Search Results

Share Article:

Facebook Twitter Linkedin Mail

Tag: cyber-security

From intern to Pen Testing lead – meet Ben

People

Posted on June 24, 2019

3 min read

Ben Tudor has been part of the Telstra team for nearly seven years. He started in our Summer Vacation Program, before landing a place in our Telstra Graduate Program. He’s now our Penetration Testing – Senior Lead, which sits in our Cyber Security team, and he looks after a team of highly skilled Penetration Testers.

I caught up with Ben to find out about his career, the innovative projects he’s currently working on and the opportunities available to Pen Testers here at Telstra.

Can you tell us about your role and what your team does?

I lead a team of highly skilled Penetration Testers – effectively, ethical hackers. Ultimately, we are responsible for assessing applications and products that are both sold and developed by Telstra, ensuring that they meet both our security requirements and protect our customer data.

How has your career evolved at Telstra?

I started at Telstra as a Summer Vacation student in our Mobiles space. Following that, I worked as a Graduate within our Mobiles Engineering teams, before moving into the Cyber Security team. Since then, I’ve been involved in Penetration Testing, both performing assessments, and more recently leading the team.

Are you able to give us an insight into any innovative projects you’re currently working on?

The sheer volume of work that we perform across the business means that we always have the opportunity to investigate and assess new and innovative products.

A key focus area at the moment is the movement towards Internet of Things (IoT) – and the development of new assessment methodologies to meet this growing area. Other developing areas include 5G, software defined networks and big data products.

What does a career path in Pen Testing look like at Telstra? 

Due to the size and scope of our team there are endless opportunities to develop yourself. From new graduates starting their journey, to our senior Penetration Testers with over 20 years’ experience, every day brings a new challenge, allowing our team to build up skills across multiple domains.

Additionally, because of the size and scope of our wider Cyber Security team, there are opportunities to develop into other areas of cyber security, giving you the ability to look at other domains that you wouldn’t necessarily be able to elsewhere.

Why do you enjoy working at Telstra? (And why should someone join our team?)

Telstra is incredibly flexible – in our team, we are lucky enough to have people across multiple states and locations, including a number of people who work in remote locations. The sheer size of Telstra also means that the opportunities are endless and that the opportunity to build your career across multiple domains and areas of the business is incredibly valuable.

Applications for this year’s Summer Vacation Program are opening soon. Find out more.


Keeping your smartphone as safe as houses

Sustainability

Posted on June 17, 2019

2 min read

Our lives can now be found in our pockets: email, both work and personal. Favourite shops and restaurants. Banking. Our social lives. Our smartphones are a gateway to the world, but are also a detailed record of our lives – past, present and future. Like our home, everything that we are can be found in it.

We are told all of the time that online is the new frontier of crime: Identity theft. Scams. Hacking. Stalking. The message is clear: BE AFRAID! BE VERY AFRAID! Couple this with the constant juggle of modern life and an overload of information and paralysis can set in.

Research conducted for the Australian Digital Inclusion Index in 2018 shows that almost two-thirds of Australians feel that technology is changing so fast that it’s difficult to keep up with it.

Although it is important to know the risks out there, it is more important to put fear aside and take control – think of your smartphone like a house. 

Like keeping your house secure, keeping your smartphone secure is simple:

  1. Adjust your privacy and security settings, as they help you control the information that apps can access from your phone.  This is like shutting the blinds to stop people seeing in from the street.
  2. Set your apps to automatically update on Wi-Fi, as these updates often provide fixes for known security faults.
  3. Use 2-step authentication where available on apps and accounts for that extra level of protection. This is like having a lock and an alarm for your home.
  4. All our online apps and accounts have passwords – but we all forget these and have to reset them from time to time. Make sure that the password that protects the email address where your recovery passwords are sent is unique, long and strong. This is just like keeping your house key somewhere safe.
  5. You could even use a password manager so that you don’t need to remember all those different passwords.

Remember, YOU control your smartphone. With so much information on there, keep it safe as houses.

Patch or pay: super-critical Windows RDP flaw fixed

Cyber Security

Posted on May 22, 2019

2 min read

Organisations should urgently apply a Windows update released by Microsoft last week, which fixes a severe vulnerability that hackers are actively attempting to attack.

The flaw (CVE-2019-0708) exists in Windows’ Remote Desktop Protocol (RDP), and can allow criminals to perform a variety of attacks such as installing malware and stealing data. 

You may have enabled RDP to allow functions like logging in to the office from home. If the service is active, attackers can send a special packet that grants them remote code execution.

Researchers say there are some three million RDP services exposed to the internet – each of which is at heightened risk of compromise.

The vulnerability is also wormable, a phrase given to attacks that spread from victim-to-victim such as the Wannacry ransomware or NotPetya wiper malware of 2017.

Professional security researchers and hackers of ill intent are actively researching ways to exploit this vulnerability. Attacks have not surfaced as of the time of writing, but it is likely they will over coming days and weeks. Criminals are showing active interest in this flaw.

Microsoft releasing a patch for its long-since unsupported Windows XP operating system speaks to the severity of this vulnerability.

Our cybersecurity team at Telstra has worked hard to ensure our systems and those of our managed customers are patched.

We urge everyone in the community to prioritise this patch so that their data, and that of their customers, will remain protected.

1 on 1 with our DevOps Security Lead

People

Posted on May 13, 2019

3 min read

Hannah McKelvie lives and breathes cyber security at Telstra because she knows how important it is to keep our software safe.

As part of her role as our DevOps Security Senior Lead, she looks after a talented team of security specialists and testers from our office in Perth.

We caught up with Hannah to get an insight into the innovative cyber security work we’re doing at Telstra and why she loves coming to work every day.

What is DevSecOps, and how is it different from what most companies do with cyber security now?

As part of the traditional software development release flow, security experts need to verify that what is being built is safe for release.

Now, with teams wanting to release to production much more frequently, our challenge is to figure out how to provide the same cyber security expertise but with much greater speed.

Our solution is to make sure there is close collaboration between our security and DevOps teams, which has resulted in a shared accountability strategy.

How have you been making sure security is forefront in your DevOps projects?

Collaboration and relationship building have been key to raising the profile of security within our DevOps teams.

Initially, we incubated our security subject matter experts into the DevOps teams and had people co-located to provide real-time security advice, governance, and skills uplift. They also helped introduce our early Automated Security Scanning technologies.

More recently, we have been working with all our DevOps teams to find people who are passionate about improving the quality of their solutions, specifically with respect to security.

These motivated individuals have enrolled into our Security Champion Program, which is a formal training program supported by technical sessions and online code remediation challenges in a competitive environment.

What are your tips for balancing security and continuous delivery when working on a team project?

It’s important to keep a risk-based view of the world, and one of the things you might want to consider is prioritising higher risk work to be delivered by more mature and sophisticated teams. This helps with balancing the complexity of work with delivery timelines.

At Telstra, we also encourage the Security Champions to advocate for security bugs to be included in the DevOps team’s backlog and ensure we don’t carry too much security-flavoured technical debt.

What are the day to day things about Telstra, which make it a great place to work for developers looking to try something new?

Telstra is ensuring we deliver solutions through a DevOps approach, which makes it an exciting and empowering place for our developers to work. We’re also transitioning to new ways of working, including Agile, which allows us to move at speed.

Ready to take the next step in your career? See where a tech career at Telstra could take you.

Breach expectation: the new mindset for cyber security success

Business and Enterprise

Posted on April 16, 2019

4 min read

While security is now firmly on the agenda for senior leaders across Australia and businesses are better prepared than ever to address cyber-attacks, the threat of data breaches is accelerating and new legislation requires even greater vigilance according to the findings of the 2019 Telstra Security Report.

Based on interviews with 1,298 security decision makers across 13 countries, the report found that Australian businesses are set to increase their security budgets beyond their $900,000 average spend for 2018 in response to mounting cyber security challenges.

In its fourth year, the report also found that one in two Australian businesses had been fined for being in breach of new legislation in the past two years, and two-thirds of Australian companies surveyed had been the victim of a security breach in the past year.

What has become clear is that cyber security is no longer about trying to prevent breaches, it’s about accepting that they will occur and managing them carefully to minimise their impact.

Human error and data breaches persist as major hazards

While new threats continue to emerge, the research found that traditional challenges facing Australian businesses remain key concerns.

Human error – often caused by inadequate business processes and employees not understanding their organisation’s security policies – was the highest risk to IT security identified by 36 per cent of respondents.

The number one challenge for Australian businesses in managing security, however, was the ability to detect and effectively respond to data breaches in a timely manner.

Australian businesses are faster at detecting breaches than their international counterparts – 62 per cent of respondents said they can do this in minutes or hours compared to 50 per cent globally – but organisations still take too long to detect and contain a breach.

One concerning finding was that 19 per cent of Australian businesses estimated that more than half of all data breaches went undetected altogether in the past year, despite 74 per cent of respondents believing they have systems in place to detect a breach as it occurs.

Ransomware remains an ongoing threat

Ransomware attacks were just as prevalent this year as last, but it is encouraging to note that most potential victims have adopted safeguards against such attacks.

The frequency of attacks continues to cause significant disruption for some businesses – 32 per cent of Australian businesses that reported a security incident in the past year said that interruptions from ransomware occurred on a weekly or monthly basis.

More than half of the businesses that reported a ransomware attack also reported that they paid the ransom, up from 47 per cent of respondents in the previous year.

Increasingly, however, paying the ransom does not guarantee a retrieval of data. Of those that paid the ransom, 77 per cent were able to retrieve the data, compared with 86 per cent the year before.

Customer privacy concerns increase

Against a backdrop of more frequent and sophisticated attacks and the introduction of new regulations that force the public disclosure of breaches, companies are now more aware of the threat of reputational damage and the erosion of customer trust caused by cyber breaches.

It is no surprise that our research found that customer concern around data privacy is also on the increase in Australia and globally.

As more devices become connected and new technologies and use cases are implemented across businesses, managing cyber and electronic security now has a much broader scope than in past years.

Cybersecurity isn’t just about selling technology, it’s also about process management and educating employees. That’s why Telstra helps organisations carry out vulnerability testing, compliance and risk assessments, and has opened purpose-built security operations centres in Sydney and Melbourne to meet the special security requirements of our customers.

With the continuance of traditional challenges, and the increase in regularity and sophistication of security threats, leaders have had no option than to shift to an expectation of breach mentality. This means they must continue to step up to ensure they have the technology and practices in place to protect themselves and their customers as they operate in this increasingly connected world.

Download the 2019 Telstra Security Report below.