Health, finance and education were the most breached sectors in Australia when it came to cyberattacks in 2020, a new report shows.
The ‘Notifiable Data Breaches Report July – December 2020’, released by the Office of the Australian Information Commissioner (OAIC), found that from July to December 2020, health service providers reported 123 data breaches, or 23% of the total. The second largest source of notifications was the finance sector (15%), followed by education (7%).
James Bergl is the regional vice president ANZ at Datto, an American cybersecurity and data backup company founded in 2007.
He says education providers across the country must review their cybersecurity strategies and aim to improve cyber-hygiene as a matter of priority.
“Principals and education leaders must take responsibility for the state of their institution’s cyber hygiene," Bergl told The Educator.
"It’s important they work with IT experts — such as managed service providers — to implement cybersecurity strategies that not only include the implementation of cybersecurity technology, but awareness training".
From here, says Bergl, it’s the role of principals and leaders to ensure that training programs are regularly undertaken and a high level of cyber-hygiene is maintained.
"By creating a culture of cyber-awareness and resilience, principals are not only ensuring the security of schools but also preparing students for the future workforce," he said.
"In addition to the above, it’s important not to take a set-and-forget approach to cybersecurity".
Bergl said principals must lead the charge in encouraging regular updates to devices and conducting quarterly security assessments in consultation with MSPs to ensure strategies don’t become outdated.
Risks and opportunities
The OAIC’s Notifiable Data Breaches Report also found that 58% of data breaches are a result of malicious or criminal attack, while 38% are due to human error.
“This means organisations must take a two-pronged approach in their cybersecurity strategies: improve cybersecurity infrastructure and increase awareness of cyber risks through training programs," Bergl said, adding that in most cases, the development and implementation of a cybersecurity strategy cannot be done solely in-house.
“It’s recommended organisations reach out to external resources, such as managed service providers, to get expert support and counsel when it comes to cybersecurity".
Vijay Sundaram, chief strategy officer for global technology platform Zoho, said that while the education sector saw a vision of the future in 2020, it also saw some of the dangers.
“At a time when we’re more reliant on technology than ever, everyone from educational policy makers to part-time teacher aides must understand data security and best practice in terms of minimising threats,” Sundaram told The Educator.
“This year taught us that technology can be a bridge over troubling waters, but only by taking cyber threats seriously can we provide safe, inspiring and empowering environments to children and young people across Australia”.
Dr Jenine Beekhuyzen OAM, Tech Girls Movement Foundation founder, said that by educating young people and their parents on how to first recognise the threat, and then how to respond to it, they can be armed with the knowledge to stay safe online.
“Some workshop attendees we’ve taught in the past have thought that because their anti-virus software was up-to-date, they were safe online,” she told The Educator.
“The truth is, most threats facing young people online aren’t from elaborately coded malware, but master manipulators using social-engineering on social media platforms – things that anti-virus is incapable of picking up”.