
The OAIC releases a quarterly report on reported data breaches. The latest contains records up to December 2019 with a total of 537 reported breaches which break down into the following categories:
- Malicious or criminal attack – 64%
- Human Error – 32%
- System Fault – 4%
To adequately protect your business against data breaches, you need to implement a system that addresses all three categories.
Protecting your organisation against malicious or criminal attacks
Let’s look at the methods hackers used to breach Australian businesses.
Of the ‘Malicious or criminal attack’ category, 74% of breaches involved compromised credentials. These are known as identity attacks because they use a compromised identity to gain unauthorised access. According to Microsoft, by implementing Multi-Factor Authentication across all users, an organisation can defend itself against 99.9% of identity-based attacks.
Ransomware and Malware made up another 16% of ‘Malicious or criminal attack’ breaches. These can be prevented by implementing a capable desktop and email threat protection engine such as:
- Office 365 Advanced Threat Protection
- Microsoft Defender Advanced Threat Protection.
Protecting your organisation against human error related breaches
Of the ‘Human Error’ category, 42% of breaches occurred using email. An example of this might be sending sensitive data to the wrong recipient. Companies can prevent this kind of breach by implementing a system which scans outbound email.
If the system determines that the email contains sensitive information, it can immediately block the mail delivery or alert a team member.
Protecting your organisation against System Fault breaches
Protecting your organization against system fault breaches relies on a combination of luck and due diligence. According to the OAIC, these types of breaches involve ‘disclosure of personal information on a website due to a bug in the web code, or a machine fault that results in a document containing personal information being sent to the wrong person.’
To defend against system faults, we recommend storing your sensitive data with reputable vendors only and choosing an IT partner who will regularly monitor and maintain your systems.
How can we help secure your environment against data breaches?
We use a combination of Microsoft 365 Business Premium and Microsoft Cloud App Security to implement enhanced cybersecurity for small businesses.
It’s not enough to simply buy the Microsoft licenses and apply them to your users.
To be effective in the modern threat landscape, these systems must be configured and monitored with policies applied and adhered to.
Want to learn more about protecting your data against breaches in Microsoft 365? Download our free guide on which features you should configure, or get in touch today.