Story image

Blame culture only makes data breaches worse

08 Feb 2019

Australians have discovered that, far from being an isolated island nation that no one wants to attack, local businesses are just as at-risk from cyber threats as any other business in the world. 

In fact, the most recent report from the Office of the Australian Information Commissioner (OAIC) based on notifiable data breaches (NDB) suggests that Australian organisations face significant challenges in keeping data secure. 

However, businesses won’t be able to improve their security stance until they move on from a culture of blaming the victim and begin sharing information more readily, according to Palo Alto Networks. 

“The great thing about the NDB legislation is that businesses are coming forward to report that they have been breached and hopefully this means that others can learn from what’s happened to them,” says Palo Alto Networks Asia Pacific and Japan vice president and chief security officer Sean Duca. 

“Rather than hiding the fact that they’ve been attacked, businesses have been forced to bring it out into the open. More work needs to be done to learn from these breaches so we can all better defend ourselves. Saying that it was malware or a misconfiguration in an application is not enough; we need to know more and also ask ourselves and our business could this happen to us.

“In the past, businesses have been reluctant to admit when they’ve been breached because the backlash has been immediate and harsh. Instead of focusing on the breach itself and lessons that can be learned, there is a heavy focus on criticising the business for being attacked in the first place. This focus needs to shift so the entire business ecosystem can benefit from increased information sharing.”

Cyber criminals learn from every security breach - they discover weak points and possible vulnerabilities, and they learn how to exploit them for maximum gain. 

Businesses must take the same approach in terms of learning from attacks and determining the best way to close those gaps and protect against future breaches. 

“For example, Australian software-as-a-service vendor, PageUp suffered a high-profile breach last year and was pilloried for it. There needs to be a new culture in which companies that suffer breaches feel confident to share more information,” Duca says.

“As James Turner said not long after the breach was disclosed: ‘The first lesson is that we need the victim to survive. Once PageUp is safely through this incident, one of the most valuable things its executives can do for the industry is to share their experiences and the lessons learnt.’ 

“This is key. Until organisations feel safe in sharing that information, other businesses won’t be able to learn from these breaches. This will mean Australian organisations will always be at least one step behind the cybercriminals.”

Putting learning in the hands of every organisation, from small businesses to large enterprises, will help boost the immunity of all organisations in the country. 

However, businesses will only be able to do so when the response to breach disclosures moves on from victim-shaming and focuses on the lessons that can be learned. 

How IBM’s acquisition of Red Hat could impact your business
The acquisition is pending regulatory approval, but IBM expects the deal to close in the second half of 2019. 
Data center colocation market to hit $90b in next five years
As data center services grow in popularity across enterprises large and small, the colocation market is seeing the benefits in market size.
Automation beginning to impact Aussie workforce
18% of those surveyed said automation has already impacted their job ‘significantly’, with their duties changing or their role becoming redundant.
OVH launches public cloud down under
OVH Public Cloud services is expanding to Australia out of two data centres - one in Sydney and one in Singapore.
Acer’s new programme and portal for partners
A simple and manageable programme designed to incentivise, recognise and reward commercial partner achievements.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
In ongoing cloud war, Google to acquire data migration specialist
Google is currently behind AWS and Microsoft in the cloud battle, and it would seem this play is an attempt to claw some ground back.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.