Tech and Innovation |

Innovation and technology are the foundation of Australia’s new normal

By Kim Krogh Andersen August 24, 2020

There’s no doubt technology has helped Australians address the changes that COVID-19 has brought on. From working, learning, socialising, shopping, eating, being informed and entertained, technology has been the foundation as we attempt to continue with our lives as much as possible. COVID-19 has swiftly forced the uptake of digitisation and changed our behaviour forever.

As a nation, we have collectively invested time and resources into learning how technology can help improve our lives in 2020, and we expect it to continue to play a vital role in the years to come.

Looking forward, COVID-19 will change the way we live and work forever. Just like other times of significant change and disruption, we need to learn the lessons, adapt to a new norm, and come out of it stronger. We cannot miss this chance to ensure the pandemic becomes a catalyst for innovation and growth in order of a better future.

In the home this year, we relied heavily on a stable and fast internet connection to support our working-and-learning from home environments during the day, while depending on it for seamless video streaming and gaming in the evenings. Furthermore, Australians have increasingly realised the benefits of shopping for goods and services online. Even when COVID-19 passes, we expect our newly-formed habits to remain, having a better appreciation of a fast, strong, and reliable internet and Wi-Fi connection.

Outside of the home, innovation was also being developed and deployed to keep us safe when we leave the front door.

The Government encouraged Australians to download and use the COVIDSafe app in order to provide an easier way to automate contact tracing to reduce further infections.

Telstra’s Track and Monitor asset-tracking platform was used by a healthcare industry customer as they swiftly deployed COVID-19 triage clinics across the east coast of Australia. This helped ensure there were no misplaced expensive and in-demand equipment, especially during a time of constant change.

We also saw the fragility and our dependency on delivery and supply chain systems, exposing the lack of end-to-end visibility. As an example, we are working with major suppliers to accelerate the development of Telstra’s Connected Supply Chain product and are also negotiating with transport companies to help increase supply chain visibility with domestic deliveries.

Quick, transparent and interactive communication was also very important. Victoria’s Department of Health & Human Services needed technology to help ensure compliance to the mandatory 14-day self-isolation period for close contacts of COVID-19 and chose Whispir’s mass communication platform to perform this function with great success.

It is more imperative than ever to ensure the country does not encounter a second wave of nation-wide infections and the respective lockdown as a result. If it were to happen, the OECD has said the Australian economy could decline by 6.3 per cent this year, which would take us back to where it was in 2016.

The technology pioneered to help manage the pandemic will continue to help us live in the ‘new normal’.

Travellers passing through Canberra Airport may notice new Temperature Screening solutions at the security check-in. This allows the airport to increase its protection against COVID-19 and includes thermal cameras to detect travellers with high temperatures. The key goal is to help reassure passengers transiting through public spaces like airports. We may see more of this type of technology installed at other public spaces like train stations, shopping centres, and maybe even at some workplaces where thousands of people pass through daily.

Traditional offices will also evolve as a result of COVID-19. Employees will demand to be allowed to continue working from home after the forced experiment pressured companies to change their flexible-working mindset and accelerate the required digitisation. This also meant the need to evolve the cyber security, technology processes, and communication and collaboration tools to enable successful remote working. The pandemic has pushed CIOs and IT departments (no matter what size) to finally modernise various procedures and systems.

Telstra’s Smart Building product already measures people’s movement through infrared sensor data to deliver insights on desk usage, meeting room usage and general occupancy levels. The product is now being expanded to measure social distancing and hygiene compliance, and will be highly relevant to all industries, especially retail, transport, health, and commercial offices.

Elsewhere, video analytics will be deployed to assist critical industries with real-time thermal scanning to ensure the ongoing safety of staff and the public. AI will help deliver insights such as people flow and count, movement analysis, alerts, and more.

There is also set to be a widespread acceleration of automation (as robots can’t contract COVID-19) which has several drivers. One of the interesting opportunities I’ve seen is robots that can clean, disinfect, help detect fever symptoms, and monitor mask and social distancing compliance.

In the home, we’ll see faster internet enabling more advanced entertainment and educational technologies. I expect further innovation in television, gaming, smart home, and communication devices will be front and centre in consumer electronics R&D in the next 12-24 months.

I have no doubt these examples of technology and innovation will be scaled even further.

COVID-19 has reinforced how critical technology is for our daily lives, specifically dependable and fast connectivity. The swift need for network reliability and resiliency when we first moved to working from home, was an early indication of how vital connectivity will be in the future.

The world is slowly exploring ultra-reliable low latency use cases like autonomous driving, remote surgery, robotics, smart cities and smart homes. 5G, Edge Computing, IoT and AI are critical technologies for us to enable these advanced scenarios, but we can’t forget security, privacy, customer experience, and operational excellence are equally as important when we embark on this journey. Because it’s people that will give purpose to technology.

COVID-19 has meant new cultural and workforce transformation for the better. We strongly believe technology plays a central role in these shifting and accelerating trends and will be the foundation in what the new normal looks like for Australians – in the home, at the office, and anywhere in between.

Cyber Security | Enterprise |

The unassuming threat of IoT devices in Australian workplaces

By Gerhard Loots February 21, 2020

When thinking of objects in a business that pose a data security risk, a fridge or fish tank wouldn’t likely come to mind.

IoT continues to grow more and more ubiquitous, fuelled by the promise of greater efficiency and advanced insight. The idea of cyber-attack may prompt images of server rooms being hacked or company laptops being stolen, but the reality is with the rise of IoT connected devices, mundane objects pose one of the biggest risks for businesses’ IT security.

A recent 2019 Report explores key issues in data security and has identified the huge threat that the growth of IoT poses to businesses of all kinds. With an estimated 29 billion connected devices by 2022, it is imperative we understand the problem that these devices pose.

The weakest link

Through the research it became clear the number one challenge for security professionals for 2019 continues to be detecting and responding to incidents in a timely fashion. This is complicated by the increasingly important task of managing the impact of new technologies such as IoT. The report found that Australian businesses are failing to improve their security, with 89 per cent having had breaches go undetected, up 12 per cent since 2018. These new technologies are being neglected; the Security Report noted only 43 per cent of Australian businesses are currently protecting their IoT security.

With the prevalence of cyber security attacks, the focus is on well-established aspects of security that seem more dangerous. From pacemakers in hospitals to vehicles in fleets and the company watercooler, more and more ordinary objects are being outfitted with IoT capabilities. As this technology continues to disrupt industries, the mad sprint to stay connected is arriving at the expense of security.

In 2016 we saw this play out in spectacular fashion with the Mirai botnet. This botnet took a huge toll on the East Coast of the United States’ internet. The culprit of this unprecedented outage was simple – IoT enabled cameras. In a similar incident in 2017, a North American casino was hacked through their IoT connected fish tank. While having access to a fish tank may initially seem like an absurd threat, it is through these unassuming objects that cyber criminals are able to successfully infiltrate other businesses’ critical systems. A study by Qualys, referenced in the Cisco 2018 Annual Cybersecurity Report, found that 83 per cent of IoT devices now carry critical vulnerabilities and this weakness is an open door for an attack.

Cyber security team

Mind the gap

A key reason this figure is so high is external vendors are often needed to update devices. In many cases, there are no clear indications of who is responsible for securing IoT connected objects. As more devices and ‘things’ connect to the internet, managing potential backdoor breaches frustratingly grows in importance and equally in difficulty.

Many businesses fail to realise a high proportion of internet-enabled devices are sold without in-built security. Some even lack an operating system that can support the installation of security software. Gaping vulnerabilities are often built-in weaknesses known as ‘backdoors’ that allow remote access maintenance, as well as stock passwords that are readily available online. Consequently, criminals can easily install malware on these devices and program them for future use or enlist them in a global army of bots with minimal investment. To make matters worse, the recent 2019 Report revealed 22 per cent of APAC organisations either don’t have or don’t know if they have an incident response plan to address breaches.

Update required

One example of how these issues are being addressed at the federal level is in the UK. The UK government recently introduced new laws to curb this issue of IoT device security. The new regulations will introduce IoT guidelines for manufacturers of connected devices, with a mandatory labelling system to determine the security level of an IoT enabled device. If an item falls short of these standards, it may be prohibited from sale. Regulation of this kind represents a big step forward in managing IoT security and has the potential to set global precedence.

IoT devices are on average more vulnerable than traditional IT endpoints. To beef up IoT security companies should look to employ basic endpoint security features like anti-malware, intrusion prevention and antivirus to secure networks against the barrage of attack. Another option is device authentication for IoT devices. Digital certificates or two-factor authentication ensure nobody can gain unauthorised entry to a device. Endpoint hardening can even be as easy as upgrading a product or deploying basic security patches, as many devices are built totally unpatched. The benefits of connected devices are numerous and are a necessary tool for businesses to succeed in the future marketplace. Businesses need to ensure they are vigilant in monitoring devices coming into the workplace and understanding how secure they really are.

This article first appeared on CSO Australia Online in January 2020.

Cyber Security | Enterprise |

Ransomware considered one of the greatest threats to Aussie businesses

By Kate Healy February 11, 2020

Every day in offices across the globe, employees swiftly clear out their email inboxes, opening hundreds of messages and clicking on links without a second thought. Yet just one wrong click could expose a business to malicious ransomware and the ultimate dilemma – being forced to pay up or risk losing everything.

It’s an issue that is increasingly becoming an inevitable part of the modern business world. According to the Telstra Security Report 2019, among Australian organisations disrupted by a security breach in the past 12 months, 81 per cent indicated it was a ransomware attack they experienced.

Alarmingly, this figure has increased five per cent compared to 2018. The same report highlighted 32 per cent of Australian organisations had been interrupted ‘on a weekly or monthly basis’ by ransomware attacks.

The report’s findings are clear, ransomware attacks are happening to more businesses, more frequently. Phishing scams are just the tip of the iceberg when it comes to ransomware. In 2017 over two-thirds of CCTV cameras that monitored public areas in Washington DC stopped operating due to a ransomware attack. It was just eight days before the swearing-in of President Donald Trump and wreaked havoc on security plans for the impending inauguration. This increasing threat of ransomware creates an impossible choice for businesses.

Pay or get played

If you ask any government body globally what to do in the face of an attack, the advice would be the same – don’t work with cyber criminals and don’t make the payment. There’s a multitude of reasons why paying up could put your business in even more hot water.

If a cyber-criminal knows you’re willing to pay the price of an attack, it’s likely that you’ll become a regular target. Additionally, attackers often ask for funds in cryptocurrencies and securing that kind of payment can make your business even more at risk, possibly funding future criminal activity.

The biggest deterrent is that even if payment is made, there is no guarantee that you’ll ever see your data again. Despite all warnings from experts, Australian businesses continue to make payments, while experiencing less and less certainty around retrieving their data.

The Telstra Security Report revealed over half of organisations that experienced ransomware attacks ultimately paid the ransom. Although the report revealed that 77 per cent of Australian businesses that paid a ransom were able to retrieve their data, this is a figure that has decreased by nine per cent since 2018. As ransomware payments become more common, the safe return of data is becoming more unlikely.

However, alarmingly, 79 per cent of respondents indicated they would pay the ransom again next time if there were no back-up files available.

So why are Australian businesses routinely admitting defeat and paying cyber criminals, even with the risk that they still may lose it all?

Face the fear

When faced with the options presented by a ransomware attack, it’s understandable that the cost of a significant data loss could pose a larger threat than a monetary lump sum. Beyond the payment of the ransom, is the costly threat of downtime and operational disruption to the supply chain. In a business context, even a minor disruption can incur major financial losses.

As a result, we see decisions driven by fear. Yet this is a fear that can be countered with the right expert advice and proper preparation.

Paying the ransom is never the answer. Businesses must continue to identify critical data and ensure regular offline backups and versioning is performed, so that the threat of a loss is lessened.

Regular security patching and updates for operating systems and applications will mitigate the risk of vulnerability to ransomware. Technical vigilance is just one piece of the puzzle; it’s important to consult with experts in the event of an attack, so you can understand your options and take the next steps towards securing your data.

In an increasingly digitally-led world, the threat of a ransomware attack is almost inevitable. It’s important not to let fear take over and put in place measures that will prevent an attack from proving catastrophic for your business.

This article first appeared on Australian Cyber Security Magazine in October 2019.

Cyber Security | Enterprise |

Partnering globally to counter malicious activity online

By Berin Lautenbach January 29, 2020

It’s well recognised that the internet has greatly reduced geographical limitations and as such, in cyber security we need to think globally.

International cooperation and strong partnerships are crucial to help positively shape the global cyber security ecosystem and help better protect our customer and networks from cyber threats.

Our heritage is proudly Australian, but we have a longstanding international presence. We operate in 20 countries outside of Australia and hold telecommunications licences in Asia, Europe and the Americas, as well as maintaining 2000 points-of-presence in more than 200 countries and territories globally.

Critical infrastructure providers, including Telstra, rely upon the stable and secure functioning of the internet to deliver essential services in Australia and populations across the world. As the interconnectedness of our technologies and society continues to grow, we need to take a community-based approach to cyber resilience.

That is why we have partnered with other leading global internet service providers (ISPs), multilateral organisations and the World Economic Forum’s Centre for Cybersecurity to identify the best practices for countering malicious activity online.

A new set of guiding principles, released at the World Economic Forum’s annual meeting in Davos last week, focuses on strategic actions network operators can take to strengthen their defences against malicious actors.

It includes practical advice and real-world case studies aligned to four key principles:

  1. Protect consumers by default from widespread cyber attacks and act collectively with peers to identify and respond to known threats
  2. Take action to raise awareness and understanding of threats and support consumers in protecting themselves and their networks
  3. Work more closely with manufacturers and vendors of hardware, software and infrastructure to increase minimum levels of security
  4. Take action to shore up the security of routing and signalling to reinforce effective defence against attacks

We are proud to work alongside the World Economic Forum and partner organisations to help make the internet a safer place, and fully endorse and support these four key principles.

We shared a case study of just one way we’re demonstrating our support and endorsement of the principles, detailing how we work with industry and government partners to identify and combat phishing campaigns that target all Australians. Email credential harvesting continues to be one of the most prevalent forms of phishing we see; using our threat visibility, we are able to provide actionable ecosystem-wide threat information that helps protect a range of Australian end users and organisations.

This is just one of the ways that we are working to exemplify the principles outlined in this document.

We will continue to collaborate with the World Economic Forum and partner organisations on initiatives supportive of the four key principles, including bespoke initiatives with global ISP peers which align to these principles.

Read the full report.

Consumer | Cyber Security | Enterprise | Small Business |

A solution to reduce scam calls across Australia

By Michael Ackland September 16, 2019

Getting suspicious calls on your mobile from faraway countries or long-lost relations is nothing new – everyone is aware of phone scams. We believe there’s more that our industry can do to reduce the number of scam calls in Australia, and we know that a fix is well overdue.

Scam calls are frustrating, particularly to those who may fall prey to one or more of the scams currently in circulation. What might just seem like an annoying phone call for you can turn into money for scammers, too – whether it is through convincing you to share personal information that can then be used for fraud, or by engineering a call to a premium number that charges high rates.

A technology and industry solution

There are some things that telcos can do to reduce the number of scam calls that reach our customers. We don’t let our customers in Australia use fake numbers, for example, which makes it very difficult for scammers to operate from Australia. We also block calls using numbers that are known to be used for scam calling. As an example of how prevalent scam is – we block millions of scam calls from reaching our customers each month.

We are also working hard with other carriers, and liaising closely with the ACMA and the ACCC, to better identify the sources of scam calls that still get through and then take appropriate action to disrupt and prevent those sources from scamming in future.

However, we cannot fix this on our own. We need all telcos, big and small, to work together to help identify the source of scams to resolve this situation and make Australia safer for everyone.

We are calling on all telcos to help our industry stop scam calls reaching our customers and proposing ways we can work together to fight this issue. If we can get this fixed, we’ll be able to significantly reduce the more than $500m Australians are expected to lose to scam this year.

Education to assist our customers

Man working on laptop in coffee shop on mobile phone

Until we have reached a consensus and implemented a solution, our customers can take steps to protect themselves in the interim. Everyone should understand how scams work so that they can understand when to hang up and not to call back.

There are three main phone scams currently popular around the world.

Getting you to call them back: Here, the scammer will call your mobile phone, making it look like the call has come from another country. Often the phone rings once or twice and then hangs up. In this scenario, particularly prevalent at the moment, if you do call the number back you’ll be placed on hold or play a recording. What you don’t know is that you’re calling a premium number which costs you a lot of money – and the profits go directly to the scammers.

Getting your details: These scams are simply about trying to get access to your personal details. Scammers might call and claim to be from a major company (like Telstra) or government department (like the ATO) seeking to provide you with information. Before they can do that, they’ll ask you to complete an identity verification process by providing your personal information. They’ll use this information to try and access your bank account or online services to steal your money.

Variations of this scam include calls saying your computer has a virus and asking you to provide access so they can remove it. The scammer will then download your personal data or implant a virus that will collect data they can use at a later date to access your money or identity.

Getting you to pay for services: These scams are about convincing you that you owe a company money and that you must pay immediately. Often, the scammer will claim to be from a major utility or telecommunication company – scammers know the chances are high that you’ll get a call relating to a company where you have some services. Callers often talk in an aggressive manner or with a sense of urgency, or they may threaten to cut off your services, so you panic and pay immediately.

We know that education is only part of the battle because it is often our most vulnerable customers who are preyed upon by scammers. That’s why, in addition to operating our misuse of service and cyber scam reporting services, we’re calling on all of Australia’s telecommunications industry and its partner organisations to work together to find an effective technology solution to scam calls.

The opportunity for all telcos here is to set the bar high for what we do with our customers to make sure we never miss a heartbeat and no customer ever gets left behind.