Feeds

Online crims are getting away with it down under

Just eight per cent of perps charged, five per cent of attacks come from foreign powers

High performance access to file storage

Law enforcement agencies charged with investigating online crime might actually be sitting at their desks gorging on donuts in Australia, if the nation's Computer Emergency Response Team' survey of stakeholders is to be trusted.

The results of that survey, published today, states that “Out of those respondents who did report a cyber security incident to law enforcement, 33% stated that it was their understanding the incident was not investigated … while 8% of matters referred to law enforcement were reported to have resulted in a person being charged.”

Vulture South takes security surveys with the largest available salt crystals, but CERT Australia's effort is worth more consideration than the endless torrent of vendor-commissioned security surveys inasmuch as it has less need to keep us all scared and therefore primed to buy more stuff. That the survey was “conducted in partnership with the Centre for Internet Safety at the University of Canberra” also gives us more comfort, although the small sample – “of the almost 450 organisations contacted, responses were received from 255” - leaves the study far from representative.

That the CERT “works with the Australian business sector – primarily the owners and operators of systems of national interest” further skews the sample.

If you can still stomach the study after those caveats, it may perturb to know that the report couches its findings in positive terms.

For example, it notes that “More than 90% of respondents reported using antivirus software, spam filters, and firewalls.” How many “operators of systems of national interest do without is not revealed. What is known is that “More than 80% also reported using access control and virtual private networks,” again leaving a few without.

“Almost 60%” run intrusion detection systems (IDS).

Another eyebrow-raiser is the finding that “less than 50% of respondents have plans in place for the management of removable computer media, such as USB memory drives” and 84% practice “user access management.” The latter response makes us uneasy about another element of the study's methodology, namely the anonymised 24-question online survey, as it seems to your correspondent easy to respond negatively to a query about “user access management” given the term does not have wide currency.

Security training among Australian organisations surveyed by CERT Australia

65% of participating organisations had IT security staff with tertiary level IT qualifications.

Another interesting finding, graphed above, is that “Almost 35% of participating organisations had IT security staff with no formal training, although most of these staff had more than five years working in the IT security industry.”

Just 22 per cent of respondents 'fessed up to a security incident during 2012, a number CERT Australia puts down to an unwillingness to admit to attacks. A further nine per cent admitted ignorance on the matter. Theft of a device was the most common incident reported.

Motives for attacks were “illicit financial gain (15%), hactivism (9%), using the system for further attacks (9%), using the system for personal use (6%), being from a foreign government (5%), personal grievance (5%), and being a competitor (4%).”

The full report is available here (PDF). ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Bad PUPPY: Undead Windows XP deposits fresh scamware on lawn
Installing random interwebs shiz will bork your zombie box
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.