The 2012 Cyber Crime and Security Survey: Systems of National Interest was designed and conducted to obtain a better understanding of how cyber incidents are affecting the Australian businesses that form part of Australia’s systems of national interest, including critical infrastructure.
These businesses and industries underpin the social and economic wellbeing of the nation and deliver essential services, including banking and finance, communications, energy, resources, transport and water.
The findings from this survey provide a picture of the current cyber security measures these businesses have in place; the recent cyber incidents they have experienced; and their reporting of them. These findings also provide baseline data from which the results of future annual surveys can be compared, to help ascertain overall trends.
Importantly, business is taking cyber security seriously. This is paramount for the security of the individual organisation and its clients, as well as the industry sector, and the business community more broadly. However, the survey results also indicate that many organisations are not confident that cyber security is sufficiently understood and appreciated by staff, management and boards.
In terms of cyber security incidents, more than half the organisations considered attacks on their organisation to be targeted. This indicates a shift from previous views or conceptions, that most attacks are non-targeted or indiscriminate. And while the majority of attacks were reported to come from external sources, the fact that 44% originated from within organisations serves as a reminder that internally-focused cyber security controls and measures are also important.
Reporting of cyber security incidents – which is critical to the effectiveness of the government-business partnership – clearly requires further attention. The CERT needs to articulate to business the benefits of reporting cyber security incidents to CERT Australia and to law enforcement, and that all information provided to the CERT is held in the strictest confidence.
This report was prepared by a government agency, the National Computer Emergency Response Team (CERT Australia), as well as the Centre for Internet Safety (CIS) at the University of Canberra.