The 2002 Australian Computer Crime and Security Survey released today shows the level of computer crime in Australia now exceeds that in the US.
67 per cent of organisations surveyed have been attacked in 2002 - twice the 1999 level - and 35 per cent of these organisations experienced six or more incidents.
Jointly produced by Deloitte Touche Tohmatsu, AusCERT and the NSW Police, the survey across Australia’s top 300 companies and other public and private sector organisations details the growing extent and nature of computer security incidents in Australia and enables comparison with the US findings in the 2002 Computer Security Institute/FBI Computer Crime and Security Survey.
Deloitte’s Head of IT Security Consulting, Dean Kingsley, said the 2002 Survey shows computer security incidents are not only growing rapidly in number but the source and nature of the attacks is changing.
“Employees continue to represent a significant source of attack (with 50 % of companies reporting security breaches being attacked from within). However with the increase in e-business and networking between businesses, external attack is now - for the first time - the greatest threat (affecting 87% of companies reporting security breaches).
“Also alarming is the rapid increase in financial loss experienced. Although organisations find it difficult to estimate the broader financial losses associated with computer security incidents it is clear computer crime is no longer just nuisance value, but a serious threat to customer relationships and ultimately bottom line profitability.
“While 70% of organisations surveyed increased their spending on IT security last year they continued to experience an increase in computer security incidents, with 60% stating that changing user attitudes to computer security is the biggest barrier to incident prevention.”
Graham Ingram, General Manager of AusCERT, Australia’s national computer security incident response team based at The University of Queensland said 56% of organisations surveyed acknowledged that keeping up to date with threat and vulnerability information presented real difficulties and challenges.
“Organisations are struggling to deal with what are critical and complex issues in an environment which is rapidly changing,” Mr Ingram said.
“The trends reported in this Survey are consistent with those observed by AusCERT which show that the number of organisations reporting computer security incidents and seeking response advice is growing.
“It is unlikely that the underlying trends will improve next year which means organisations will need to work harder just to maintain the status quo.
Detective Superintendent Megan McGowan, Head of the NSW Police Computer Crime Unit said 61% of organizations surveyed took no legal action whatsoever following computer attack however they need to realise that what may appear to be benign is often the pathway to something more sinister.
“With the recent strengthening of the NSW Crime Act, police can now prosecute hackers for simply entering a company’s computer system and there is no need to prove a further offence has taken place. Hackers now face penalties of up to ten years imprisonment.
“The NSW Computer Crime Unit is working with dedicated investigation teams around Australia and internationally with agencies such as the FBI, to exchange intelligence and crack down on what is a growing problem however organizations need to report incidents if this community problem is to addressed effectively ,” Det Supt McGowan said.
Other survey findings:
* 98% of companies had experienced either computer security incidents/crime or some other form of computer abuse (such as network scanning, theft of laptops or employee abuse of internet access or email)
* The areas of greatest financial impact were data or network sabotage, virus and trojan infection, computer fraud and laptop theft
* Areas of lower financial loss but frequent incident were denial of service attacks and network scanning
* After changing user attitudes, other most cited barriers to improving security were management of software upgrades and bug patches
* 43% of Australian organizations surveyed are willing to hire ex-hackers to deal with security issues, three times more than in the US
To download a full copy of the survey results, visit www.auscert.org.au/Information/Auscert_info/2002cs.pdf
Media: for further information contact:
Dean Kingsley
Deloitte Touche Tohmatsu
Phone: (02) 9322 7415
Mobile: 0416 107 415
Graham Ingram
AusCERT
Phone: (07) 3365 4417
Email: auscert@auscert.org.au
Det Supt Megan McGowan
NSW Police Computer Crime Unit
Phone: (02) 9265 4200
Anna Brown / Michelle Lia
Deloitte Communications
Phone: (02) 9322 7445 / (02) 9322 5336
Mobile: 0419 214 913 / 0407 015 129
Email: annabrown@deloitte.com.au / mlia@deloitte.com.au
Peter McCutcheon
Media Unit
AusCERT (The University of Queensland)
Phone: (07) 3365 1088
Mobile: 0413 380012
Email: p.mccutcheon@mailbox.uq.edu.au
NSW Police Media Unit
Phone: (02) 9265 4200
.jpg)
