It's a new world of security threats out there. Are Australian businesses ready?
Australian Enterprises are operating in a new threat environment. That's the message of AusCERT's 2006 Computer Crime and Security Survey, which quizzed 389 local IT managers about their attitudes and organizational approaches to security.
AusCERT is Australia's national Computer Emergency Response Team, an independent group of IT security professionals, based at the University of Queensland, which monitors and evaluates global network threats and vulnerabilities. This is the fifth year that the organization has conducted the survey, which is carried out in partnership with Australia's High Tech Crime Centre (HTCC), the Australian Federal Police (AFP) and other law enforcement organizations around the country.
"I think what we've seen over recent years is the dawn of true Internet crime," says AusCERT general manager Graham Ingram. "We are no longer dealing with hackers, we're dealing with professional criminals who have worked out how to make money in the Internet environment."
Ingram says most of the nefarious activity that occurs online bears the hallmarks of organized crime. Based largely offshore, perpetrators are difficult to track down and bring to justice, and they make significant amounts of money, which allows them to invest in new capabilities to keep them one step ahead of corporate countermeasures. Case in point: rootkits, programs that let cyber-invaders mask their intrusion and gain root access to a computer and, by extension, other machines on a network. This marks the first year that rootkits and trojans were separated from worms and viruses in AusCERT's research, and Ingram says the results are far from encouraging.
"This year, by separating them out, we learned that one in five organizations was getting hit with trojans or rootkits," he says.
"Until now most people have viewed this as a home PC issue. But this year the survey clearly shows that if you operate a network environment this threat is real. It's not just home PC users who are getting hit," Ingram says.
Despite the high usage rate of spam filters and antivirus software (98 percent) Ingram says AusCERT figures indicate that around 60 percent of malicious code remains undetectable - which means a major shift in the way CIOs think about the security of their networks. "From now on businesses should make the basic assumption that any machine connecting to their network is compromised," Ingram says.
Best Practices
1. UNDERSTAND YOUR ENVIRONMENT. "Risk management is about understanding your threat environment, it's not a product that you can buy," says AusCERT general manager Graham Ingram. "You have to understand what the level of malicious code deployment is, what this code is capable of and what you can do if it does get in."
2. INVEST IN EDUCATION PROGRAMS. Don't just pay education lip service, ensure that the individuals who work with you in your organization know what it means to be IT security aware.
3. WATCH YOUR PARTNERS. "Big corporates need to be thinking not only of their own systems and security policies, but the network as a whole and all those people who connect to it, whether they are customers, staff or suppliers," says Kathryn Kerr, AusCERT's analysis and assessment manager. "The security of those end points is crucial to any risk assessment. You need to have strategies in place to detect cases where those remote endpoints can be compromised."