Recent months have been peppered with dire predictions about a surge in cybercrime activity, but the latest official data breach tally suggests otherwise.

The Office of the Australian Information Commissioner (OAIC) received just 518 notifiable data breach (NDB) reports during the first half of this year, according to its latest update – representing a 3 per cent decline from the 532 breaches reported during the previous half-year.

And while 61 per cent of breaches were attributed to malicious or criminal attack, this figure was down 7 per cent from the previous quarter’s results.

By contrast, human error was up 7 per cent, to 34 per cent of all cases.

As with every past report, healthcare providers were the most frequently breached, with 115 NDB reports during the half-year – down from 117 in the previous period.

Finance and superannuation firms reported 75 breaches, while there were 44 incidents affecting education providers – down from 49 in the previous period.

Yet despite dire forecasts that remote learning and COVID-19 related attacks would drive a surge in malicious activity, the relative stability of those key figures suggested otherwise – as did a 39 per cent drop in the number of ‘rogue employee/insider’ threats.

The OAIC is “not aware of any evidence to suggest the increase is related to changed business practices resulting from COVID-19,” the report notes, “given that notifications across the period are otherwise broadly consistent with longer term trends.”

With more than half of the reported data breaches involving more than just contact details, Attivo networks ANZ regional director Jim Cook warned, “of particular concern is the prevalence of social engineering and insider attacks, as these will often be targeted at removing data of higher value.”

“Many of these attacks were preventable with a combination of technology and social interventions,” he said – although many companies have struggled to stage such interventions given that the dramatic shift to remote working and schooling has put many Australians outside the immediate control of corporate security controls.

Many factors at play

Despite the long-term consistency, there were some noteworthy figures buried in the headline numbers: in May, for example, the OAIC received 124 NDB reports – setting an all-time monthly record that represented a 73 per cent surge from the 83 reports in April.

The May period would have corresponded to the aftermath of attack campaigns conducted in April, when anecdotal reports suggested cybercriminal activity was surging and the Australian Cyber Security Centre formally warned that COVID-19 related phishing and scams were “likely to increase in frequency and severity over the coming weeks and months”.

And while the overall number of ‘cyber incidents’ dropped from 225 to 218 in the current half-year, the OAIC reported a surge in social engineering and impersonation attacks, which grew 47 per cent to 50 separate incidents.

The May spike also likely informed Prime Minister Scott Morrison’s very public warning that Australia was being targeted by a “sophisticated state-based cyber actor”, coinciding with the deterioration of Australia’s political and trade relationship with China.

Yet the OAIC played down the possible influence of that relationship, with the report noting that the privacy overseer “has not identified a specific cause for the increase”.

No time for complacency

Regardless of the cause, security experts were out in force to point out that continuing breaches represent an ongoing threat to Australian business and government interests.

“With malicious attacks accounting for 61 per cent of all notifications,” CrowdStrike ANZ managing director Brett Raphael said, “nefarious activity remains one of the most urgent security agenda items for businesses to address.”

This urgency was increased by a marked change in cybercriminals’ modus operandi, with ransomware attacks surging over 150 per cent – to 33 reported incidents – and compromised companies often facing a second threat as sensitive data is offered to the highest bidder on darkweb sites.

Logistics company Toll faced that problem after suffering two crippling ransomware attacks in recent months, as did appliances manufacturer Fisher & Paykel.

Darkweb data is favoured by criminals such as the NSW man arrested this year in an $11m identity fraud scheme, while security researchers have found darkweb sites selling everything from system login credentials, Zoom usernames and passwords, and the Medicare details of Australian Federal Police officers.