GUEST RESEARCH: A 2023 survey of 400 international cybersecurity professionals found that many have been told to keep a breach confidential when it should be reported.
The ForgeRock 2023 Consumer Identity Breach Report details Australia’s threat landscape.
The research shows that more than 50 companies took over a year to notify customers, and one waited almost three years.
The report focuses on confirmed breaches in which confidential data has been exposed and/or stolen, ranging from very small breaches to large caches of data that provide financial incentives to hackers to hold for ransom, sell on the dark web, or both
In addition, almost 50% of breached organisations in 2022 could not determine the exact number of breached records, so they defaulted to reporting zero records.
2022 was a year marred by high profile security breaches, as Australians experienced increasingly detrimental attacks on their personal data and information.
As a result, we saw the government and industry bodies invest more in the security ecosystem, seeing a rise in reporting and IT spending.
But despite a rise in spend, we are seeing a subsequent rise in breach numbers as technology develops and bad actors become more sophisticated.
The Australian Cyber Security Centre’s Annual Cyber Threat Report saw reports of cybercrime increase of nearly 13% YoY, with an attack happening every 7 minutes.
Holding top stop since the start of the Notifiable Data Breach Scheme, Healthcare was the industry most affected by data breaches, with 79 reported incidents.
According to the Australian Government’s Office of the Australian Information Commissioner (OAIC), 71% of entities notified the OAIC within 30 days of becoming aware of an incident in 2022, compared to 75% in the period of July to December 2021, and organisations took longer to notify based on breaches due to malicious attacks.
The ForgeRock 2023 Breach Report reveals three major trends:
- Stolen identity data can lead to long-term problems – breached records that include Social Security Numbers and protected health information (PHI) are on the rise, and can be used for ongoing fraud.
- Third-party breaches broaden impact – attackers are exploiting weak security controls to infiltrate all the organizations in a vendor’s ecosystem.
- Vulnerability and resilience vary – some sectors have successfully reduced breaches, but attacks on healthcare and education have been large – and expensive.
The full report can be accessed here.