There is no doubt the general electronic security threat for CIOs and systems administrators grows daily and the need to plan for sudden and unexpected events has been highlighted since September 11, National Office for the Information Economy (NOI) CEO John Rimmer said today.
Some hack attacks, he said, cannot be prevented but companies can prevent the type of attacks that cause the greatest damage.
"There is no doubt that sensational reports of exotic security exploits distract IT staff from the mundane yet effective security regimen of firewalls, antivirus tools, intrusion detection systems and virtual private networks," Rimmer said.
"Systems administrators need to harden their networks; this can be achieved by not using default settings when installing software and hardware, removing components that are not needed, use strong passwords for user authentication and use tools such as virus detection software and firewalls to protect systems from compromise."
Rimmer said the top five security problems faced today are virus protection, lack of access control, unprotected file distribution, unsafe data storage practices and unsatisfactory perimeter defence.
"These are general e-security problems across the economy, but the same problems apply to those who own and manage our critical infrastructure sectors including many areas of the Federal Government," he said.
Speaking at the Commonwealth Government e-security seminar in Canberra, Rimmer praised a video shown at the event produced by the ANZ Bank to educate staff in security matters.
A recent example of a serious security breach, Rimmer said, was the attack on the International Information Systems Security Certification Consortium (ISC2) which manages one of the most well known security examinations -- the Certified Information Systems Security Professional Scheme (CISSP).
A hacker targetted the consortium on the basis of perceived discrimination after having failed one of the CISSP's exams.
The ICS2 Mail server was successfully attacked and numerous worms and trojans planted on the computer system.
Rimmer said the organisation eventually had to reformat its entire computer system and purge all data; the entire examination database was compromised.
"The cost of this type of incident is very high and it is taking ISC2 many months to recover and rewrite exams," he said.