AusCERT - Media release for the 2003 Australian Computer Crime and Security Survey

Media release for the 2003 Australian Computer Crime and Security Survey

Date: 07 May 2003
Original URL: http://www.auscert.org.au/render.html?cid=1926&it=3070

Organisations must be continually vigilant in maintaining computer information system security against destructive viruses and sophisticated hackers, according to an important survey released today.

The 2003 Australian Computer Crime and Security Survey was launched at AusCERT2003, the Asia Pacific IT Security conference at Queensland’s Gold Coast.

The survey was the result of cooperation between the Australian Federal Police, Queensland Police, Western Australia Police and South Australia Police and Australia’s national Computer Emergency Response Team (AusCERT).

“The 2003 Australian Computer Crime Survey provides a unique and valuable insight into the level, nature and complexity of, as well as the damage caused by, IT security incidents against Australian business,” said Alastair MacGibbon, Director of the Australian High Tech Crime Centre, a Commonwealth-State initiative hosted by the Australian Federal Police.

“It compliments the broader crime statistics collected by governments — which often miss the Internet component to crimes — and allows us to focus on one key aspect of the broader e-crime environment.”

Mr MacGibbon said the survey sent several key messages to police:
• Most IT security incidents are not reported to police;
• Many of the incidents occur as a result of poor (or no) IT security policies and procedures and could therefore be prevented;
• IT security incidents will never be eradicated, but they can be reduced and their damage minimized; and
• Law enforcement has a vital role in partnering with business and to contributing to IT security education.

AusCERT general manager Graham Ingram said the survey results demonstrated that most organisations were still finding it difficult to manage a multitude of issues concerning the proper protection of their information systems.

“The fact that greater numbers are reporting harmful externally-sourced attacks and fewer are reporting internally-sourced attacks simply means that with increased connectivity and exposure to the Internet, the opportunities for external attacks are occurring at a faster rate,” he said.

“Organisations need to ensure they are able to operate their information systems securely prior to connecting to the Internet,” he said. “In some cases, it is clear that organisations aren’t aware of some relatively basic security issues and have paid dearly”.

“It’s not all bad news. Overall fewer organisations reported experiencing computer crime and other forms of computer network abuse than last year.”

The Queensland Police Service is concentrating heavily on addressing computer crime and associated security issues in the community and corporate world.

“This survey provides a great deal of information to assist in the law enforcement of e-crime. Of particular interest is the identification of the areas affected by computer crime, both small and large organisations across a diverse range of industry,” said Detective Inspector Ken Webster, OIC of Queensland Police Service’s Major Fraud Investigation Group.

South Australia Police Detective Superintendent Anthony Rankine OIC of the Serious Fraud Investigation Branch said the nature of fraud was changing.

“Traditional fraud offences are increasingly being facilitated by, and perpetrated via, the new electronic technology,” he said. “There is a need for law enforcement to have accurate data in order to understand the nature and extent of electronic fraud.

“The mechanisms, processes and strategies used for the prevention, detection and prosecution of fraud will need to become more sophisticated and comprehensive, if they are to deal not only with the human aspects of fraud but with the highly technical nature of systems being used to facilitate fraud.”

Steve Roast, Superintendent Commercial Crime Division of the Western Australia Police Service, believes the survey will raise awareness of the security issues contributing to computer-related crimes.

“It is also going to be extremely valuable to the policing of this type of crime to identify areas that law enforcement need to focus attention on, and to highlight to government the cost of computer crime and its potential impact on the information economy,” he said.

“It is hoped that through cooperative ventures such as this survey, the business community will gain greater confidence in the involvement of law enforcement and thereby will encourage the reporting of serious computer related crimes to police.”

More Information: AusCERT (07) 3365 4417