The quarterly report on notifiable data breaches for the fourth quarter of last year, released last week, revealed that the financial sector was in second place, just behind healthcare.
From October to November, the financial sector, including pensions, had 40 breaches, while healthcare had 54 and legal services 23.
Of the data breaches, 11 were due to human error, 28 were malicious or criminal attacks and only one was a system failure.
The most common human error was sending information to the wrong recipient, while the most common malicious attack was a cyber incident including phishing, stolen credentials, ransomware and hacking.
Paul Trulove, chief product officer of SailPoint, a software company, said he wasn’t surprised to see the financial sector so high.
“I am not surprised that the financial sector is, for the fourth consecutive report, among the top three industrial sectors in terms of notifications. Banks, wealth managers, financial advisors, pension funds and consumer credit providers are all lucrative targets for cybercriminals. Criminals target financial companies because they know that’s where the money is.”
Mr Trulove said the report highlighted the work Australian businesses needed to do to be safer.
“Australian organizations are struggling to see and understand the risks associated with compromised user credentials, as demonstrated by 43% of cyber incidents involving phishing, 8% resulting from brute force attacks and 24% information compromised or stolen identification. The report reiterates that an organization’s users have become the easiest route to gain access to an organization for hackers,” he said.
Mr Trulove said this was a trend that would not go away either and businesses needed to become more secure.
“The safest path for organizations today is to take a holistic approach to security, one that puts identity governance at the center, ensuring visibility and governance of all users and their access to all applications and data. »