51 critical infrastructure organisations breach in 2012: report

Powered by SC Magazine
 

Nine lost proprietary data.

A new report has found fifty one critical infrastructure operators in Australia have been breached in the last year with nine losing proprietary information.

The Cyber Crime and Security Survey Report (pdf), commissioned by CERT (Computer Emergency Response Team) Australia and authored by the Centre for Internet Safety, received 255 responses from organisations operating systems of national interest. The organisations came from sectors including energy and water utilities, defence, communications and finance.

Ten of those breached organisations had experienced more than 10 breaches in the last year. 

 

Most breaches were due to theft of devices, automated hack tools, software vulnerabilities, and mis-configured operating systems, applications or network devices.

Twenty two breaches were caused internally, the same number as those which reported attacks to police.

Ten kept the incident quiet "because of the fear of negative publicity" and 36 did not think the attacks warranted law enforcement investigation.

Of those organisations which reported breaches, eight claimed the incidents were not investigated, ten did not know the outcome of an investigation, and four reported a person was charged as a result.

Most surveyed organisations had standard security technologies in place while 153 had intrusion detection systems. Two-thirds possessed documented incident management plans, but only 31 had forensic plans in place.

Half of the organisations increased security spend over the last year and considered attacks against them to be targeted.

Most respondents from the energy, water and transport sectors said they were part of the Federal Government's Trusted Information Sharing Network (TISN), housed within the Attorney General's Department alongside CERT Australia.

The TISN was a platform for organisations of national interest to share information about their networks with the agency under non-disclosure agreements in return for non-public security intelligence. The initiative aimed to provide the Federal Government with good insight into potential vulnerabilities into critical infrastructure networks, and to make operators more resilient.

Copyright © SC Magazine, Australia


51 critical infrastructure organisations breach in 2012: report
 
 
 
Top Stories
Photos: Global Switch opens Sydney East data centre
First stage opened, to some fanfare.
 
ATO releases long-awaited Bitcoin guidance
Everyday investors escape the tax man.
 
Why the Weather Bureau’s new supercomputer is a 'gamechanger'
IT transformation starts to reap results.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  68%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  12%
 
Denial of service attacks
  7%
 
Insider threats
  11%
TOTAL VOTES: 480

Vote