Emails – The Scourge of Business
The biggest threat to the cybersecurity of business in Australia are emails.
The latest Data Breaches Report has warned organisations against the risky practice of storing sensitive personal information in email accounts.
The report says in a number of attacks cybercriminals gained access to thousands ― and in some cases tens of thousands ― of stored emails.
The criminals did not need further access to networks or servers as sensitive personal information was directly accessible from email accounts.
This dangerous practice, the report says, also makes it difficult for forensic investigations of the breaches to determine the full extent of the information that was compromised as the email accounts lacked audit and access logging.
It says protecting email credentials has never been more important and multi-factor authentication should now become a standard security control for businesses in 2020.
Almost one in three reported data breaches were linked to compromised login credentials including phishing attacks which were responsible for at least 15% of the record number of data breaches reported in Australia in the six months to December last year.
The half-yearly report reveals that there was at least one data breach which affected 10 million or more people, while there were 41 breaches impacting between 1,000 and 5,000 individuals.
Again, health service providers remained the leading source of data breaches while finance was the second highest.