“No matter how secure or vigilant an organization is when it comes to cybersecurity, it only takes one mistake, one lapse in judgment or missing a red flag in a malicious email to have a successful intrusion.”
Even with more powerful tools available to both security professionals and cybercriminals, Jayne says human error is still the leading cause of data breaches, accounting for 82% to 95% of cases, depending on which research you read.
“All it takes is one mistake, one lapse in judgment, or missing a red flag in a malicious email, for a successful intrusion.”
Security Awareness Advocate Jacqueline Jayne
“The focus on IT is disproportionate. The recent massive data breach in Australia has also highlighted that both IT and consumers look to the government for guidance and solutions to the problem,” she said.
“While governments have a role to play, cybersecurity is everyone’s responsibility and these incidents highlight how far we have to go when it comes to basic consumer hygiene online.”
Daniel Trauner, senior director of security at Axonius, said that in the current business environment, the situation is complicated, and employees often use a mixture of hosted work platforms and personal accounts on platforms such as LinkedIn and WhatsApp. The result is the potential for human error, not just clicking on dodgy links in work emails.
Jacqueline Jayne from security training company KnowBe4.
“Practically, this means that personal and work data is mixed into one account and interface, which is a huge advantage for attackers,” he said.
“We saw this happen with the 2022 Uber hack, where attackers impersonated Uber IT on WhatsApp to help convince targets to approve MFA (multi-factor authentication) requests.”
Over the past 12 months, there have been more than 1,800 breaches in Australia, with each breach costing around $4.5 million, according to Nuix research.Australian Safety Center received more than There were 76,000 cybercrime reports in the 2021-22 financial year, a 13 per cent increase on the previous year and equivalent to one report every seven minutes.
Rubinsztein said he expects the situation to only get worse, given ballooning data stores and increasingly sophisticated criminal tactics.
“I think the data explosion will continue, and in fact the rate of change of the explosion will increase. We’re collecting data from more systems, the Internet of Things, and other devices,” he said, referring to the so-called Internet of Things — which have processors , software or other technical physical devices connected to the Internet.
“Just as Nuix can take multiple data sets and aggregate them, so can criminals. With the ability to aggregate multiple sets of personally identifiable information, data on the dark web increases in value and becomes more scary, “He says.
Large companies can store hundreds of millions of files of various file types in various locations, and Rubinsztein says data volumes double every two to three years. Tracking all that content, reviewing it, and securing it from potential breaches is a complex challenge.
“If you think about a big company, a big bank, you have backups, you have archives, in some cases you don’t actually know what’s in your data assets,” he said.
“What data do you store in a third party? How do you know how risky the data is? This is something that requires complex review.”
Loading
Small businesses, SMEs and nonprofits are far from immune, as recent violation At children’s charity The Smith Family. Since virtually all businesses collect and store some kind of data, every company is a potential target, Jain said.
“As with any form of break-in, criminals spend a lot of time and resources on a larger target because the potential data transfer equals the effort. Small businesses and non-profits, on the other hand, may require cybercriminals to Less time and resources, and again the data transfer equals the effort,” Jayne said.
“Nonprofits struggle with information security resources, making it challenging to develop a much-needed robust security culture to ensure organizations and their employees understand current attack vectors.”
Get news and reviews on technology, gadgets and games every Friday in our tech newsletter. Sign up here.
