Australian IT security: beware the devil you know - News - Security

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Australia.
--------------------------------------------------------------

Australian IT security: beware the devil you know

By Jeanne-Vida Douglas, ZDNet Australia
March 17, 2002
URL: http://www.zdnet.com.au/news/security/soa/Australian-IT-security-beware-the-devil-you-know/0,130061744,120264051,00.htm

According to a recent report by analyst group Ernst and Young, there has been an alarming rise in IT security breaches in Australia and around the world, with management more concerned about internal rather than external breaches.

With the information drawn from 450 CIOs in 16 countries around the world, the survey found 91 percent of Australian respondents experienced breaches compared with only 75 percent globally. What's more 50 percent of the antipodean respondents believed they were more at risk from internal attacks, compared to 41 percent whose concern focussed on external threats.

Such concern is well founded according to industry pundits such as Denis Jorgensen, manager of the technical services group for security management outsourcing company 90East.

"The biggest rise in attacks is external, and in largely due to increases in the availability of hacking tools, the proliferation of cable modems and so fourth," said Jorgensen. "But, what we are finding is that internal attacks have more potential to do damage, as the level of sophistication required to launch a malicious attack internally is far lower than what is required to launch one from the outside."

Jorgensen went on to say that the statistic which warranted the greatest level of concern according to the survey was that which referred to the 64 percent of respondents who are confident they would be able to detect an attack on their systems.

"I know that is a case for concern," said Jorgensen. "In our experience 100 percent of out clients experience some form of attack, in fact if we connect a Web server up to the Internet it is scanned within a matter of hours, and attacked within 24."

While Jorgensen agrees with the Ernst and Young suggestion that hacking will increase with increases in connectivity, he said that the bulk of the increase was in unsophisticated attacks.

However, as the report points out, apparently innocuous attacks have the capacity to create so called "backdoors" which serve to facilitate future attacks.