Story image

NDB report: Stronger authentication practices needed

14 May 2019

The Australian Information Commissioner (OIAC) has released the latest quarterly report on the notifications under the Notifiable Data Breaches scheme.

The report found that the majority of the data breaches were on a more targeted scale, involving 100 individuals or fewer.

Most of the data compromised were contact information from malicious or criminal attacks.

Here is what some of the executives in the industry had to say about the report:

Sophos A/NZ managing director John Donovan

According to the latest OAIC report, the healthcare sector has once again topped the list for the most data breaches - with 58 reports of data breaches in the last three months (up 7.4% compared to the previous quarter).

What’s more, malicious and criminal attacks again account for the highest proportion of breach notifications in Australia, followed by human error.

It is very concerning to see health service providers continuing to be targeted and successfully breached by attackers. It goes without saying that this industry is dealing with incredibly sensitive and personal data and, as such, has a huge responsibility to the people of Australia to protect their data effectively. 

The report serves as a reminder to the healthcare industry to implement robust security practices to protect the extremely sensitive data they are entrusted with.

Ping Identity APAC chief technology officer Mark Perry

Enhanced security measures can counter the risk of a breach occurring but have historically been met with employee and management pushback, courtesy of the fact they were perceived as onerous. 

The positive news is that we should see the tide turning with the increasing adoption multi-factor authentication (MFA)  and the introduction of adaptive authentication, self-service capabilities and phone-as-a-token authentication.

Out-of-the-box APIs, SDKs and integration kits continue to reduce the expense and complexity associated with implementation and cloud-delivered solutions, which require minor oversight to run effectively, have seen infrastructure and administration costs plummet. 

Aura Information Security Australia country manager Michael Warnock

While cyber-protection software has a role to play in preventing attacks and provide a sense of comfort to a chief information security officer, human error, carelessness and gullibility allow many a hacker to slip through the cordon. 

This should raise alarm bells for anyone responsible for company compliance and risk management. 

2019 should be a year in which information security is finally viewed as not just the remit of the IT department but an integral component of every employee’s role.

LogMeIn Asia Pacific and Japan VP Lindsay Brown

Similar to last quarter, the Notifiable Data Breaches Q1 2019 report found that malicious or criminal attacks accounted for the majority (61%) of reported data breaches (131 of the 215 breaches).

Of these attacks, 67% involved compromised or stolen credentials collected through various means including phishing and brute-force attacks.

While more and more organisations are looking at ways to mitigate the risk around passwords they continue to be an avenue for malicious actors to infiltrate businesses who rely on their users to do the right thing when it comes to credentials.

With the threat to the digital landscape worsening, organisations must be keenly aware of the importance of their employees having strong passwords. It’s important that businesses establish password requirements, such as minimum length, and complexity. 

Ideally, passwords should have a mix of characters (uppercase, lowercase, symbols, and numbers), avoid words straight out of the dictionary, and be as long as possible – ideally no shorter than 14 characters.

Seven Aussie projects shortlisted in IDC's Smart Cities Awards
The nominated projects include three from Newcastle alone and span smart water metering, solar farms, virtualization and transport.
Y Soft and Brother partner to enhance print management
YSoft SafeQ integrated print management and document capture solution is now embedded in Brother multifunction devices.
F5 acquisition of NGINX now complete
The companies have released blogs on the topic, explaining how NGINX will now operate as a unit of F5, and the benefits they expect this merger to bring.
IXUP goes "post-quantum" with security tech upgrade
The secure analytics company has also partnered with Deloitte as a reseller, and launched a SaaS offering on Microsoft Azure.
Infoblox appoints channels head for A/NZ
Kenneth Cartwright’s appointment extends Infoblox’s position in secure cloud-managed network services throughout the region.
Adobe & Amazon: Making merchants' stores a lot more powerful
Magento Commerce branded stores for Amazon sellers features native integration with Amazon merchant tools including Amazon Pay and Fulfillment by Amazon. These provide the convenience of secure payments and speedy shipping services for buyers.
Edge computing market to provide ‘lucrative opportunities’
The market is set to skyrocket in the coming years, paving the way for emerging market players.
CIOs in A/NZ are slowly making digital business progress
“A/NZ CIOs have the chance to step up to become more influential business leaders, but most are not seizing that opportunity to drive change.”