The Notifiable Data Breaches Quarterly report for the fourth quarter of last year,released last week revealed the finance industry at second place, sitting just behind health service.
From October to November the finance sector including superannuation had 40 breaches, while healthcare had 54 and legal services 23.
Of the data breaches, 11 were due to human error, 28 were malicious or criminal attacks and just one was a system fault.
The most common human fault was sending information to the wrong recipient while the most common malicious attack was a cyber incident comprising of phishing, stolen credentials, ransomware and hacking.
Chief product officer of SailPoint, a software firm, Paul Trulove said he was not surprised to see the finance industry so high.
“I’m not surprised the finance sector for the fourth consecutive report was among the top three industry sectors by notifications. Banks, wealth managers, financial advisors, superannuation funds and consumer credit providers are all lucrative targets for cyber criminals. Criminals target financial firms because they know that’s where the money is.”
Mr Trulove said the report highlighted the work that Australian businesses needed to do to be more secure.
“Australian organisations are struggling to see and understand the risks associated with compromised user credentials, as demonstrated by 43 per cent of cyber incidents involving phishing, 8 per cent resulting from brute-force attacks and 24 per cent from compromised or stolen credentials. The report reiterates that an organisations’ users have become the easiest route into an organisation for hackers,” he said.
Mr Trulove said it was a trend that was not going away either and businesses needed to become more secure.
“The most secure path forward for organisations today continues to be taking a comprehensive approach to security, one that puts identity governance at the centre, ensuring visibility and governance over all users and their access to all applications and data.”
