With tension mounting between the US and China over hacking allegations, two New Zealand organisations report they may have been subject to online attacks by a foreign government, while one says it has been the victim of a likely “cyber-terrorist” incident.
According to the 2007 Global State of Information Security Survey, released today and published in depth in CIO New Zealand magazine, 163 IT security incidents globally (3% of the total reported) were considered likely to be of terrorist origin, while 150 were attributed to attacks by foreign governments.
And, while some may consider we are not in the frontline when it comes to such attention, New Zealand organisations appear to be as likely to be probed by foreign powers as any.
Last week, the New Zealand Herald reported US President George W Bush could be about to confront Chinese President Hu Jintao at the Sydney APEC summit over hacking raids on the Pentagon, the German chancellery and Whitehall.
President Bush was responding to UK newspaper reports alleging the Chinese military had hacked into Pentagon computers and possibly stolen classified documents.
“I’m very aware that a lot of our systems are vulnerable to cyber-attacks from a variety of places,” he said at a news conference, before indicating he might raise the issue with the countries involved.
China denied the allegations last week — the second time in as many weeks that the country has responded to charges of sponsoring computer attacks.
“Some people are making wild accusations against China and wantonly saying the Chinese military attacked the Pentagon’s computer network,” Jiang Yu, a foreign ministry spokeswoman, said in Beijing, according to the state-controlled Xinhua news service. “These are totally groundless and also reflect a Cold War mentality,” she added.
The Global State of Information Security Survey, which was conducted by CIO and CSO magazines, and PricewaterhouseCoopers, is the largest ever to include New Zealand organisations. Nearly 10,000 organisations were surveyed, with 84 coming from this country.
Despite this, it is current employees and hackers that pose the greatest security threats here. Hacking accounted for 40% of the attacks logged by New Zealand organisations, while employees accounted for nearly 38%. Also featuring in the statistics were attacks by former employees and by service providers or contractors.
Globally, security incidents resulted in altered applications in 32% of cases, while confidential records were compromised in 18% of incidents. Networks suffered in 38% of cases, and email and applications became unavailable in 23%.
However, another notable finding of the survey is that 40% of organisations simply do not know how many security incidents or attacks they have suffered.
CIO details the survey over eight pages in its September edition, which is out today, or available online here.