Analysis: Symantec tars ISPs with bad security brush

Attack vectors

Respondents tho the Symantec report were asked their readiness to withstand politically inspired attacks.

They were characterised as attempts to:

• Steal electronic information
• Alter or destroy information
• Shut down or degrade computer networks, and
• Manipulate physical equipment through the control network

The choices for respondents were extremely unprepared, somewhat unprepared, neutral, somewhat prepared or extremely prepared.

"[About] 44 to 56 percent [of Australian businesses] responded in the 'somewhat to extremely effective' category. Call it half," Symantec Pacific managing director Craig Scroggie told iTnews.

Wasn't that good news? More than half of Australian businesses felt prepared to some level to respond to an attack and equal or greater numbers were reported in the global survey numbers.

Another 15 percent in the global survey were neutral about their prospects.

Less than 15 percent of respondents in all but one category of attack felt they were "unprepared", according to global statistics.

Put another way, that's 85 percent of respondents choosing an option that did not categorise them as "unprepared".

Symantec global CIP results (courtesy: Symantec)

Those working in high-level IT security for critical infrastructure networks would have played down their preparedness because otherwise it would make them a neon-lit target for hackers.

It's hard to boast that you can protect against threats when you don't know what they look like.

Symantec highlighted that only 27 percent to 33 percent of Australian businesses felt "extremely prepared" to defend against politically motivated attacks.

"There's still a lot of room to improve," Scroggie said.

"Many are saying that while they feel somewhat prepared, do they have the confidence to say they can manage the problem? No, [because] they just don't know what these attacks will bring.

"What we've seen recently [with Stuxnet] is that an attack can go undetected for a long time. The challenge for organisations is how much information has been infiltrated? How long have they [hackers] been on the inside of the network?

"How much information was extricated to a government or political group?"

AISA's Keith Price highlighted the same statistic but for a different reason.

"I would love to talk to a security professional that says I'm really confident that my network is rock solid," he said.

And he questioned whether politically-motivated attackers are as concerned about stealing or altering electronic information as the survey suggests.

"I doubt politically motivated people care as much about the information as they do in taking the site down," Price said.

"For example, when the Prime Minister's website was taken down [by Anonymous in protest against ISP filter plans], the attackers didn't want to steal anything - all they wanted to do is to embarrass [the Government] publicly.

"Stealing information doesn't make sense to me. My guess is criminals are the bigger threat and are probably going to get in [to information systems] first rather than a couple of political activists because they're really smart, well-funded and highly organised."

The global Symantec report found that 53 percent of critical infrastructure providers were attacked an average of 10 times in the past five years at an average cost to them of US$850,000 ($864,000).

Symantec was unable to produce Australian figures or tell iTnews where local businesses ranked.

In the absence of information, it's a matter of what can be read into the results?

Industry preparedness is hard to call. So is whether telcos and ISPs are as vulnerable to defend against politically motivated attacks as Symantec says.

What do you think? Would telcos and ISPs have problems thwarting large-scale attacks or is this simply scaremongering?