AusCERT sees decline in electronic attacks

AusCERT sees decline in electronic attacks

Summary: Over the past year there were significantly fewer electronic attacks than over the previous 12 months, according to the latest version of an annual survey coordinated by the Australian Computer Emergency Response Team (AusCERT).

SHARE:
0
Over the past year there were significantly fewer electronic attacks than over the previous 12 months, according to the latest version of an annual survey coordinated by the Australian Computer Emergency Response Team (AusCERT).

The fifth survey, which was compiled in partnership with the Australian High Tech Crime Centre, the Federal Police and various state police forces, revealed that 22 percent of organisations experienced an electronic attack over the past year, down from 35 percent in the 2005 survey and 49 percent the year before.

However, due to additional funding by the Attorney General's department, this year's survey included a four-fold increase in the number of respondents and was conducted by market research firm ACNielsen.

According to AusCERT, "the sample change should be considered when assessing the respondent percentages against previous years".

Even with the larger sample base, which includes more firms from the manufacturing sector, the survey does indicate that the general level of electronic attacks has not increased and has most likely fallen.

"Across most categories of electronic attack, computer crime and computer access misuse and abuse, there was an overall reduction in level of activity detected," the survey stated.

Smartcard uncertainty
Another area of uncertainty in this year's survey results is the use of two factor authentication products -- such as tokens and smartcards -- by businesses and agencies looking to secure their networks.

According to the survey, only 24 percent of respondents said they use two factor authentication, down from 38 percent last year and 33 percent the year before.

When asked about the anomaly, Graham Ingram, general manager of AusCERT, told ZDNet Australia that he had expected the figure to increase.

"I think it is probably more a case of a different sample than a reduction," he said.

Ingram said that one issue likely to reduce smart card and token use in the future is the introduction of risk management systems such as those introduced by RSA's Cyota division.

"Anti-fraud systems are looking for anomalous transactions... If I have never done a high value transaction over a certain threshold in my life and suddenly I'm doing one, the question is, is this a valid transaction?

"If a person is living in Australia then why would they be logging in from an IP address in Estonia," added Ingram.

Spending remains constant
Despite some confusing results in this year's survey, one constant is the amount companies spend on security compared to the rest of their IT budget.

Although the survey showed a "noticeable reduction" in the percentage of companies increasing their security spend, the majority allocate around five percent of their IT budget on security.

"If you look at it year to year, there are remarkable similarities in responses over time. The survey is a very good indicator, especially over the last few years -- between five percent and seven percent [of the total IT budget] seems to be where people are at," said Ingram.

Topics: Malware, Security, AUSCERT

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion