Most common types of data breaches in Australia and solutions
Most common source of data breaches in Australia
Data breaches are a real risk for Australian businesses and organisations. In this article, we’ll discuss some of the ways that cyber criminals leverage security weaknesses to access private information, and how you can better safeguard your data.
We’ll also address some frequently-asked questions about data breaches including:
- How frequently do data breaches in Australia occur?
- What are the most common data breaches?
- Can data breaches be prevented?
- Which security service is best for my business?
Data breach statistics and facts
According to data from the Australian Government’s 2023–2030 Australian Cyber Security Strategy, one cybercrime is reported every six minutes. Data breaches can put a serious strain on our resources, with ransomware alone causing up to $3 billion in damages to our economy every year.
In a report published by the Office of the Australian Information Commissioner (OAIC), 483 data breaches were reported in the second half of 2023, up 19% from 407 breaches in the first half of that year. The leading cause of data breaches was malicious or criminal attacks (67%), and the sectors most affected were health (104 breaches) and finance (49 breaches).
News reports of data breaches in Australia also reflect a rise in cyber criminal activity in recent years. Notable examples of data breaches involved 2 major companies in 2022, and another one in 2024. It’s clear to see that data breaches are a major threat, and that there’s a lot more we can be doing as a nation to protect the personal data of our citizens.
What are the most common data breaches?
One of the first steps you can take to protect your business from hackers is to gain a thorough understanding of the various methods they use to gain access to sensitive information. In this section, we’ll explore the eight most common causes of data breaches, so you can take measures to mitigate these risks.
Improper permission management
Permission management, also called access control, is about deciding and managing what users are allowed to do in a system. It controls who can access specific resources and what actions they can take. Related to this is identity management, which is about using processes and technology to handle and protect user identities in a system. This involves creating, updating, and deleting user accounts.
Improper permission management can lead to a data breach by allowing unauthorised users to access sensitive information or perform actions they shouldn’t. If permissions are too lenient or not regularly updated, hackers or malicious insiders can exploit these weaknesses to steal data, causing significant harm to the organisation.
In a recent interview with iTnews, Interactive Chief Information Security officer Fred Thiele identified identity management, data management, and vulnerability management as the “three pillars” of cyber security. On the topic of identity management, Thiele explained that when multiple identities have excessive privileges assigned to them, this can increase risk to the organisation “if even a low-level identity is breached.”
To minimise risk, Thiele advises businesses “to be consistent about the way they evaluate identities in their environment, with every identity authenticated back to a role-based access control matrix.” He also emphasised the importance of understanding the user context, citing an example of a worker being allowed to log in from a foreign destination when that might not be appropriate from a security perspective. Finally, Thiele says it’s necessary to continuously evaluate access privileges, and make changes “in accordance with changes to a person’s status or circumstances within the business.”
Criminal hacking
“Criminal hacking” is a term used to describe planned attacks by hackers, with the intention of exploiting computer systems or networks. This is what causes the majority of data breaches, according to data from the OAIC. Cyber criminals know how to identify weaknesses in the network infrastructure of organisations, and they’re skilled at getting past these entry points to access sensitive data.
When businesses fail to set up adequate security measures, they leave their organisation open to attack. To minimise risk of data loss, it’s important to implement a data loss prevention (DLP) strategy. This typically includes identifying sensitive data, monitoring data flows, and implementing security measures to protect data both within and outside the organisation’s network.
With a monitoring tool such as Azure Cyber Security, anomalies in your system will be identified, so you’ll be notified if a cyber attack occurs. This strengthens your position, and improves your chances of quickly recovering from the breach.
App vulnerabilities and backdoors
App vulnerabilities are weaknesses in software that hackers can exploit to gain unauthorised access or cause harm. Backdoors are secret ways into a system that bypass normal security measures. Together, these issues allow attackers to infiltrate and control applications, potentially leading to data theft or other malicious activities.
Because apps are pieces of software that aren’t necessarily built on perfect frameworks, they can be used as a backdoor for hackers to steal data. In many cases, these hacks go unnoticed, giving cyber criminals time to initiate a zero-day attack. (The term “zero-day” refers to the fact that developers have had zero days to fix the flaw before it’s exploited).
Apps need to be updated regularly to keep your data safe. Most companies that produce apps constantly test their software to fend off potential attacks, and then they release patches to address any security issues. If your company is using apps that aren’t up-to-date, you will be more vulnerable to cyber crime.
Phishing, malware, and ransomware
Phishing is a tactic where attackers deceive individuals into revealing sensitive information (such as passwords or credit card numbers) typically through fake emails or websites. Malware is malicious software that’s designed to harm or exploit any device, system, or network – often used to steal data or disrupt operations. Related to this is ransomware, which is a type of malware that encrypts a victim’s data and holds it hostage until a ransom is paid.
Business owners must be aware of these threats because they can lead to significant financial losses, data breaches, and operational disruptions, ultimately harming the business’s reputation and bottom line.
One case study cited in the OAIC report was of a health provider that was the target of a phishing attack, resulting in unauthorised access to multiple email accounts. The cyber criminals were able to gain access to a large amount of sensitive information through these email accounts. Responding to and resolving the breach was a lengthy process that caused significant financial damage to the health provider.
Weak passwords
Weak passwords can lead to data breaches in organisations because they are easier for hackers to guess or crack, often through brute force attacks or simple guesswork. When passwords are short, common, or reused across multiple accounts, it becomes easier for cyber criminals to gain unauthorised access to sensitive systems and data.
In 2018, Western Australian government agencies underwent a security audit, and it was found that weak passwords were putting sensitive data at risk. The auditor-general found that 26% of staff accounts used weak or commonly-used passwords, which equated to 60,000 of 234,000 accounts.
Examples of commonly-used passwords include ‘Password123’, ‘password’, ‘abcd1234’ and ‘password1’. Because these are easy for hackers to guess, these types of passwords can lead to devastating consequences. To keep an organisation safe from these types of attacks, it’s essential to make sure passwords are strong, unique, and updated regularly.
Human error and insider threats
Some of the most common data breaches arise from human error, i.e. a mistake made by a person who works for the organisation. This often happens when sensitive information is sent to the wrong person – either via email, attaching the wrong document, or handing a physical file to someone who shouldn’t have access.
Errors such as these can lead to an insider threat – a security risk whereby employees, contractors or other internal users intentionally (or unintentionally) compromise security. Insider threats can be particularly dangerous because they often bypass external security measures and can be more difficult to detect.
Another example of human error is misconfiguration, which happens when system settings are not configured correctly. When settings or permissions are not properly configured, it can unintentionally expose sensitive data or open access points that should be protected. For example, improperly configured cloud storage or default settings that are not changed can allow unauthorised users to gain access to confidential information.
Building a strong cyber security culture within an organisation can be done through training, so employees are made aware of the threats. More information about this can be found in our case study for Ansvar Insurance, where Interactive helped to build an internal security training program.
Physical breaches
A surprising number of data breaches are caused by physical assets (such as, for example, a laptop or USB) getting into the wrong hands. Often this is the result of opportunistic theft – if an employee leaves their work laptop on a train, for instance, there’s a chance it could be stolen and hacked.
Sometimes, a criminal may enter an office with the intention of gaining access to sensitive information – this is referred to as a physical breach or infiltration. This could be an insider threat, such as a contractor with swipe card access. Physical breaches can also be carried out by outsiders who are able to bypass security measures.
Since so many professionals in today’s world carry a work laptop and/or phone, it’s extra important for these items to be password protected in case they’re stolen or misplaced.
How Interactive can help you prevent data breaches
The good news is, there are steps you can take to minimise the risk of being targeted by cyber criminals. Interactive recommends Microsoft Secure Score – a measurement tool that helps organisations assess and improve their security posture across Microsoft 365 services. It provides a score based on your organisation’s current security settings and practices, offering recommendations for enhancing security.
You can also get in touch with the team at Interactive to learn about how Azure Cyber Security can protect your company’s data, applications, and infrastructure. Interactive delivers the best in corporate-level cyber security and processes to ensure your Azure cloud retains a strong security posture.
Our Slipstream Cyber (24 x 7 Active Defence – Slipstream (slipstreamcyber.com) services offers a suite of enterprise-grade security monitoring, threat detection, and response services. Combining a range of world-leading technologies covering SIEM, EDR, CASB, XDR NAS, UTM and more, with a robust process, AI and Orchestration, best-in-class Threat Intelligence and an expert human layer, Slipstream can provide a tailored Managed Detection and Response service for organisations of all sizes and sectors.
Contact us to speak to one of our friendly security experts and discuss your options.
Frequently asked questions
1. How common are data breaches in Australia?
Data breaches are increasingly common in Australia, with a notable rise in incidents over the past few years. According to the Office of the Australian Information Commissioner (OAIC), there has been a significant increase in reported data breaches, particularly in sectors like healthcare, finance, and government. The adoption of digital technologies and the growing sophistication of cyber threats have contributed to this trend. Businesses and organisations are increasingly targeted, making it crucial for them to enhance their cybersecurity measures to protect sensitive information and comply with regulatory requirements. The trend highlights the need for robust data protection strategies and continuous monitoring to mitigate risks.
2. Can Azure help prevent data breaches?
Yes. Azure Cyber Security helps prevent data breaches through a comprehensive suite of security services and tools. Features like the Azure Security Center provide unified security management and threat protection across hybrid cloud environments, enabling organisations to detect and respond to potential threats quickly.
Azure Active Directory offers advanced identity and access management, ensuring that only authorised users can access sensitive information. Additionally, Azure’s encryption capabilities safeguard data both at rest and in transit, while network security groups and firewalls help control traffic flow and prevent unauthorised access. Azure’s continuous monitoring and threat intelligence services further enhance security by identifying vulnerabilities and providing actionable insights to bolster defences.
3. Which Azure service is best for me?
The best Azure service for your business will depend on factors like scalability, security requirements, compliance needs, and integration with existing systems. Contact us to learn more about Azure Cloud Security and Azure Cloud Management, to find the best solution to suit your needs.
