The Skyhooks were a band famous in Australia who had a 1970’s hit ‘Ego is not a dirty word’.

Although not related at all to IT Auditing, the negative stigma is translatable from ego to audits.
There are several reasons that organizations can dread an audit. However, they all share a common cause, the fear of the unknown.
What have I missed? Did I do this right? What if this happened?
Proactive organisations, however, do not dread audits, they use the process to add value to their organisations. This shift in focus is what continually helps them excel; prevention is always better than cure.

Do you rely on manual processes to address auditor requests?

If you answer yes to this then you are already on the back foot, most common audit requirements can be scheduled and accomplished automatically. This process automation is easily configured while the cost of the software is less than the personnel hours that would have been required for the same task. Automatically generating reports that consider change management or access security is straightforward using software such as Open-AudIT and opConfig.

The evolution of technology has forced organizations to comply with technical auditing, even if they don’t identify as high-tech companies. It is business critical to get these processes right; any recent data breach can be easily recalled, no one remembers a company executing a successful audit.  Successful audits occur when there is an understanding of the internal IT procedures and operations of your network.

The Internet of Things (IoT) is already revolutionizing the way key industries do business, and the benefits are only set to increase over coming decades as IoT technologies are further adopted. According to Australia’s IoT Opportunity: Driving Future Growth – An ACS Report, with regards to the construction, mining, healthcare, manufacturing and agriculture sectors, which represent 25% of Australia’s GDP, IoT technologies have the potential to achieve annual benefits of A$194-308 billion over a period of 8-18 years. That is an average productivity improvement of 2% per annum.

Let’s take a closer look at how IoT is set to revolutionize these key Australian industries.

Construction

The construction industry is set to benefit up to $96billion over coming decades due to increases in productivity resulting from IoT. Technologies such as Building Information Modelling (BIM), sensors, automation, and 3D printing are all set to have an increased presence in construction sites of the future.

Manufacturing

The predicted benefits for the Australian manufacturing industry over coming decades are up to $88 billion, despite the industry already being the most advanced regarding IoT adoption. Factories of the future may be remotely controlled and even connected allowing for real-time supply chain management. There will also be the increased adoption of sensor technology for monitoring and maintenance.

Healthcare

The healthcare industry could reap benefits of up to $68 billion in the coming decades as it takes advantage of IoT technology. ‘Smart Hospitals’ are the future, where service is more personalized and technologies such as 3D printing, robotics, nanotechnology and genetic coding are employed. Additionally, the use of wearable technologies by patients will reduce the number of visits to their GP and allow for remote access to real-time data.

Mining

Benefits of up to $34 billion could be achieved in coming decades by the mining industry as it adopts IoT technology. Sensors providing real-time visualizations of data and collaboration, and also the use of autonomous vehicles will increase the productivity of the sector, and are already employed by industry leaders.

Agriculture, Forestry, and Fishing

‘Smart farms’ are set to offer farmers increased yields are lower costs, with annual predicted benefits of up to $22 billion. Increased productivity will be the result of technologies including autonomous vehicles, sensors for crops, tracking on livestock, automation, and drones.

The five industries discussed are predicted to reap the significant benefits from IoT. However, they do not represent the limits of the reach of IoT technologies. While at its core IoT is a simple connected device, the broader impact of IoT technologies is an economic and social good, whereby there are not only improvements to capabilities and productivity, but more broadly improvements to everyday life and the planet.

Cybersecurity has become a key priority for business leaders today.

The number of cyber-threats and scams is growing; the threats and scams themselves are increasing in sophistication; and the consequences of a security breach are more damaging. So how can businesses can take to remain cyber-secure? In coming weeks we’ll be describing some key measures your business can take to protect its systems, information and people.

People can be your weakest link or your greatest asset when it comes to cyber-security. Malicious individuals have developed socially engineered threats or scams that deceive people into clicking on dangerous links, opening suspect attachments or even inadvertently sending money to scammers posing as your CEO. So what are some steps you can take to mitigate these threats?

• Educate your employees. Implement and regularly update education programs that teach your employees about how to recognise threats and scams. Extend these programs to employees’ families and partners and customers where feasible. These programs should teach employees that cyber security is everyone’s responsibility – not just IT department or the senior leadership team.
• Implement rigorous cyber-security policies. Businesses should complement education programs with policies governing issues such as the handling of information or devices (including diverse issues such as the use of USB drives; the use of company-owned notebooks on unsecured public networks; and the shutting down of departing employees’ access to systems and data). The policies should also cover steps employees need to take – including who they need to inform – in the event of an incident such as a notebook with sensitive information being left in the back of a taxi.
• Build cyber-security into the culture of your business. This can be achieved through leaders within the business modelling and advocating security awareness; incorporating security into the business’s vision and mission statements; promoting security in recruitment and onboarding processes; and rewarding positive security behaviours.

Taking these steps can play a vital role in building a powerful security risk posture at your business. Call Simon or one of our experts today on +61 2 9409 7000 to find out more about cyber education.

Australia’s new data breach notification scheme has been operating for several months. The scheme requires businesses – as well as government agencies and not-for-profits – that handle personal information and turn over more than $3 million per year to notify people affected by serious data breaches.

They must also inform the Office of the Australian Information Commissioner (OAIC). Failing to meet their obligations could cost businesses up to $2.1 million in fines.​

​The April-June 2018 Notifiable Data Breaches Quarterly Statistics Report revealed organisations had notified the OAIC of 242 breaches – 59% of which were due to malicious or criminal attacks. A further 36% were due to human error, while only 5% were caused by system faults. While 89% of data breaches compromised contact information, a worrying 42% involved financial details, 39% involved identity information and 25% involved health data.

The most common human error was sending email to the wrong person, followed by the unintended release or publication of personal information. However, the OAIC noted that data breaches involving the loss of storage devices affected the largest number of people, at an average of 1,199 affected individuals per breach.

The Australian Cyber Security Centre (ACSC) found at least 77% of cyber incidents during the quarter occurred due to the theft of credentials such as usernames and passwords.

More information is available from the OAIC and the ACSC.

So what are the lessons for small businesses from the launch of the scheme and the April-June report? The key is to recruit or build security capability internally to comply with the requirements of the data breach notification scheme. The second is to implement robust security systems, policies and processes to minimise the risk of data breaches.

​Importantly, this is not a ‘set and forget’ exercise – these systems, policies and processes must be updated regularly to combat new threats and to ensure workers and managers remain aware of their obligations. Talk to Roger and his team of experts today on +61 2 9409 7000 to find out more about protecting your business.

As the digital world continues to evolve, so too do cyber threats. Zero-day exploits are becoming both more common and severe, and staying ahead of them is challenging to say the least.

But despite rapid change in the cyber realm in recent years, there is one tried and true technology that remains foundational to protecting an organisation’s digital assets from malicious attacks – the humble firewall.

A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on a set of predetermined security rules. It typically establishes a barrier between a trusted internal network and an untrusted external network, such as the Internet.

Traditional first-generation firewalls, also known as packet filters, controlled network access by monitoring outgoing and incoming packets and allowing them to pass or halt based on the source and destination Internet Protocol (IP) addresses, protocols and ports. Second-generation firewalls built upon their first-generation predecessors by attempting to increase the level of security between trusted and untrusted networks via proxy services – an interface between the user on the internal trusted network and the Internet.

The newest generation of firewalls – often referred to as next-generation firewalls (NGFWs) – are hardware or software-based network security solutions that can detect and block sophisticated attacks beyond traditional firewall technologies. They perform deeper inspections, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware. NGFWs also offer administrators greater awareness of and control over individual applications. Most are modular, meaning users can choose to purchase and activate features commensurate with their specific needs and risks.

Irrespective of the type of firewall you’re using or considering, perhaps the most important things to weigh up are whether the product meets the specific security requirements of your organisation, as well as whether it is a good fit for your IT environment. And remember, as cyber threats continue to evolve, firewalls remain an integral asset in your cyber defence line.

FirstWave’s cloud-based NGFW service offering combines application awareness,  deep packet inspection and advanced threat prevention to give companies better control over applications for their cloud deployments while also detecting and blocking malicious threats. Also available as a high availability, managed solution, this offering can be customised to meet high-end, enterprise-specific needs. Learn more.

​Talk to Neil or the FirstWave team today on +61 2 9409 7000 to find out more about our cloud-based NGFW service.