The Western Australia Auditor General, Colin Murphy, has identified poignant vulnerabilities to cyber threats in all of a agencies examined for his 2011 Information Systems Audit Report.
According to the report (PDF) “benign cyber attacks” were carried out on 15 exam agencies — including a Department of a Attorney General, a Department of Education, and a Department of Health —via a internet while USB inclination containing program that would ‘phone home’ and send network specific information opposite a Internet if plugged in and activated were also sparse opposite a agencies to exam their staff.
The Auditor General’s office, that also assessed either a 15 agencies had configured their IT systems and had ancillary policies and processes in place to detect, control and reasonably respond to cyber attacks, found critical weaknesses in security.
“None of a agencies we tested had adequate systems or processes in place to detect, control or reasonably respond to a cyber attack,” a news reads.
“Only one group rescued a attacks. The disaster of many agencies to detect a attacks was a sold regard given that a collection and methods we used in a tests were unsophisticated.”
The review also found 14 of a 15 agencies tested unsuccessful to detect, forestall or respond to a office’s antagonistic scans of their internet sites. These scans identified countless vulnerabilities that could be exploited to benefit entrance to their inner networks and information.
“We accessed a inner networks of 3 agencies but detection, regulating identified vulnerabilities from a scans,” a news reads. “We were afterwards in a position to read, change or undo trusted information and manipulate or close down systems. We did not exam a identified vulnerabilities during a other 12 agencies.”
The news also remarkable that 8 agencies plugged in and activated a USBs a Auditor General bureau had placed. These inclination subsequently sent information behind to a bureau around a Internet.
“This form of conflict can yield ongoing unapproved entrance to an agency
network and is intensely formidable to detect once it has been established,” a news reads. “Failure to take a risk-based proceed to identifying and handling cyber threats and to accommodate or exercise good use superintendence and standards for mechanism confidence has left all 15 agencies vulnerable.”
The news serve records that a bureau was means to crack a confidence of these agencies notwithstanding a infancy of them recently profitable confidence contractors adult to $75 000 to control invasion tests on their infrastructure.
“Some agencies were doing these tests adult to 4 times a year,” a news reads. “In a deficiency of a broader comment of vulnerabilities, invasion tests alone are of singular value, as a contrast demonstrated.”
Follow Tim Lohman on Twitter: @Tlohman
Follow Computerworld Australia on Twitter: @ComputerworldAU