Safeguarding Australian enterprises from data breaches
By Keir Garrett (pictured), Regional Vice President, Cloudera ANZ
The velocity of data breaches and cyber threats is increasing. According to a recent report by Surfshark, 1.8 million user accounts were compromised in Australia in the first quarter of 2024 (Q1 2024) – representing a staggering 388% increase compared to the final quarter of 2023, placing Australia as the world’s 15th most compromised nation, with approximately 140 million accounts impacted since 2004. This does not include the critical breaches at MediSecure, Ticketmaster and Ticketek, who have had hundreds of millions of customers’ personal data stolen, in recent weeks.
The rise in cloud adoption has further widened opportunities for bad actors to exploit vulnerabilities. According to a recent IBM report, 82% of breaches last year involved data stored in the cloud as cybercriminals take advantage of the fact that many organisations migrated to the cloud.
Protecting customers’ data should be a strategic imperative for all organisations. In fact, failing to comply with the Notifiable Data Breaches scheme could result in a business incurring over AU$50 million in fines, not to mention an erosion of trust among its customers that may be challenging to rebuild.
As our digital landscape continues to evolve in both size and complexity, so will the data we generate – and threats to the security of our data. Businesses should not wait until the next data breach incident hits to step up vigilance, but instead review these four areas:
Prioritise security and governance. Organisations must prioritise security and governance to harness data effectively. By integrating AI into threat intelligence, organisations will be able to quickly detect unusual behaviour that may indicate a compromised account and react quickly to restrict access to sensitive data and systems. This allows them to balance the need to provide timely access to data services while defending against potential breaches.
Implement a zero trust approach. Zero trust is key to enhancing your security posture, but zero trust with proper governance frees the data so you can share it effectively within the organisation. The data is protected but it is also accessible by the people who need it. This is the balancing act of security and is a win-win. Another integral principle of zero trust is providing explicit verification via multi-factor authentication (MFA) to ensure no inherent trust is given to any one user for optimal security maturity.
Invest in a modern data platform. Not all cloud services are created equal. A Platform as a Service (PaaS) data and analytical approach to data management and security on the cloud ensures that customer data is always within their control, and never mixed in with anyone else’s data estate. With a focus on application security, data protection and access control, this lessens the risk of a data breach (from a single point of access) into their data estate.
Educate employees on best practices. Security risks and threats can also come from within the organisation, such as employees and trusted insiders. For example, data breaches can occur through insider threats (with cooperation from someone within the organisation) or unintentional breaches as a result of social engineering. As more organisations seek to democratise their data’s access to business users, employees must be well-trained with proper resources to handle the increasingly complex threats targeting today’s businesses.
The playing field is evolving rapidly, and hackers are getting increasingly sophisticated with Artificial Intelligence (AI) adding yet another layer of complexity and stealth. As cybercrime continues to proliferate, we’d be naïve to think that we are completely immune to cyber breaches. Today’s businesses need to be constantly doing everything possible collectively to stay one step ahead of these threat actors.