Ransomware a Rising Concern
You can read the latest OAIC data breach report here.
The Office of the Australian Privacy and Information Commissioner (OAIC) has released their latest statistics and has flagged ransomware as the major cause for concern for Australians.
In a formal statement this week the OAIC commissioner Angelene Falk said, “The nature of these attacks can make it difficult for an entity to assess what data has been accessed or exfiltrated, and because of this we are concerned that some entities may not be reporting all eligible data breaches involving ransomware.”
65 per cent of those breaches that have been classified as malicious or criminal attacks. Of those criminal and malicious attacks, the report found the while 66 per cent were cyber incidents, 12 per cent were theft of paperwork or storage device, 12 percent were social engineering and the rogue employee accounted for the final 10 per cent.
When it comes to ransomware, the report highlighted that 62 per cent of reported data breaches were ‘malicious actors’ gaining access to the accounts and stolen credentials. This includes a 24 per cent increase in reports of the ransomware attacks form the last reporting period.
Not reporting all eligible data breaches
The report supports Falk’s statement highlighting that ‘a number of entities’ found that some ransomware attacks did not constitute a data breach because ‘lack of evidence’.
The report states, “It is insufficient for an entity to rely on the absence of evidence of access to or exfiltration of data to conclusively determine that an eligible data breach has not occurred. Where an entity cannot confirm whether a malicious actor has accessed, viewed or exfiltrated data stored within the compromised network, there will generally be reasonable grounds to believe that an eligible data breach may have occurred and an assessment under section 26WH will be required.”
You can reads the latest OAIC data breach report here.
false
