Forwarded From: Nicholas Charles Brawn <ncb05at_private> 24Nov98 AUSTRALIA: COMPUTERS - SURVEY FINDS NET SECURITY FULL OF HOLES. By Emma Connors. A major survey of Australian organisations has revealed an information security hole large enough to accommodate several truckloads full of hackers. "Australian companies are increasing their exposure to security risks for which they are not prepared," warned Ernst & Young's national director of information systems assurance and advisory services, Mr Garry Dinnie. Only 25 per cent of organisations surveyed have implemented data encryption, a measure which the Ernst & Young Global Information Security Survey refers to as a "fundamental level of protection ... no business should be conducting e-commerce without employing at least a basic level of encryption". Earlier this year Ernst & Young surveyed 114 companies and discovered most are pushing ahead with e-commerce plans, despite serious misgivings about the risks. Ninety per cent of organisations surveyed which have a connection to the internet rated their security as poor, but most are still planning to increase their online activities. The 13 per cent now using e-commerce is expected to increase to 80 per cent within two years. Australian businesses are not unaware of the dangers they face. Ernst & Young found local companies generally expressed more fears about e-commerce than their international counterparts. Some 38 per cent of Australian companies surveyed cited security as a major barrier to e-commerce. But while 75 per cent of senior managers rate information security as "important" or extremely important, 45 per cent don't allocate any budget funds to the activity. Mr Dinnie said that often much attention is paid to external threats, while many companies overlook the fact that the greatest danger often lies within. "A lot of people involved in security are concerned about the evil hacker, but those organisations that have actually suffered a loss report the source is usually internal. "The more a network is opened up, the greater the possibility that employees can plot with third parties. Accidental loss should also not be ignored. Sometimes money is lost because employees simply make a mistake," Mr Dinnie said. Ernst & Young found that 16 per cent of those surveyed have suffered, or believe they have suffered, at least one break-in via the internet. But if precedent is any guide, very few will be talking publicly about their experience. One of the best known security breaches occured four years ago, when Citibank was targeted by a Russian hacker. The scam was identified, a trap laid, and US$11.6 million ($18 million) in stolen funds was recovered but Citibank, which went public with the breach, promptly lost one-fifth of its top clients, according to US specialist Secure Computing. KEY POINTS * A survey of Australian organisations has revealed huge information security gaps. * Only 25pc of businessses Ernst & Young surveyed used data encryption in e-commerce. * 90pc of the 114 companies rated their security poor but planned more online activities. AUSTRALIAN FINANCIAL REVIEW 24/11/1998 P38 -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:12:17 PDT