Shock ABC report using FOI shows some worrying statistics

 

Australia’s mining and manufacturing sectors are taking extraordinary lengths of time to discover cyber intrusions, with new figures revealing delays that in some cases stretch well past a year — and in one instance beyond 500 days — before a breach is even noticed.

Freedom of Information data compiled by industrial cybersecurity firm Secolve shows 187 data breaches recorded across the two sectors since 2018, affecting the personal information of as many as 3.6 million people. Although the dataset is de-identified, the scale and duration of undetected activity highlight a growing concern for insurers about silent exposures within industries that underpin the national economy.

The figures show one operator failed to identify an intrusion for 520 days, then waited another 84 days before reporting it to the Office of the Australian Information Commissioner. Even when breaches were detected promptly, many companies held back for months before notifying regulators. Several incidents took between 30 and 300 days to be disclosed, despite being discovered on the day they occurred.

Across all breaches, mining and manufacturing businesses took an average of 39 extra days to notify authorities after detection.

Professor Dali Kaafar of Macquarie University’s Cyber Security Hub told the ABC that the findings pointed to a fundamental gap in Australia’s breach-reporting framework. He said the data revealed a “critical weakness” in the regime and warned that delays compounded the fallout for victims and organisations alike. “The real takeaway here is how long it's taking some operators to detect and report breaches. That delay is not just procedural, but it increases the harm,” he said.

“The longer a breach goes undetected, the more time attackers have to harvest credentials, exfiltrate data or deploy ransomware,” Professor Kaafar said. “It also drives up recovery costs once the incident is discovered.”

He said the current obligation to report breaches “as soon as practicable” left too much room for interpretation. “Reporting 'as soon as practicable' is open to interpretation,” he said, adding that the data suggested some organisations may be weighing up whether incidents are serious enough to disclose at all. “Under-reporting is always possible,” he said.

Professor Kaafar said the volume of exposed financial information — which appeared in more than half of reported breaches — and tax file numbers, which comprised about 40 per cent, demonstrated the need for organisations to rethink data-retention practices. “Organisations should be reducing their sensitive data footprint,” he said. “They shouldn't be storing financial information or other personal data they don't actually need.”

Secolve’s analysis found that more than nine in ten breaches in the two sectors stemmed from malicious or criminal attacks, far above the national average. Ransomware accounted for more than a quarter of cases. Malware-related attacks took an average of 146 days to detect, compared with just 2.5 days for brute-force credential attacks.

Secolve  said it was “quite confronting” to see how long intruders were able to operate inside networks undetected. Attackers came from “all over — we see geopolitical groups, we see opportunistic hackers,” and described the mining sector as particularly attractive due to the revenue involved. There was a spike in attacks during the early stages of the Russia-Ukraine war - hackers were targeting miners as Australia became a more significant supplier of sanctioned resources.

๐Ÿ“Œ Visit Us

๐ŸŒ Website: statisticsaward.com/
๐Ÿ† Nomination: statisticsaward.com/award-nomination/?ecategory=Awards&rcategory=Awardee
๐Ÿ“ Registration: statisticsaward.com/award-registration/

 

Comments

Post a Comment

Popular posts from this blog

Data experts race to preserve US government statistics amid quiet purges

Image
                                                After watching data sets be altered or disappear from U.S. government websites in unprecedented ways after President Donald Trump began his second term, an army of outside statisticians, demographers and computer scientists have joined forces to capture, preserve and share data sets, sometimes clandestinely. "There are trillions of bytes of data files, and I can't even imagine how many public dollars were spent to collect those data. ... But right now, they're sitting someplace that is inaccessible because there are no staff to appropriately manage those data," Jennifer Park, a study director for the Committee on National Statistics, National Academies of Sciences, Engineering, and Medicine, said during the conference hosted by the Association of Public Data Users (APDU). Their goal is to make sure they are available in t...
Read more

11 Essential Statistical Tools for Data-Driven Research

Image
  Best Statistical Tools, Statistical analysis is a crucial part of research, and statistical tools can streamline the process by helping researchers interpret the data in a simpler format. Here's the list of best statistical tools. 1. R In data analytics, R stands out among the top open-source statistical tools. Researchers in statistics use it. It provides high-quality toolboxes that can be used for many different things. The learning curve for the open-source programming language R is steep. R programming provides an efficient data handling and storage facility. R also has the best set available for array calculations. Thanks to its graphical tools for analysis, data visualization is another area where R shines. It is an all-inclusive high-level programming language with various functions, conditional loops, and decision expressions 2. Python Python is a versatile language with statistics modules. Its versatility and depth make it an excellent choice for creating analysis pipeli...
Read more

Why are data nerds racing to save US government statistics ?

Image
  The data nerds are fighting back. After watching data sets be altered or disappear from U.S. government websites in unprecedented ways after President Donald Trump began his second term, an army of outside statisticians, demographers and computer scientists have joined forces to capture, preserve and share data sets, sometimes clandestinely. Their goal is to make sure they are available in the future, believing that democracy suffers when policymakers don’t have reliable data and that national statistics should be above partisan politics. “There are such smart, passionate people who care deeply about not only the Census Bureau, but all the statistical agencies, and ensuring the integrity of the statistical system. And that gives me hope, even during these challenging times,” Mary Jo Mitchell, director of government and public affairs for the research nonprofit the Population Association of America, said this week during an online public data-users conference. Th...
Read more