IT experts warn Queensland businesses risk becoming ‘soft targets’ for malicious hackers if they fail to meet international data security standards.
Security-Assessment.com security consultant Roger Greyling says overseas hackers struggling to break through stringent security measures in the UK and US may consider Australasian companies as ‘soft targets’.
“We saw with recent high-profile data breaches at Sony and Lush Cosmetics (that) an organisation’s reputation and assets are constantly vulnerable to attack from unscrupulous individuals,” says Greyling.
He claims that last year more businesses experienced security breaches, many of which went unreported.
“It happens more often than people realise,” he says.
US companies are legally obliged to disclose data security breaches, while UK internet service providers and telco companies must divulge breaches in compliance with the European Union data protection directive.
Although no equivalent legislation exists in Australia, Greyling urges businesses to make sure they comply with the Payment Card Industry Data Security Standard (PCI DSS).
Introduced by the Payment Card Industry Security Standards Council (PCI SSC), PCI DSS is an internationally recognised information security standard requiring organisations that handle card information to improve controls on cardholder data to reduce credit card fraud.
Staff at Spring Hill-based information security company Bridge Point Communications have expressed ‘shock’ at the lack of IT security at Queensland businesses.
Information security consultant Daryl Haines says many companies have neither data security policies nor dedicated staff on hand.
“If there isn’t a standard or requirement to implement IT security, they usually do it only if there is an incident,” says Haines.
“However, a lot of companies don’t have monitors, intrusion prevention systems and log-in systems in place, so they won’t be aware even if they are being breached.”
Haines claims data security is not merely a domestic matter.
“The last National Security Australia Conference highlighted that a lot of attacks came from China and Eastern Europe. They are trying to gain a competitive advantage and one way to do that is by stealing the intellectual property of western companies. The issue of IT security is a global one,” he says.
Ashmore-based consulting group IT Leaders says simple security measures can prevent hacking and internal breaches.
National business manager Chris McAvinue says stopping initial entry is the most costeffective way to protect corporate data.
“Regularly updating antivirus and antispam software can block external hackers from sending viruses to your network,” he says.
“Set up a firewall between the internet and internal network. You can also encrypt and place confidential items in folders with a complex alphanumeric password.”
Internal data theft can be stopped by installing so-called smart appliances between the gateway and internal network.
“WatchGuard Technologies can scan for trusted employees who send sensitive data to external parties. You can set up rules to monitor that and block it,” says McAvinue.
He also suggests a preventative approach by continuously monitoring the network.
“Preventative costs are more effective than reactive costs,” says McAvinue.