Search Results

Share Article:

Facebook Twitter Linkedin Mail

Opening our new Security Operations Centres – 360 video

Cyber Security

Posted on August 24, 2017

2 min read

Today, we officially open the doors to our newest Security Operation Centre in Sydney, where we will offer our Enterprise and Government customers with a more agile, intelligent and collaborative approach to cyber security. This is essential. At a time when we are seeing an unprecedented rate of cyber-crime in business, it has never been more important to understand and manage cyber risk, for ourselves, and for our customers.

Our state of the art Security Operations Centres provide 24/7, 365 priority access to our highly-skilled cyber security specialists. Our customers can not only see what we see, they can come in and work with us, learn with us, and influence how we develop our security products. Underpinning all of these activities is a powerful open source Managed Security Services platform that lets us tap into global innovation.

As Australia’s largest telecommunications provider, we have an obligation to deliver these kinds of services to market. But, we know we cannot do this alone. In the wake of recent ransomware attacks globally, we believe that no one organisation can tackle the cyber conversation.  Cyber security is a team sport and requires the collaboration of government, regulators, businesses and the community to develop solutions that help build resilience, cyber security and cyber safety for our people.

The Government has set the agenda with a cyber security strategy which we fully support. Now, our role is to help turn this intent into action by providing our customers with the products and services that will deliver a more secure operating environment for all Australians.

We’re excited to open the doors to our Sydney SOC, with Melbourne opening later this month, and an intention to launch globally in 2018.

Below you can watch a 360 tour of the SOC.

If you are having problems viewing this video watch it directly on Facebook here.

Understanding broadband speeds on fixed networks

Be careful out there

Unplug me and I cease to exist

Let’s bring it back to basics with Cyber Security

Tech and Innovation Cyber Security

Posted on June 5, 2017

3 min read

The recent cybercrimes that have affected more than 230,000 businesses in 150 countries has been a wake-up call to the gravity and impact of cyber-crime on an international scale, with banks, hospitals and government agencies grinding to a halt.

One of the biggest reminders that came through in the wake of these events is that the most effective protection against cyber-crime is basic IT hygiene. Everyone from big to small business, to government, and individuals on their PCs at home need to be aware of the simple steps they can take to protect themselves against the attempts that threaten our cyber security.

Our recent Telstra Cyber Security whitepaper shows that more than half of Australian organisations surveyed detect a security breach on a monthly basis, twice as much as detected in 2015. We are a likely cyber-criminal target due to our economic growth combined with high adoption of technology compared to other countries in the region.

While the threat of cyber-crime continues to increase, education and awareness of cyber security remains low. As the report indicates, organisations believe that the main threat is cloud based services, however phishing via email and threats from malware have a higher threat level. What’s even more alarming is that less than half of companies report that they are not ready to handle these threats.

Raising awareness about cyber security is a critical first step, and organisations need to audit their internal systems and train teams to prepare and manage appropriately for any potential cyber-crime. The fundamental steps organisations can take to tackle this issue is through patching and network hardening. Together, patching and network hardening can help to monitor and update IT systems that are not running the latest operating system, and work to reduce security weaknesses that may be exploited by internal or external attackers.

On an educational front, organisations should invest time to run cyber security awareness training. This ensures that cyber security becomes a key focus for all employees and not just the IT team. The good news is that C-suite involvement in cyber security has steadily increased. As the report suggests, two out of three senior executives have a high or very high involvement in their cyber security initiatives in Australia and Asia.

The fight against cyber-crime is bigger than any organisation. We have to look at it like a team sport, which relies on governments, businesses, and communities, working together to ensure our consumers are protected, and our organisations are built to manage cyber-crime. If we want to mitigate the unknown threats facing us in the future IT environment and create a safer cyber world, then we need to work collectively to improve cyber security through basic IT hygiene, and increasing awareness for employees and consumers.

Stay security smart while On the Move

Phishing scams: Be suspicious of emails wanting personal information

Telstra Cyber Security Report 2014

The Internet of Things and its implications on cyber security

featured Cyber Security

Posted on April 4, 2017

3 min read

In the last year, we’ve seen the use of Internet of Things (IoT) devices within the home and the workplace surge significantly.

On a typical day most devices we interact with, from our smart watches, to the office photocopier and printer, and even children’s toys, are connected to the Internet in some shape or form.

This access to connected devices has undoubtedly improved the way consumers interact with these every day items, but it has also exposed them to a number of unprecedented vulnerabilities.

While these types of IoT attacks can lead to significant reputational and financial damages for businesses, equally as importantly, they can also result in loss of customer trust and confidence. As can be seen from these high profile cyber-attacks, businesses must now take appropriate security measures, not just to protect their commercial operations, but also in order to protect their customers.

This increase in the use of connected devices has also led to a range of cyber security risks for enterprises themselves. As the lines between personal and work related use of these devices continue to blur, we’re seeing more cybercriminals target the personal connected devices of employees, as well as office devices, in attempts to infect entire organisations.

One of the most used types of IoT cyber security incidents is known as Distributed Denial of Service (DDoS) attacks. These are attempts to make an online service unavailable by overwhelming it with traffic from multiple comprised devices. DDoS attacks are becoming increasingly common globally. According to our latest annual Telstra Cyber Security Report, 59 per cent of Australian businesses and 43 per cent of Asian businesses have experienced a DDoS attack on at least a yearly basis.

In 2016, the website of cyber security writer and blogger, Brian Krebs, was on the receiving end of a DDoS attack that used IoT devices, including CCTV cameras, Digital Video Recorders (DVRs) and routers designed to take the site offline. We’ve also seen similar cyber attacks using devices like children’s toys and household appliances to create IoT botnets capable of inflicting significant damage.

What we’ve learnt from these high-profile DDoS attacks is that part of the reason they are so popular with cybercriminals is they’re very low cost to launch. They are also easy to access, which means that anyone from experienced cybercriminals to disgruntled customers and employees can attack any business at great ease.

The good news is that everyone can take precautions to prevent their IoT devices from being hijacked by malware and used in DDoS attacks. By purchasing these devices from reputable manufacturers that provide regular security updates, you will help your business will help protect itself against cyber security attacks. Here are some other useful ways that you can avoid DDoS attacks:

  • Update administrator usernames and passwords to become strong and unique.
  • Disable remote access to your devices and block/close unauthorised access using the following protocol ports but not limited to: SSH (22), Telnet (23) and HTTP/HTTPS (80/443).
  • Perform updates/patching and review changes in features and settings on a regular basis for IoT as per any other computer on your network.
  • Ensure staff responsible for Electronic Security and Physical Security are educated on the precautions required when purchasing and deploying security devices such as IP-enabled surveillance cameras.

Telstra Cyber Security Report 2017

Telstra commissioned Frost and Sullivan to survey 360 senior IT leaders and C-suite executives across Australia and Asia to explore the current cyber security landscape and inform businesses how to best manage and mitigate their cyber risks. To download a full copy of the 2017 Cyber Security Report, click here.

Tags: IoT,

Rise of the machines foreshadowed in new report

CES2016: Why your customer service weak spot is your competitor’s sweet spot

How to make a city smart - IoT Challenge

Cyber-attacks: it’s not all doom and gloom for businesses

Business and Enterprise

Posted on April 3, 2017

4 min read

There’s no doubt that cyber security attacks are on the rise here in Australia. According to our latest Telstra Cyber Security Report, attacks have almost doubled in the last year, with almost 60 per cent of organisations experiencing a business impacting security incident at least once a month.

The picture in Asia is not vastly different. Like Australia, more than half of businesses in the region detected a business impacting security breach on a monthly basis. Of these, phishing email attacks were the most common, with over 30 per cent of organisations experiencing these attacks at least monthly.

As sobering as this sounds, the reality is that this is the new normal for organisations navigating their way through today’s evolving digital environment. The rapid growth in the number and variety of connected devices and applications, like the Internet of Things and virtual cloud environments, has led to an increase of unprecedented security challenges for businesses.

But the truth is, cyber security is just like any other business risk and can be managed. When it comes to preventing, and mitigating these risks, it’s critical that this is done by the same group of people who would make decisions about any other major threat to the business – the C-suite.

The good news is that the growth in cyber-attacks and incidents across the world in the last few years has resulted in heightened awareness of the business impacts such risks can have. In turn, we’ve seen C-level executives take a more active role in cyber security through increasing their involvement in security initiatives and taking more responsibility when incidents do occur.

Our study shows that’s two out of three C-level executives in Australia and Asia have high or very high involvement in their cyber security initiatives. For us, this is a great indicator that cyber security is now recognised as an all-of-business issue, not just an IT issue.

One of the most effective initiatives for overcoming cyber security threats is collaboration. Typically, organisations have worked in isolation to tackle cyber security threats however we’re now seeing businesses work with each other, as well as the government and communities, to share threat information and tips on how to manage incidents.

Another welcome finding of our study is that organisations within Australia and Asia are increasing investment in IT security spending to combat cybercrime. Almost half of Australian organisations indicated that they will increase this spending by over 10 per cent within the next year.

We’re particularly pleased to see this because taking advantage of new technologies requires a willingness to invest in people, process and technology appropriate for today’s security environment. Organisations must continue to invest appropriate security solutions and initiatives in order to reap the benefits of innovative technologies as they emerge.

Being in the know

Managing and understanding cyber security risks can be complex. We’ve developed and used ourselves Telstra’s Five Knows of Cyber Security to help leaders understand the risks and what they mean for both the business and customer. Once you’ve considered these questions you will be in a much better position to effectively assess and manage the risk.

1. Know the value of your data
2. Know who has access to your data
3. Know where your data is
4. Know who is protecting your data
5. Know how well your data is protected

Telstra Cyber Security Report 2017

Telstra commissioned Frost and Sullivan to survey 360 senior IT leaders and C-suite executives across Australia and Asia to explore the current cyber security landscape and inform businesses how to best manage and mitigate their cyber risks. To download a full copy of the 2017 Cyber Security Report, click here.

Stay security smart while On the Move

Phishing scams: Be suspicious of emails wanting personal information

Telstra Cyber Security Report 2014

Why you should care about ransomware  

featured Business and Enterprise

Posted on March 29, 2017

5 min read

With three out of five Australian businesses facing a ransomware attack every year, Telstra’s Director of Security Solutions, Neil Campbell, discusses why everyone who is online needs to be aware of the growing risks of ransomware and what you can do about it. 

By offering criminals a simple, direct and mass market way to monetise malware, ransomware has emerged as one of the top security threats facing business today. In the United States the FBI estimated that payments to cybercriminals to rescue infected files and systems is on its way to becoming a US$1 billion per annum market.

A recent report by Frost and Sullivan for Telstra found ransomware was the most downloaded form of malicious software (‘malware’) in the Asia Pacific region last year, with around 60 per cent of organisations in Australia experiencing at least one ransomware incident in the last 12 months.

Ransomware has been around for a decade but it has exploded recently as the malicious code it relies on has become easier to access and organised criminals have deployed it at scale around the world. It represents a problem for all types of business, large and small. Indeed many small businesses and individuals are vulnerable to ransomware because they may not have the best solutions in place or feel they are too small to be targeted.

The rise and rise of ransomware

Ransomware holds a device or system hostage by blocking access to the files on the system until a payment is made to remove the restriction. The most common variant is crypto-ransomware, where files on the target device or system are encrypted, effectively freezing access to them until a payment is made.

Like most kinds of malware, ransomware is usually distributed through phishing emails or exploit kits (which take advantage of device vulnerabilities to deliver the malware without the recipient’s knowledge).

The list of companies hit by ransomware is long and growing, with hospitals, universities, libraries and local councils among those impacted. For example, a hospital in California had its network down for a week and paid the equivalent of US$17,000 in bitcoin to regain access to encrypted files, and the University of Calgary in Canada ended up paying U$16,000 to recover encrypted emails. There are even multiple examples of police departments in the United States being forced to pay up after being infected by ransomware.

Closer to home, few companies are willing to publicly admit they have been a victim. However, the Frost and Sullivan research shows when asked anonymously a quarter of businesses in Australia experienced a ransomware incident, which impacted their business, on at least a monthly basis last year. The most common form of ransomware these companies encountered was Locky, which encrypts files through a Trojan usually downloaded via an email with a Word attachment.

Ransomware-as-a-service

The rapid growth of this form of malware has been spurred in part by the emergence of ransomware-as-a-service models, which allow any would-be criminal to access the tools they need to engage in this form of extortion regardless of their technical knowledge.

Ransomware-as-a-service has reached a point where developers now offer user-friendly online sites where people without coding experience can access their ransomware by either paying a one off fee to the developer or engaging in a profit share arrangement. Unfortunately, malware developers are getting savvy to the need to improve customer service just like any other business.

No honour among thieves

The standard advice for anyone who faces ransomware is to do everything possible to avoid paying the ransom. This is a critical way to combat the issue overall, as the fewer people who pay, the less incentive there is for criminals to pursue this type of activity.

Of course, it is not always so simple. If critical files are locked up and your business is grinding to a halt, the incentive to pay the ransom is very high. Our research report found that of the respondents who encountered a problem with ransomware, 57 per cent ended up paying a ransom.

However, payment does not necessarily rid you of the pain. Nearly one third of Australian organisations who paid the ransom did not recover their files, and even if you do regain access to the data there is no certainty it has not been compromised in other ways. Decrypting files does not mean the malware infection itself has been removed, and the perpetrators may still have stolen critical data as part of the attack, possibly even stealing your bank details when you paid the ransom.

The benefit of hindsight

When it comes to ransomware, there is no doubt that prevention is always better than the cure. The good news is prevention can take a number of forms, but it doesn’t have to be an elaborate security system. Good basic hygiene measures for business, like staff security awareness training, backing up important files and keeping security software up-to-date, can make a big difference when it comes to protecting yourself from malware.

 

Top five ways businesses can protect themselves from ransomware

  1. Ensure everyone in your business who interacts with your network is security aware and has training on the risks – you are only as secure as your weakest link. Read more about Telstra’s Five Knows of Cyber Security here.
  2. Identify your critical data and back it up regularly, including using offline back-up options
  3. Implement security measures, such as email gateways to block phishing emails, web gateways to block malicious code and network controls to stop the spread of ransomware inside your network
  4. Regularly update your operating systems and applications with the latest security patches
  5. Ensure you have incident response and business continuity plans in place and perform regular disaster recovery drills

Stay security smart while On the Move

Phishing scams: Be suspicious of emails wanting personal information

Telstra Cyber Security Report 2014