Leif Gamertsfelder, head of the e-security group at law firm Deacons, outlined the potential pitfalls at an Australian Institute of Company Directors briefing yesterday.
Cybercrime has been garnering increased interest in Australia over the past week, with the Federal Government announcing finalisations to a bundle of counter-terrorism bills on Wednesday. Federal Attorney-General Daryl Williams has described the proposed legislation as a response to September 11.
Gamertsfelder warned that senior management must be in control, and look at the gravity of the harm. He added that e-security was about processes, not technology.
He outlined the possible implications businesses may face, such as obligations by directors under the Corporations Act. -If an e-security breach has occurred due to a failure by a company to take reasonable steps to implement robust e-security architecture, ASIC [and] shareholders may want to know what steps, if any, the directors took to prevent the breach of network security," Gamertsfelder said.
Company directors and officers needed to guide and monitor management and make sure they had the appropriate information, he said. -It's important to get the balance right-you can't blindly follow what the IT security [manager] or IT manager says," Gamertsfelder said. -It's very important to be fairly robust in questioning people about their abilities in this area."
Mike Rothery, senior adviser for national information infrastructure at the Federal Attorney-General's Department, also urged business leaders to consider the range of e-security vulnerabilities they might be subject to. -There are no absolutesâ€"it's all to do with risk management," Rothery said.
Rothery said that there was no panacea or complex fix, and that businesses should be aware of the human factor, such as employees, when managing the e-security risk.
The biggest threat to security is being bourne thanks mainly to the internet.
If companies dont need to have internet access for employees, then only have for mail Xchange and that in itself will reduce risk but not totaly.
Big business needs to exert more pressure on the authors of software including O/S to ensure the product being provided is secure.
Why should business suffer at the hands of poor coding and rapid development. Slow it down and address the issues now not later.