Why Australian Data Breach Numbers Are Underreported
Recently, the Office of the Australian Information Commissioner (OAIC) published its periodic statistical report on data breaches – occurring in Australia during the first half of 2020 – received under the Notifiable Data Breaches (NDB) scheme.
According to the report, there was a three percent decrease in the number of data breaches reported to OAIC between January and June 2020, compared to the period from July to December 2019.
Select key findings include:
- 518 breaches were notified under the scheme. This figure is down three percent from 532 in the previous six months, but up 16 percent on the 447 notifications received during the period January-June 2019;
- Malicious or criminal attacks (including cyber incidents) remain the leading cause of data breaches, accounting for 61 percent of all notifications; and
- The health sector is again the highest reporting sector, notifying 22 percent of all breaches; finance is the second highest reporting sector, notifying 14 percent of all breaches.
More data breaches than reported; mobile is an endpoint
These numbers don’t paint the full picture of what we are seeing when it comes to data breaches. First off, with so many people working from home because of COVID, processes may very well not be in place for companies and/or individuals to report breaches.
Second, the report doesn’t mention/differentiate breaches originating from mobile devices. The reality is, many people and businesses still don’t realize mobile devices can be as much of a source to data breaches as laptops and desktops – without the protection afforded to laptops and desktops.
Mobile devices make up some 60 percent of enterprise endpoints while desktops and laptops account for approximately 40 percent. Mobile devices are one of, if not the single greatest enabler of worker productivity in the enterprise. These devices are provisioned with access to the back end, touching cloud repositories, data sharing and other resources.
In other words, mobile devices contain and provide access to all sorts of data.
Unfortunately, the fact is, mobile security is one of, if not the single most important facet of enterprise security being overlooked or under-supported, therefore posing a massive threat to organizations.
My company is Zimperium. We are the global leaders in mobile device and app security and worldwide we’ve seen increases and spikes in mobile breaches and compromises during COVID. And we are not alone:
- More than 18 million daily malware and phishing emails related to COVID-19 scams were seen by Google just in the past week. That’s on top of the more than 240 million daily spam messages it sees related to the novel coronavirus; and
- Wall Street Journal warned of a significant rise in phishing, robocall and “smishing” (text-message scams sent to your phone) schemes involving stimulus checks, airline refunds, charities, fines for breaking social-distancing rules, “mandatory” COVID-19 preparedness tests, unproven treatments and sales of in-demand supplies like masks or thermometers.
Specific to our customers based in Australia, we’ve prevented countless risks and threats that could lead to data breaches, including the downloading of malware, stopping man-in-the-middle attacks, rogue access points, phishing attempts, etc. We’ve also identified when sideloaded apps contain malware and iOS devices need updating.
To learn more about how Zimperium can protect your enterprises’ mobile devices, please contact us.