http://www.smh.com.au/articles/2003/05/12/1052591719148.html Brisbane May 12 2003 Businesses and other organisations were paying dearly because they did not bother with basic security to protect their on-line dealings, a conference was told today. The AusCERT Asia-Pacific IT Security Conference on the Gold Coast was told most breaches of computer systems occurred because security was practically non-existent. AusCERT general manager Graham Ingram told the conference a survey on computer crime had shown most organisations were finding it difficult to manage a multitude of issues concerning the proper protection of their information systems. "The fact that greater numbers are reporting harmful externally-sourced attacks and fewer are reporting internally-sourced attacks simply means that with increased connectivity and exposure to the internet, the opportunities for external attacks are occurring at a faster rate," Mr Ingram said. He said organisations needed to ensure they were able to operate their information systems securely before connecting to the internet. "In some cases it is clear that organisations aren't aware of some relatively basic security issues and have paid dearly," he said. The survey was carried out by AusCERT with the cooperation of Federal Police and police in Queensland, Western Australia and South Australia. Alastair MacGibbon, director of the Australian High Tech Crime Centre hosted by the Federal Police said the survey went further than broad crime statistics collected by governments, which often missed the internet component of crimes. "It revealed that most IT security incidents were not reported to police and that many were the result of poor or no IT security policies and procedures and therefore could be prevented," Mr MacGibbon said. The head of the South Australian Police Serious Fraud Investigation Branch, Detective Superintendent Anthony Rankine said law enforcement agencies needed to have accurate data on fraud perpetrated using electronic technology. "The mechanisms, processes and strategies used for the prevention, detection and prosecution of fraud will need to become more sophisticated and comprehensive if they are to deal not only with the human aspects of fraud but with the highly technical nature of systems being used to facilitate fraud," Det Sup Rankine said. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon May 12 2003 - 04:15:02 PDT