Feeds

CERT Oz report: 76 orgs popped in targeted attacks

What's whitelisting? We're still married to XP

Protecting against web application threats using SSL

Seventy six businesses have owned up to targeted attacks getting past their defences, according to the government's Computer Emergency Response Team (CERT), which released the findings in an annual report late yesterday.

The mostly Australian businesses represented 135 organisations reporting to the CERT Australia survey and were part of a 35 percent uptick in reported information security incidents from the previous 2012 survey.

Breached organisations were unclear about the motivations behind the attacks but suggested commercial competitors were at fault.

The report highlighted well known security shortcomings across organisations including a lack of plans for forensic preservation of evidence ahead of breaches, a drop (25 percent) in security spend and poor adoption of payment security controls (PCI DSS).

In other findings:

  • Eighteen organisations said they would maintain their Windows XP deployments despite Microsoft's botched end of life plans for the operating system.
  • Use of cryptography had spiked by 35 percent to 60 percent of responding organisations.

Most respondents were part of the Federal Attorney General's Trusted Information Sharing Network (TISN), which serves as a security intelligence sharing hub between CERT and the country's critical infrastructure and nominated systems of national interest.

A quarter of the TISN respondents hailed from defence, 16 percent from the energy sector and 13 per cent from banking and finance industries. Three quarters of respondents were from large organisations and agencies with more than 200 employees yet most (75 percent) had fewer than five full time security bods on payrolls.

User access management was the most common security control in use, followed by disaster recovery and change controls. Most organisations applied four of the Australian Signals Directorate's lauded security control list, but few had applied critical application whitelisting which the intel agency http://www.asd.gov.au/infosec/top-mitigations/top-4-strategies-explained.htm#mitigation was an "incredibly effective means of ensuring security". ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.