More than 20 per cent of Australian organisations are aware of the fact that they suffered a cyber-incident during 2012, according to a new report from the National Computer Emergency Response Team.
The 2012 Cyber Crime and Security Survey Report, released February 18, revealed alarming statistics about the growing propensity and complexity of digital threats, and reaffirmed the importance of stringent vulnerability management.
According to the report, of the respondents who confirmed that they had been affected by a cyber-security incident in 2012, 65 per cent reported having experienced between one and five incidents, while 21 per cent reported experiencing more than ten incidents.
The most common type of cyber incident reported by those who knew they had been the victim of an attack was the theft of a notebook, tablet or mobile device, followed closely by virus or worm infection and trojan or rootkit malware.
Less common, but no less dangerous, were attacks that centred on unauthorised access by malicious parties, the theft or breach of confidential information and denial-of-service (DDoS) attacks.
According to attorney-general Mark Dreyfus, modern cyber attacks are shifting from being "indiscriminate and random", and are instead becoming "more coordinated and targeted for financial gain".
As part of the 2012 Cyber Crime and Security Survey Report, the CERT also surveyed organisations afflicted by a security breach as to the suspected motivation behind the attack.
The study reveals that non-targeted unsolicited malicious damage is the most commonly suspected motive (17 per cent), followed by indiscriminate attack (between 15 and 16 per cent).
However 15 per cent of respondents indicated that illicit financial gain was a likely motivation behind the attack, while nine per cent suspected hacktivisim – hacking for protest or political purposes – may have been the cause.
More than half of respondents to the survey said that they had increased expenditure on cyber security in the last 12 months, highlighting the fact that organisations are becoming increasingly aware of the importance of strong cyber security.
If your enterprise would like to improve its level of vulnerability management and mitigate the risk of being impacted by a security incident, it might be worthwhile considering investing in a security audit or penetration testing evaluation.
These third party assessments allow your organisation to gain an outsiders perspective on security, and can allow you to correct any potential vulnerabilities before they are exploited by malicious parties.
"The digital economy has opened up myriad opportunities for Australian businesses to deliver goods, provide services and communicate with people more effectively. But with every online opportunity comes the risk of criminal exploitation," said Mr Dreyfus, speaking at the official launch of the report at Telstra’s Global Operations Centre in Melbourne on February 18.
"CERT Australia, established by the Gillard government, is working with closely with Australian businesses to create higher security standards, warning systems and a secure information sharing system to defend key organisations from cybercrime attacks."