Fed: More than 80 pc med-lge businesses open to hacker attack
By Miranda Korzy
SYDNEY, Aug 22 AAP - Computer systems at more than half of Australia's medium to largebusinesses are open to hacker attack, a new report shows.
Research commissioned by a major computer services and products company also foundthat 40 per cent of these Australian companies had no formal information technology securitypolicy.
On behalf of Computer Sciences Corporation Australia, the researchers surveyed 80 mediumto large publicly listed companies in Sydney, Melbourne and Brisbane.
CSC global information security director Kim Valois said the report revealed 30 percent of respondents audited their systems once a month and 11 per cent weekly.
However, 19 per cent carried out the security checks only once every three months,32 per cent once or twice a year, and five per cent had never done so.
She said hackers could access a company's systems using public domain attacks exchangedon the internet.
They could be downloaded and run from a web browser to gain privileged access to aweb server belonging to a company.
"It's a little bit frightening to think it's that simple," Ms Valois told AAP afterreleasing the report in Sydney.
"But if you don't have your system patched or protected against common exposures itreally is that easy."
A single line of defence like a firewall was not enough to stop attacks, as they wereintended to block unintended traffic rather than a hacker masquerading as a privilegeduser.
"Many hackers regard firewalls as gates that can be opened with the right protocols,rather than fences that must be surmounted or circumvented, said Ms Valois.
"Frequently no one has any idea they have entered the system.
"The problem is that the threat is a lot more pervasive and changes occur in the environmentmuch more frequently than that (the security checks) so once or twice a year, given thenature of the threat and the nature of the exposures, is probably not enough," Ms Valoissaid.
New security risks associated with commercial products were released in alerts nearlyevery day, she said.
She recommended a policy based audit once or twice a year but a good technical vulnerabilityassessment at least once a month.
The needs of each organisation were different, however, she said.
Ad hoc assessments were also essential when key changes to the environment occurred,such as installing new web servers.
AAP mk/arb/cjh/de
KEYWORD: HACKERS
Комментариев нет:
Отправить комментарий