An industry partner told me recently about a horror story that could occur to anyone operating in a hybrid network environment. One of their former employees had an EC2 instance they had spun up for testing purposes and paid the initial fees with Amazon credits, something most of us would have done. This staff member, however, left the company and did not inform them of the instance. Fast forward two years and there was a substantial bill that was directed to this company.

There are a lot of advantages for creating a hybrid network environment, but stories like this are commonplace when they shouldn’t be. The issue with the above problem is there was poor business asset visibility, the company didn’t know about assets it had control over and this creates vulnerabilities, security or financial. Turning this liability into an asset can be a simple, cost-effective project for teams of any size.

If you would like to try these features in your test environment, just register here!

The Skyhooks were a band famous in Australia who had a 1970’s hit ‘Ego is not a dirty word’.

Although not related at all to IT Auditing, the negative stigma is translatable from ego to audits.
There are several reasons that organizations can dread an audit. However, they all share a common cause, the fear of the unknown.
What have I missed? Did I do this right? What if this happened?
Proactive organisations, however, do not dread audits, they use the process to add value to their organisations. This shift in focus is what continually helps them excel; prevention is always better than cure.

Do you rely on manual processes to address auditor requests?

If you answer yes to this then you are already on the back foot, most common audit requirements can be scheduled and accomplished automatically. This process automation is easily configured while the cost of the software is less than the personnel hours that would have been required for the same task. Automatically generating reports that consider change management or access security is straightforward using software such as Open-AudIT and opConfig.

The evolution of technology has forced organizations to comply with technical auditing, even if they don’t identify as high-tech companies. It is business critical to get these processes right; any recent data breach can be easily recalled, no one remembers a company executing a successful audit.  Successful audits occur when there is an understanding of the internal IT procedures and operations of your network.

The Internet of Things (IoT) is already revolutionizing the way key industries do business, and the benefits are only set to increase over coming decades as IoT technologies are further adopted. According to Australia’s IoT Opportunity: Driving Future Growth – An ACS Report, with regards to the construction, mining, healthcare, manufacturing and agriculture sectors, which represent 25% of Australia’s GDP, IoT technologies have the potential to achieve annual benefits of A$194-308 billion over a period of 8-18 years. That is an average productivity improvement of 2% per annum.

Let’s take a closer look at how IoT is set to revolutionize these key Australian industries.

Construction

The construction industry is set to benefit up to $96billion over coming decades due to increases in productivity resulting from IoT. Technologies such as Building Information Modelling (BIM), sensors, automation, and 3D printing are all set to have an increased presence in construction sites of the future.

Manufacturing

The predicted benefits for the Australian manufacturing industry over coming decades are up to $88 billion, despite the industry already being the most advanced regarding IoT adoption. Factories of the future may be remotely controlled and even connected allowing for real-time supply chain management. There will also be the increased adoption of sensor technology for monitoring and maintenance.

Healthcare

The healthcare industry could reap benefits of up to $68 billion in the coming decades as it takes advantage of IoT technology. ‘Smart Hospitals’ are the future, where service is more personalized and technologies such as 3D printing, robotics, nanotechnology and genetic coding are employed. Additionally, the use of wearable technologies by patients will reduce the number of visits to their GP and allow for remote access to real-time data.

Mining

Benefits of up to $34 billion could be achieved in coming decades by the mining industry as it adopts IoT technology. Sensors providing real-time visualizations of data and collaboration, and also the use of autonomous vehicles will increase the productivity of the sector, and are already employed by industry leaders.

Agriculture, Forestry, and Fishing

‘Smart farms’ are set to offer farmers increased yields are lower costs, with annual predicted benefits of up to $22 billion. Increased productivity will be the result of technologies including autonomous vehicles, sensors for crops, tracking on livestock, automation, and drones.

The five industries discussed are predicted to reap the significant benefits from IoT. However, they do not represent the limits of the reach of IoT technologies. While at its core IoT is a simple connected device, the broader impact of IoT technologies is an economic and social good, whereby there are not only improvements to capabilities and productivity, but more broadly improvements to everyday life and the planet.

Cybersecurity has become a key priority for business leaders today.

The number of cyber-threats and scams is growing; the threats and scams themselves are increasing in sophistication; and the consequences of a security breach are more damaging. So how can businesses can take to remain cyber-secure? In coming weeks we’ll be describing some key measures your business can take to protect its systems, information and people.

People can be your weakest link or your greatest asset when it comes to cyber-security. Malicious individuals have developed socially engineered threats or scams that deceive people into clicking on dangerous links, opening suspect attachments or even inadvertently sending money to scammers posing as your CEO. So what are some steps you can take to mitigate these threats?

• Educate your employees. Implement and regularly update education programs that teach your employees about how to recognise threats and scams. Extend these programs to employees’ families and partners and customers where feasible. These programs should teach employees that cyber security is everyone’s responsibility – not just IT department or the senior leadership team.
• Implement rigorous cyber-security policies. Businesses should complement education programs with policies governing issues such as the handling of information or devices (including diverse issues such as the use of USB drives; the use of company-owned notebooks on unsecured public networks; and the shutting down of departing employees’ access to systems and data). The policies should also cover steps employees need to take – including who they need to inform – in the event of an incident such as a notebook with sensitive information being left in the back of a taxi.
• Build cyber-security into the culture of your business. This can be achieved through leaders within the business modelling and advocating security awareness; incorporating security into the business’s vision and mission statements; promoting security in recruitment and onboarding processes; and rewarding positive security behaviours.

Taking these steps can play a vital role in building a powerful security risk posture at your business. Call Simon or one of our experts today on +61 2 9409 7000 to find out more about cyber education.

Australia’s new data breach notification scheme has been operating for several months. The scheme requires businesses – as well as government agencies and not-for-profits – that handle personal information and turn over more than $3 million per year to notify people affected by serious data breaches.

They must also inform the Office of the Australian Information Commissioner (OAIC). Failing to meet their obligations could cost businesses up to $2.1 million in fines.​

​The April-June 2018 Notifiable Data Breaches Quarterly Statistics Report revealed organisations had notified the OAIC of 242 breaches – 59% of which were due to malicious or criminal attacks. A further 36% were due to human error, while only 5% were caused by system faults. While 89% of data breaches compromised contact information, a worrying 42% involved financial details, 39% involved identity information and 25% involved health data.

The most common human error was sending email to the wrong person, followed by the unintended release or publication of personal information. However, the OAIC noted that data breaches involving the loss of storage devices affected the largest number of people, at an average of 1,199 affected individuals per breach.

The Australian Cyber Security Centre (ACSC) found at least 77% of cyber incidents during the quarter occurred due to the theft of credentials such as usernames and passwords.

More information is available from the OAIC and the ACSC.

So what are the lessons for small businesses from the launch of the scheme and the April-June report? The key is to recruit or build security capability internally to comply with the requirements of the data breach notification scheme. The second is to implement robust security systems, policies and processes to minimise the risk of data breaches.

​Importantly, this is not a ‘set and forget’ exercise – these systems, policies and processes must be updated regularly to combat new threats and to ensure workers and managers remain aware of their obligations. Talk to Roger and his team of experts today on +61 2 9409 7000 to find out more about protecting your business.