51 critical infrastructure organisations breach in 2012: report

Powered by SC Magazine
 

Nine lost proprietary data.

A new report has found fifty one critical infrastructure operators in Australia have been breached in the last year with nine losing proprietary information.

The Cyber Crime and Security Survey Report (pdf), commissioned by CERT (Computer Emergency Response Team) Australia and authored by the Centre for Internet Safety, received 255 responses from organisations operating systems of national interest. The organisations came from sectors including energy and water utilities, defence, communications and finance.

Ten of those breached organisations had experienced more than 10 breaches in the last year. 

 

Most breaches were due to theft of devices, automated hack tools, software vulnerabilities, and mis-configured operating systems, applications or network devices.

Twenty two breaches were caused internally, the same number as those which reported attacks to police.

Ten kept the incident quiet "because of the fear of negative publicity" and 36 did not think the attacks warranted law enforcement investigation.

Of those organisations which reported breaches, eight claimed the incidents were not investigated, ten did not know the outcome of an investigation, and four reported a person was charged as a result.

Most surveyed organisations had standard security technologies in place while 153 had intrusion detection systems. Two-thirds possessed documented incident management plans, but only 31 had forensic plans in place.

Half of the organisations increased security spend over the last year and considered attacks against them to be targeted.

Most respondents from the energy, water and transport sectors said they were part of the Federal Government's Trusted Information Sharing Network (TISN), housed within the Attorney General's Department alongside CERT Australia.

The TISN was a platform for organisations of national interest to share information about their networks with the agency under non-disclosure agreements in return for non-public security intelligence. The initiative aimed to provide the Federal Government with good insight into potential vulnerabilities into critical infrastructure networks, and to make operators more resilient.

Copyright © SC Magazine, Australia


51 critical infrastructure organisations breach in 2012: report
 
 
 
Top Stories
Turnbull introduces data retention legislation
Still no definition of metadata to be stored.
 
Images: the next frontier in data analytics?
Barclay’s global data chief says we’re still at the starting line.
 
Crime Commission prepares core systems overhaul
Will replace 30 year-old national criminal database.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  27%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  25%
TOTAL VOTES: 417

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  55%
 
No
  45%
TOTAL VOTES: 196

Vote