Security is a business enabler, not an after-thought: expert
A visiting security expert has told Australian business leaders that more than 90 percent of companies connected to the Internet today are vulnerable to some form of cybercrime.
According to Simon Perry, vice-president of Security at Computer Associates International, security has gone from an afterthought in most businesses to become a business enabler -- something that allows a business to grow.
While visiting Australia for a series of briefings with local executives, Perry told PC Week that compared to an "enormous level of awareness" in North America and Europe regarding the dangers for back-end systems connected to the Internet, the threat has yet to fully register with Australian companies.
This is probably due mainly to a perception held by individual management of local companies that hack attacks are only going to occur against high-profile companies housed beyond our shores, Perry said. "The danger is that there is an overall lower 'fear factor' in Australia," Perry said. "Australian companies get online quickly, get a firewall, run an anti-virus program and then think they're protected. This is very dangerous thinking. There is no such thing as an 'Australian Internet'."
In an interesting spin on statistics, Perry said that as Australia has only between 1/40th and 1/50th of the Internet presence enjoyed by the US, this could be another factor in Australian companies developing a false sense of security.
According to CA statistics, if you compare the prevalence of Australian Web site defacements relative to Australia's overall domain population, it's clear that the global reach of hackers has proven that local companies face at least the same level of risk as US corporations.
Perry added that CA "Penetration and Testing Teams"-groups that attempt to crack a company's Internet security-have yet to find a company that couldn't be broken into, electronically speaking.
In some cases, the CA teams will use software and methods commonly available on the Internet, such as "sniffer" programs and password crackers. In others, the teams will actually attempt to crack "the human element" in an organisation-for example, by posing as help desk staff and asking employees for passwords. In one case, Perry told PC Week that an organisation's help desk was contacted by a CA team, eventually faxing it a 30-page manual on the company's infrastructure and procedures.
"Keeping people out of your files is only one aspect of security," Perry said. "I would say that only 50 percent of a company's security comes down to product. The remaining 50 percent is to do with processes."
