IT security standards in Australia are failing because technologists are driving business decisions, according to Unisys e-security architecture director Ajoy Ghosh.
Stressing the right protections in an organisations are not just technologies but the implementation of standards and processes, Ghosh said technologists have a tendency to "play with toys, which is why organisations have so many firewalls."
"Firewalls alone are not protection; one in three intrusions occur when a firewall is in place," he said.
"IT managers need to assess risk without sensationalising some threats and ignoring others; I know from my days as an IT professional in the banking industry I just had to say virus and Internet in the same sentence to get the budget I wanted.
"There is a lot of spending in the wrong places; it is about [transposing] good corporate governance into e-business."
As a member of the National Office of Information Economy (NOIE) e-security co-ordination group, Ghosh is involved in the development of security standards with industry and guidelines to protect the National Information Infrastructure (NII).
He said security is essential for Australian business to profit from e-business. The sheer volume of transactions that will be undertaken in cyberspace in coming years makes it critical, he said.
Surveys suggest only 3 per cent of computer attacks are detected and Ghosh believes the opportunity for damage and theft by cyber criminals is increasing all the time.
"By 2020 financial systems will be dominated by cyber criminals as the Internet will be the favoured weapon of attack," he said.
Ghosh said government and industry have to work together to ensure economies are protected against terrorism. The value of goods and services traded on the Internet is predicted to grow to $327 billion in 2002 according to Forrester research.
"Of three million sites tested worldwide about 80 per cent displayed a vulnerability that could be exploited by tools readily available on the Internet," he said.