. home.aspx



Data breaches – are enterprise cyber defences facing in the right direction?

July 04, 2019 / David Shephard

The hacker-in-the-hoodie or the anonymous ‘Guy Fawkes’ mask have both become symbols synonymous with data breaches. Each one supports the common perception that breaches happen when outsiders with malicious intent somehow evade prevention and detection controls and steal sensitive data. While this may be true, we’ve seen consistently in the Notifiable Data Breach Reports issued quarterly by the Australian Information Commissioner (OAIC) that human error continues to account for almost one-third of all reported breaches. Many of these breaches could have been avoided easily. In fact, the numbers that could be attributed to error are likely higher if we consider that external attackers are taking advantage of internal mistakes in order to gain access to data. Errors include system misconfigurations, the use of weak system passwords, or inappropriately stored or shared data within the cloud.