AusCERT sees decline in electronic attacks
The fifth survey, which was compiled in partnership with the Australian High Tech Crime Centre, the Federal Police and various state police forces, revealed that 22 percent of organisations experienced an electronic attack over the past year, down from 35 percent in the 2005 survey and 49 percent the year before.
However, due to additional funding by the Attorney General's department, this year's survey included a four-fold increase in the number of respondents and was conducted by market research firm ACNielsen.
According to AusCERT, "the sample change should be considered when assessing the respondent percentages against previous years".
Even with the larger sample base, which includes more firms from the manufacturing sector, the survey does indicate that the general level of electronic attacks has not increased and has most likely fallen.
"Across most categories of electronic attack, computer crime and computer access misuse and abuse, there was an overall reduction in level of activity detected," the survey stated.
Smartcard uncertainty
Another area of uncertainty in this year's survey results is the use of two factor authentication products -- such as tokens and smartcards -- by businesses and agencies looking to secure their networks.
According to the survey, only 24 percent of respondents said they use two factor authentication, down from 38 percent last year and 33 percent the year before.
When asked about the anomaly, Graham Ingram, general manager of AusCERT, told ZDNet Australia that he had expected the figure to increase.
"I think it is probably more a case of a different sample than a reduction," he said.
Ingram said that one issue likely to reduce smart card and token use in the future is the introduction of risk management systems such as those introduced by RSA's Cyota division.
"Anti-fraud systems are looking for anomalous transactions... If I have never done a high value transaction over a certain threshold in my life and suddenly I'm doing one, the question is, is this a valid transaction?
"If a person is living in Australia then why would they be logging in from an IP address in Estonia," added Ingram.
Spending remains constant
Despite some confusing results in this year's survey, one constant is the amount companies spend on security compared to the rest of their IT budget.
Although the survey showed a "noticeable reduction" in the percentage of companies increasing their security spend, the majority allocate around five percent of their IT budget on security.
"If you look at it year to year, there are remarkable similarities in responses over time. The survey is a very good indicator, especially over the last few years -- between five percent and seven percent [of the total IT budget] seems to be where people are at," said Ingram.