Forwarded From: Nicholas Charles Brawn <ncb05@uow.edu.au>
24Nov98 AUSTRALIA: COMPUTERS - SURVEY FINDS NET SECURITY FULL OF HOLES.
By Emma Connors.
A major survey of Australian organisations has revealed an information
security hole large enough to accommodate several truckloads full of
hackers.
"Australian companies are increasing their exposure to security risks for
which they are not prepared," warned Ernst & Young's national director of
information systems assurance and advisory services, Mr Garry Dinnie.
Only 25 per cent of organisations surveyed have implemented data
encryption, a measure which the Ernst & Young Global Information Security
Survey refers to as a "fundamental level of protection ... no business
should be conducting e-commerce without employing at least a basic level
of encryption".
Earlier this year Ernst & Young surveyed 114 companies and discovered most
are pushing ahead with e-commerce plans, despite serious misgivings about
the risks.
Ninety per cent of organisations surveyed which have a connection to the
internet rated their security as poor, but most are still planning to
increase their online activities. The 13 per cent now using e-commerce is
expected to increase to 80 per cent within two years.
Australian businesses are not unaware of the dangers they face. Ernst &
Young found local companies generally expressed more fears about
e-commerce than their international counterparts. Some 38 per cent of
Australian companies surveyed cited security as a major barrier to
e-commerce. But while 75 per cent of senior managers rate information
security as "important" or extremely important, 45 per cent don't allocate
any budget funds to the activity.
Mr Dinnie said that often much attention is paid to external threats,
while many companies overlook the fact that the greatest danger often lies
within.
"A lot of people involved in security are concerned about the evil hacker,
but those organisations that have actually suffered a loss report the
source is usually internal.
"The more a network is opened up, the greater the possibility that
employees can plot with third parties. Accidental loss should also not be
ignored. Sometimes money is lost because employees simply make a mistake,"
Mr Dinnie said.
Ernst & Young found that 16 per cent of those surveyed have suffered, or
believe they have suffered, at least one break-in via the internet. But if
precedent is any guide, very few will be talking publicly about their
experience.
One of the best known security breaches occured four years ago, when
Citibank was targeted by a Russian hacker. The scam was identified, a
trap laid, and US$11.6 million ($18 million) in stolen funds was recovered
but Citibank, which went public with the breach, promptly lost one-fifth
of its top clients, according to US specialist Secure Computing.
KEY POINTS
* A survey of Australian organisations has revealed huge information
security gaps.
* Only 25pc of businessses Ernst & Young surveyed used data encryption in
e-commerce.
* 90pc of the 114 companies rated their security poor but planned more
online activities.
AUSTRALIAN FINANCIAL REVIEW 24/11/1998 P38
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Tue Dec 8 09:00:20 1998