The number of electronic attacks in Australia is decreasing, according to the 2006 Australian Computer Crime and Security Survey. Twenty-two percent of respondents experienced attacks in the past year, compared with 35% in 2005 and 49% in 2004.
Viruses and worms were the most common attacks, with 45% of respondents confirming they had been hit by this kind of infection.
The total average annual losses for electronic attacks, computer crime and computer access misuse increased 63% compared with 2005, resulting in an average loss of A$241,150 (NZ$298,000) per organisation. However, this figure was pushed up by one organisation that lost A$40 million due to theft or breach of confidential proprietary information.
If this specific loss is excluded from the results, the survey actually shows a decline in the amounts of money lost. Then, the average loss per organisation is A$42,145, compared with A$153,245 last year.
Besides loss due to theft or breach of confidential proprietary information, the next biggest sources of loss were computer-facilitated financial fraud, followed by telecommunications fraud and online identity theft, according to the survey.
All three of these are fraud-related, which indicates a trend towards computer crime motivated by illicit financial gain, says the survey.
Only 5% reported losses associated with online identity theft, but the average losses reported for online identity theft, A$27,000, has increased 58% from last year. Also, infections related to trojans are on the rise. Trojan and rootkit infections represented average losses of A$11,000 per organisation.
In addition, the survey found that 65% thought that their organisations needed to improve on their readiness to protect their IT systems. They were also dissatisfied with the level of qualifications and training for IT security staff. Only 10% thought they were managing all aspects of IT security reasonably well.