Australia’s Computer Emergency Response Team (CERT) has released its first Cyber Crime and Security Survey report, a study that provides valuable information on the impact of cyber incidents on Australian businesses, including ones that operate critical infrastructure.
According to the report, 90% of the respondents have deployed firewalls, antivirus software and spam filters to protect their organizations’ networks.
Around two thirds said they had documented incident management plans. On the other hand, only 12% of those who took part in the survey said they had a forensic plan.
Worryingly, 22% of organizations experienced a cyber incident in the last 12 months. Even more concerning is the fact that 21% of these companies had to deal with more than 10 incidents.
The breaches resulted in loss of confidential or proprietary information for 17% of the organizations. Denial-of-service (DOS) attacks and financial fraud were experienced by 16%, respectively 10% of respondents.
It appears that 44% of Australian businesses preferred not to report cyber incidents to an outside organization because they feared negative publicity. Of those that did file complaints, 44% were to law enforcement and 29% to CERT.
35% said they didn’t believe law enforcement was capable of conducting a proper investigation and 26% of subjects said they didn’t think the attacker would be brought to justice.
33% of those who reported the incidents said no investigation was launched, while 29% didn’t know anything about the investigation’s outcome. Only 8% of those who filed reports said the perpetrator was charged.
In most cases, the cyberattacks were successful because the attackers used sophisticated automated tools, and due to unpatched or misconfigured software.
As far as motivation is concerned, illicit financial gain tops the chart with 15%, followed by hacktivism (9%), and use of compromised systems for other attacks (9%). Competitors were blamed by 4% of respondents, while 5% pointed the finger at foreign governments.
On the bright side, over half of respondents reported that their organizations had increased investments in the IT security.