Businesses 'unaware of basic on-line security'

[InfoSec News <isn () c4i org>]

http://www.smh.com.au/articles/2003/05/12/1052591719148.html

Brisbane
May 12 2003

Businesses and other organisations were paying dearly because they did
not bother with basic security to protect their on-line dealings, a
conference was told today.

The AusCERT Asia-Pacific IT Security Conference on the Gold Coast was
told most breaches of computer systems occurred because security was
practically non-existent.

AusCERT general manager Graham Ingram told the conference a survey on
computer crime had shown most organisations were finding it difficult
to manage a multitude of issues concerning the proper protection of
their information systems.

"The fact that greater numbers are reporting harmful
externally-sourced attacks and fewer are reporting internally-sourced
attacks simply means that with increased connectivity and exposure to
the internet, the opportunities for external attacks are occurring at
a faster rate," Mr Ingram said.

He said organisations needed to ensure they were able to operate their
information systems securely before connecting to the internet.

"In some cases it is clear that organisations aren't aware of some
relatively basic security issues and have paid dearly," he said.

The survey was carried out by AusCERT with the cooperation of Federal
Police and police in Queensland, Western Australia and South
Australia.

Alastair MacGibbon, director of the Australian High Tech Crime Centre
hosted by the Federal Police said the survey went further than broad
crime statistics collected by governments, which often missed the
internet component of crimes.

"It revealed that most IT security incidents were not reported to
police and that many were the result of poor or no IT security
policies and procedures and therefore could be prevented," Mr
MacGibbon said.

The head of the South Australian Police Serious Fraud Investigation
Branch, Detective Superintendent Anthony Rankine said law enforcement
agencies needed to have accurate data on fraud perpetrated using
electronic technology.

"The mechanisms, processes and strategies used for the prevention,
detection and prosecution of fraud will need to become more
sophisticated and comprehensive if they are to deal not only with the
human aspects of fraud but with the highly technical nature of systems
being used to facilitate fraud," Det Sup Rankine said.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.