[ISN] Businesses 'unaware of basic on-line security'

From: InfoSec News (isnat_private)
Date: Mon May 12 2003 - 01:31:08 PDT

  • Next message: InfoSec News: "[ISN] VPN Questions Answered"

    http://www.smh.com.au/articles/2003/05/12/1052591719148.html
    
    Brisbane
    May 12 2003
    
    Businesses and other organisations were paying dearly because they did
    not bother with basic security to protect their on-line dealings, a
    conference was told today.
    
    The AusCERT Asia-Pacific IT Security Conference on the Gold Coast was
    told most breaches of computer systems occurred because security was
    practically non-existent.
    
    AusCERT general manager Graham Ingram told the conference a survey on
    computer crime had shown most organisations were finding it difficult
    to manage a multitude of issues concerning the proper protection of
    their information systems.
    
    "The fact that greater numbers are reporting harmful
    externally-sourced attacks and fewer are reporting internally-sourced
    attacks simply means that with increased connectivity and exposure to
    the internet, the opportunities for external attacks are occurring at
    a faster rate," Mr Ingram said.
    
    He said organisations needed to ensure they were able to operate their
    information systems securely before connecting to the internet.
    
    "In some cases it is clear that organisations aren't aware of some
    relatively basic security issues and have paid dearly," he said.
    
    The survey was carried out by AusCERT with the cooperation of Federal
    Police and police in Queensland, Western Australia and South
    Australia.
    
    Alastair MacGibbon, director of the Australian High Tech Crime Centre
    hosted by the Federal Police said the survey went further than broad
    crime statistics collected by governments, which often missed the
    internet component of crimes.
    
    "It revealed that most IT security incidents were not reported to
    police and that many were the result of poor or no IT security
    policies and procedures and therefore could be prevented," Mr
    MacGibbon said.
    
    The head of the South Australian Police Serious Fraud Investigation
    Branch, Detective Superintendent Anthony Rankine said law enforcement
    agencies needed to have accurate data on fraud perpetrated using
    electronic technology.
    
    "The mechanisms, processes and strategies used for the prevention,
    detection and prosecution of fraud will need to become more
    sophisticated and comprehensive if they are to deal not only with the
    human aspects of fraud but with the highly technical nature of systems
    being used to facilitate fraud," Det Sup Rankine said.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon May 12 2003 - 04:15:02 PDT