Australian enterprises are at substantial risk of being sucker-punched by hackers because of their overly relaxed attitude to IT security the regional director of Check Point, Scott Ferguson, told the inaugural CIO Government Conference in Canberra this week.
Ferguson said that although most of the public sector areas were getting their act together in terms of IT security, the commercial sector was still focused on the cheap and easy convenience of mobility devices with little forethought for potential impacts on enterprise networks.
“You’re not going to like this… but Australians are early adopters who take the most cost-efficient devices and make them do things they were never supposed to do. In terms of security, we are now behind the eight ball,” Ferguson said, adding that a budding enterprise romance with mobility devices such as 3G phones and PDAs could turn ugly if not nailed down at both network and application layers.
Ferguson revealed that an Australian based funds management organization had recently been forced to shut down operations and send its entire workforce “home for the day” when its network was declared so infested it had to be unplugged; he declined to name the firm for legal reasons.
“With Blaster, 52 percent of attacks came from within the network. That’s [because] people take their laptops home, contractors plug into networks, and the like. Government needs to become involved [in promoting security best practice] and start to become the leader in secure architecture,” Ferguson said.
A federal government IT infrastructure manager said that while there was an awareness of the inherent risks that accompanied mobility-based devices, there were also significant benefits that could be harnessed if “substantial threats could be checked at the door”.
“It’s a matter of choosing wisely. You need to have devices with a bit of shelf life because by the time you get a secure solution, you still want that [technology] to be useable. In terms of assets, a Holden Commodore is still a Holden Commodore even though they give it a nose and bum job. "If they change the keyless entry, then that’s an issue for us to worry about,” the manager said.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.