ChiefIT.me Magazine - July/Aug 2016 by MySecurity Marketplace

May/June 2016

www.ChiefIT.me | July/August 2016

AUSTRALIAN SECURITY MAGAZINE

Now is the time for multi-modal biometrics

Cloud Infrastructure & Security

Trust and stealth in the cloud

A new weapon for Australiaâ&#x20AC;&#x2122;s Data detectives

Help from above: UAVs preventing shark attacks

The greatest threat to your business

Big data = Big business = Big risk

PLUS

$8.95 INC. GST

TechTime, Quick Q&A, Cyber Security and much more...

CYBer SecurITY

Do we have IT right?

18-20 October

The Four Points Hotel - Darling Harbour National Conference 2016

From the War Room to the Board Room, HuntsmanÂŽ Defence Grade Cyber Security Platform delivers: Advanced Threat Detection and Incident Response Continuous Compliance Serious Cyber Security ROI

Proven in the most secure and sensitive environments within the intelligence, defence and criminal justice networks across the 5 Eyes community.

LEARN MORE TODAY 1300 135 897 huntsmansecurity.com

Contents Editor's Desk 5 Creating a culture of security to defend against social engineering attacks

Executive Editor / Director Chris Cubbage Director / Co-founder David Matrai Editor Tony Campbell Art Director Stefan Babij Correspondents Sarosh Bana Adeline Teoh

MARKETING AND ADVERTISING T | +61 8 6361 1786 promoteme@australiansecuritymagazine.com.au

Creating a professional development plan in information security

What we can do about ransomware - today and tomorrow

Verizon data breach

Locating a new weapon for Australiaâ&#x20AC;&#x2122;s data detectives

Trust and Stealth in the cloud

Now is the Time for multi-modal biometrics

Help from above: UAVs preventing shark attacks

HUNTSMAN: Building a security intelligence centre

Digital Identity

How cloud infrastructure is making enterprise more secure

The greatest threat to your business today

Page 8 - Social engineering attacks

Singapore Feature Security in Singapore

Netevents APAC summit review

SMART facilities Management Solutions

FORTINET FEATURE

TechTime - the latest news and products

SUBSCRIPTIONS

T | +61 8 6361 1786

Page 14 - Ransomeware, today and tomorrow

subscriptions@mysecurity.com.au

Copyright ÂŠ 2016 - My Security Media Pty Ltd 286 Alexander Drive, Dianella, WA 6059, Australia T | +61 8 6465 4732 E | info@mysecurity.com.au E: editor@australiansecuritymagazine.com.au All Material appearing in Australian Security Magazine is copyright. Reproduction in whole or part is not permitted without permission in writing from the publisher. The views of contributors are not necessarily those of the publisher. Professional advice should be sought before applying the

OUR NETWORK

CONNECT WITH US

Like us on Facebook and follow us on Twitter and LinkedIn. We post about new

www.facebook.com/apsmagazine

issue releases, feature interviews, events

www.twitter.com/apsmagazine www.linkedin.com/groups/Asia-PacificSecurity-Magazine-3378566/about

Page 30 - Help from above

and other topical discussions.

Correspondents* & Contributors

www.youtube.com/user/MySecurityAustralia

Page 40 - Security in Singapore

www.asiapacificsecuritymagazine.com

John Lord

John Kendall

James Valentine

Brian Henke Also with

www.drasticnews.com

Christopher Hadnagy Terry Neal Alan Zeichick Simon Hill Tom Patterson

www.australiansecuritymagazine.com.au

www.youtube.com/user/ MySecurityAustralia

4 | Chief IT Magazine

www.cctvbuyersguide.com

Adeline Teoh*

Tony Campbell*

Sarosh Bana*

Tim Mayne*

David Stafford

Editor's Desk

“The race to market has seen industry giants such as Tesla, Volvo and Google getting rubber on the road long before all the glitches and bugs are ironed out.”

echnology is remodelling our lives, faster today than ever before, but with rapid transformation comes challenges and ethical dilemmas that we may not be equipped to confront. The question is, should we stop and allow society to catch up or do we press on regardless? It wasn’t that long ago that self-driving cars were the purview of futurists, science fiction writers and Hollywood, but now we see advanced trials all over the world. Just last month, chief executive of the National Roads and Motorists’ Association (NRMA), Rohan Lund, petitioned the federal government to grant the private sector rights to trial autonomous cars. These self-driving vehicles would integrate inter-vehicular peerto-peer networks and road-based smart sensors to provide the data inputs the systems need to make critical decisions. We know trialling of these technologies is happening elsewhere, such as the fleet of self-driving electric buses already ferrying passengers around the Swiss city of Sion. At the beginning of the year, driverless cars were tested in London, as well as three other UK cities (Bristol, Coventry and Milton Keynes). Incidentally, the UK government invested over £8m (around $14.2m AUD) in a jointly funded initiative with UK industry to make this happen, so these kinds of initiatives do require governments to jump in and fuel the fires of innovation. The technology has well and truly arrived and, by all accounts, it’s working very well. However, this uncharted sea of artificially intelligent automata making decisions that have real life and death consequences are concerning. Can the software developers give their users the assurance that they’ve considered every

eventuality? The race to market has seen industry giants such as Tesla, Volvo and Google getting rubber on the road long before all the glitches and bugs are ironed out. A recent tragic example of what can go wrong occurred early in July, an incident that is now being investigated by U.S. law enforcement. In this unfortunate and tragic accident, Californian resident Joshua Brown was killed while driving his Tesla Model S with the Autopilot feature engaged. A Tesla spokesperson said that the Model S had been unable to recognise, “the white side of the tractor trailer against a brightly lit sky.” Tesla also said, “Had the Model S impacted the front or rear of the trailer, even at high speed, its advanced crash safety system would likely have prevented serious injury as it has in numerous other similar incidents.” A tragic accident, for sure, and in this case, the software was incapable of saving Brown’s life, but in this kind of situation, who might be to blame? Maybe the accident would not have occurred if Mr Brown had been in full control of the car. The truth is that we will never know. What we do know is that these kind of questions amongst the insurance industry and law enforcement are rife, particularly regarding attribution. Which party is guilty in the situation of this tragic crash? Now there’s a third perspective that must be considered: could a faulty software application or sensor be to blame? Would this make Tesla guilty or does their software license agreement negate their guilt? What if a sensor fails and the error’s not picked up by the engine management system, leading to a fatal crash? Who’s to blame then? Maybe the garage that did the last service, or maybe Tesla for not having built a robust enough

system? Maybe it’s the owner’s fault for not overriding the Autopilot, or maybe it’s the thirdparty driver who was involved in the crash? What happens if it’s two cars running on Autopilot, who’s to blame then? Attribution of guilt is a massive issue, something that won’t be solved anytime soon. With the vast number of systems already connected to the so-called Internet of Things (IoT), we already see we’re not prepared to deal with the myriad issues. This month’s main feature comes from Simon Hill, where he takes a look at how the IoT is helping build smarter police forces. In the not too distant future, every single police officer and their equipment and vehicles will act as sensors in a massively connected law-enforcement IoT network. But how will jurisdictions ensure they fully integrate, analyse and disseminate all of the information they capture, to ensure they can act on the intelligence they garner? We’ve included some interesting articles on career planning in the cyber security industry, Verizon’s recent data breach report, and we look at some of the most insidious threats we face in the connected world, from social engineering and ransomware. Dangerous waters are ahead, but with level heads and stable leadership, anything’s possible. Until next time, be safe. Yours sincerely, Tony Campbell CISSP Editor

Chief IT Magazine | 5

Regional

Don’t miss Closing Keynote Speaker Sir Bob Geldof! Musician, Businessman, Activist

Connect with the best minds in information security. Join infosec professionals and industry leaders at RSA Conference 2016 Asia Pacific & Japan. Over the course of three days, you’ll gain the latest knowledge, see the most advanced products and interact with some of the smartest cybersecurity professionals. What will you experience at RSA Conference 2016 Asia Pacific & Japan? • • • • •

Demo solutions from over 100 exhibitors Listen to inspiring keynotes from Sir Bob Geldof, Amit Yoran, Matthew Alderman and others Attend over 50 engaging sessions across five tracks Take part in full-day, hands-on tutorials led by the SANS Institute Choose from two half-day Wednesday Summits that focus on eCommerce issues in the Asia-Pacific region • Experience a cyber-wargame exercise in the Learning Lab

Register for RSA Conference 2016 Asia-Pacific & Japan before 18 July and save $100 off a Full Conference www.rsaconference.com

Supported by: 6 | Chief IT Magazine

Managed by:

Held in:

Regional

Protection from the core to the edge and beyond Today’s threats attack your network from all angles:

Nationwide Partner Network

•

DDoS (distributed denial of service) at the gateway

•

Ransomware sneaking through via your wi-fi access points

•

Viruses via social engineered email

•

Zero-day threats coming at you via BYOD (bring your own device) and IoT (internet of things) enabled devices.

It’s simply not possible to protect your data, applications, users and network with a heterogeneous security approach. Today’s fast moving threats require a single, unified, centrally-managed security fabric that ties everything together under a comprehensive secure access architecture. Welcome to the world of Fortinet.

Comprehensive Solution Set Fortinet’s solution portfolio, consisting of scalable and powerful next-generation firewalls, secure access points, analysis and management consoles, client-side security, advanced threat protection, automated realtime security updates round the clock and more, is built around the world’s only secure operating system, FortiOS 5.4. And powering all of these devices is the FortiASIC CP9 Content Processor which provides the largest number of connections per second in the industry and deep content inspection with low latency. With Fortinet, you get world-class security combined with lightning-like speeds.

Security doesn’t just happen. Fortinet’s nationwide network of fully-accredited and highly-experienced Partners are with you with at every step of your security quest. Starting with the complimentary CTAP (Cyber Threat Assessment Program), Partners can quickly audit your security profile and identify where any potential vulnerabilities might exist and recommend costeffective strategies to harden your defences. And once you have upgraded your security profile, Fortinet’s Security Subscription Service ensures that your defences are always up-to-date.

AT A GLANCE •

World-class security solution set & technology

•

Nationwide Partner sales and support

•

Real-time, automated 24x7 security updates

•

Regular enhancements, updates and innovation

•

Cost-effective, comprehensive and manageable

FORTINET AUSTRALIA Level 8, 2-10 Loftus Street Sydney NSW 2000 TEL 02 8007 600 anz_marketing@fortinet.com

www.fortinet.com

Continual Improvement The bad guys don’t sleep. And neither does Fortinet. Driven by the 200-plus staff at the global constellation of FortiGuard Labs, Fortinet is constantly upgrading, improving and enhancing. New products, which can be quickly integrated into your security landscape, are released almost every month. Fortinet is extending their intellectual property. Their recent acquisition of AccelOps in June will result in FortiSIEM which will in turn provide deeper transparency across the network. And their policy of soliciting thirdparty competitive evaluations means that Fortinet is confident that their products can stand up to the most stringent scrutiny.

Getting Started Fortinet’s Australian team and Partner network is ready, willing and able to help you secure your network. It all starts with a call. Our contact details are listed. Talk to us. It’s a call you have to make.

FORTINET SECURITY FABRIC PERVASIVE & ADAPTIVE SECURITY FROM IoT TO THE ENTERPRISE TO CLOUD NETWORKS

Chief IT Magazine | 7

Cyber Security

Creating a culture of security to defend against social engineering attacks By Christopher Hadnagy

8 | Chief IT Magazine

he Fifth Annual Benchmark study on Privacy and Security of Healthcare Data by Ponemon Institute (https://www2.idexpertscorp.com/fifthannual-ponemon-study-on-privacy-security-incidentsof-healthcare-data) has recently revealed what others have long perceived: There has been a shift in the root cause of data breaches from accidental to intentional. While 90% of healthcare organisations represented in the study had experienced a data breach, for the first time, criminal attacks are the number one cause of these breaches. Criminal attacks are highly targeted. When it comes down to it, attackers will stop at nothing to break into an organisation. They will use whatever means necessary to infiltrate, especially if those means are low risk. It’s far easier for attackers to bypass technical controls and exploit human nature to breach an organisation than to compromise a network surrounded by technical controls. Unfortunately, there is plenty of overlap between the proactive criminal and the unsuspecting employee that really adds fuel to the fire. Despite the balance of breaches shifting to criminal activity, organisations are beginning to recognise the importance of starting with employees first. According to Ponemon’s study, the data backs this up, as healthcare organisations rank employee negligence as a top concern when it comes to the exposure of patient data. Employee negligence goes far beyond the occasional lost or stolen laptop. What about when an employee accidentally discloses confidential data? A whopping 70% of Ponemon survey respondents admitted that careless or negligent employees are responsible for the most concerning security incidents

impacting their organisation, but what can be done to help? Also, in Australia, the Australian Signals Directorate has openly acknowledged that Social Engineering tops the list of threats to Australian businesses, so it’s a true concern and one that doesn’t have an easy answer. Ask yourself, do your employees know what a phishing email is? Is there a process in place for the verification of a caller’s identity? Do you have a process in place to report security incidents? If you’re unsure of the answers to one or more of these questions, odds are you are not engaging in a culture of security. What does a culture of security look like? A culture of security begins with active testing and training of employees for security awareness. Employees who know they are being actively tested have heightened awareness for security initiatives and are more apt to shut down an attempt to exfiltrate information or breach confidential client data. Buy-in for the culture of security should start at the top of the organisation and build down: this makes it the responsibility of each and every employee to contribute to this culture of security. Exposure, exposure, exposure! Not only should organisations implement continuous training initiatives, but they should also work to publicly reward employees who successfully respond to or report security incidents.

Cyber Security

Try publishing regular blog posts, try sending out organisation-wide emails, post your messaging on the corporate bulletin board, try handing out gift cards as prizes for staff who demonstrate they understand the security needs of your business and publicly recognise those who embrace it and live these values. A bit of positive reinforcement goes a long way. About the Author Christopher Hadnagy, is the founder and CEO of SocialEngineer, LLC. Chris possesses over 16 years experience as a practitioner and researcher in the security field. His efforts in training, education, and awareness have helped to expose social engineering as the top threat to the security of organizations today. Chris established the worldâ&#x20AC;&#x2122;s first social engineering penetration testing framework at www.social-engineer.org, providing an invaluable repository of information for security professionals and enthusiasts. That site grew into a dynamic web resource including a podcast and newsletter, which have become staples in the security industry and are referenced by large organizations around the world. Chris also created the first hands-on social engineering training course and certification, Advanced Practical Social Engineering, attended by law enforcement, military, and private sector professionals.

â&#x20AC;&#x2DC;To add to complication, organisations are gradually increasing their budgets and resources to protect both their data, however, not enough investment is being made in human capital to address the evolving threat landscape. Itâ&#x20AC;&#x2122;s time for organisations to start investing in a culture of security that makes employees the first line of defense.

Chief IT Magazine | 9

Cyber Security

Creating a professional development plan in information security By Terry Neal CEO InfoSec Skills Ltd.

orking in cyber security is a viable career option for anyone who wants to give it a try. It really doesn’t matter what you do to earn a crust since the varied nature of the industry means there is a place for you and your skills, as long as you have the will and the passion to go for it. With cybercrime on the rise and a global shortfall of information security professionals, the billions of dollars that online thieves are stealing from our businesses every year are making company directors wake up to that the fact that then need someone on the insider that can defend their castles. Home-cooked security measures or, worse, selfassessments by unqualified IT staff, only serve to create a false sense of security in business, which is currently one of the biggest factors contributing to small to medium size businesses being compromised. This quote from the Simpson’s sums it up nicely: Marge: “Homer, I don’t want you driving around in a car you built yourself ” Homer: “You can sit their complaining, or knit me some seatbelts” It was with great relief that we saw the new national Cyber Security Strategy (https://cybersecuritystrategy.dpmc.gov.au/) focusing on the skills shortage as well as the SMB market sector, with one of the five pillars of the strategy’s intent to create a Cyber Smart Nation. The government has pledged to:

“Address the shortage of cyber security professionals in the workforce through targeted actions at all levels of Australia’s education system, starting with academic centres of cyber security excellence in universities and by increasing diversity in this workforce.”

10 | Chief IT Magazine

This means that newly qualified information security professionals will have a route to market themselves to these companies that previously would not have seen the need until it’s too late, while helping establish Australia as the digital hub of Asia that it wants to be. So, the questions remains, how do you get a job in Cyber Security? Let’s start by looking at the diverse set of roles available, covering both management and technical roles, and see what skills will be the most useful in your quest for this exciting new career. The fact is, most people, and many even I the security business already, don’t have a good grasp of the full range of diverse job roles available in both the public sector and private sector. Additionally, there is a lack of knowledge about the skill sets and skill levels that are required to deliver on the demands of these job roles, so it’s little wonder why people have problems planning their careers and selecting the most appropriate training and qualifications to get them from where they are today to the next milestone in their career. Which professional certificate should you take? You need to start by asking yourself where you are today? Then figure out where you want to be in two years’ time. It’s surprising how many people can’t answer that seemingly simple question. In Australia, the Australian Information Security Association (AISA) can help members with career development decisions, but it’s not yet as advanced in the advice it offers, at least not as much as that of the UK. Take a look at the UK Career Paths diagram here (https://www. infosecskills.com/images/Infosec_Career_Paths_v7.pdf). This shows a top level view of the industry, putting job roles, certifications and industries into perspective. We need an equivalent mapping to this in Australia, which is what AISA has committed to provide in its latest strategy, mapping out its development as a professional body until 2020. To get started, create a personal development plan for yourself. A good development plan must be carefully considered and researched to allow you to make informed decisions. You’ll need to have captured: • Where you are now: What is your current skill set and skill levels (A)?

Cyber Security

Figure 1 Bridge the skills and experience gaps to land your target job

• •

Where you want to be, i.e. what is the skill set and skill levels of your target job role (B)? What are the skill gaps between A and B?

When you have answered these questions, you can create achievable development goals with associated activities that will fill those skill gaps over time, as shown in Figure 1. Of course you are also accruing valuable experience throughout the process. Most large organisations already have job profiles and even list the professional qualifications and experience they expect candidates to have, however, the security industry being still considered in its infancy is where HR departments fall short. They often don’t understand the skill sets and skill levels required to fulfil security job roles, and certainly don’t understand the difference between a security manager, a security architect, a penetration tester, a risk manager and a security analyst. More than the sum of its parts… The first thing you need to know is that being a Cyber Security specialist is not about being technical. It’s true that some aspects of cyber demands a great deal of technical knowledge, such as penetration testing or secure coding, however, at its core, a professional security consultant’s day is increasingly filled with risk related discussions with senior executives and business representatives than purely technical matters. For sure, it’s the myriad vulnerabilities in the software and hardware we use that have created this

need in the market, but the clue is in the title as to why it’s bigger than being simply a Linux guru or Windows Active Directory aficionado. This job is all about information security, in whatever guise that information exists. If you happen to be a Microsoft operating system guru, this does not mean you are a cyber security professional; you could sell yourself as a technical security specialist (known in the industry as a subject matter expert in that domain) but unless you’re talking the language of risk and making risk-based decisions for the business, then you really are still a techie. I’m not saying this is a bad thing, because there is as valid a career path in remaining technical, but if you want to be a Microsoft Active Directory expert, then focus there and don’t try and sell yourself as something else, especially if you don’t know how to do a risk assessment. Information security is all about about the risks to the information your business manages, understanding where those risks come from, the value of the information you are managing and most importantly, how you can help the business mitigate the risks in a cost-effective manner. Decisions of what you spend money on are not driven by the technical threats alone, they are more often linked to an understanding of the holistic risk in context of the business. This means that you may be introducing new processes or removing technology from the environment, not just buying new products to further complicate your security landscape, and with complication comes added technical risk. Does this mean that technical people should not look to become Cyber Security Professionals? Of course not, but in the same way that people with a business background cannot (or, at least, should not) make technical decisions, technical

Chief IT Magazine | 11

Cyber Security

specialists may not have the business acumen to understand how best to spend the often mediocre budgets associated with security. Technical specialists need to gain a grounding in business communication, strategy and risk management, while the aspiring security professional with the background in management need some technical training in electronic threats, countermeasures and architectures to be effective. Starting from scratch What if you have no background in the technical security or running a business but it’s something you’re really passionate about getting into? In some ways that makes things easier. You’ll certainly need to take some training, while reading some good books and looking for an apprentice (trainee) role where you can begin to learn your trade. What’s nice about this sector is the shortage of new professionals. This might sounds like an odd thing to say, but think about it: if there is a real shortage, then you are likely to get a job and you will not be out of work any time soon. In a growth market, we are almost recession proof as long as we do a good job. I remember a conversation with an old friend who works for one of the Big 4 consultancies. He said his favourite interview question is, “What do you do at the weekend?” If a great sounding candidate (on paper) says they spend their weekend reading the paper, going for a run and partying with friends, it’s a meh, and they need to prove their capabilities some other way. The candidate who, on paper, has a lot less experience that replies saying they spent Sunday afternoon jail breaking their iPhone to see how it works, almost certainly will be hired. The point is that information security is a calling. People who do it usually love it – I can’t name a single person who doesn’t enjoy their job and that’s is certainly worth stating again: I don’t know anyone in the information security profession who is unhappy with their job. InfoSec, the Career of Choices In such a varied space, setting your sights on a strategic goal is the best way to start. If you want to be a penetration tester, then you’ll need extensive training in both the underlying computer systems you intend to specialise in and the methods hackers use to penetrate these systems. You need to learn about vulnerabilities and how to exploit them, how to code in certain languages, such as C#, Python, PHP or VBA, and you need to develop skills in communicating your findings through your report writing for your client. Alternatively, if you set your sights on being a corporate executive, such as a Chief Security Officer or Chief Information Security Officer (CIO/CISO), or maybe an Information Security Manager (ISM), then you’ll need to learn not only the fundamentals of information security, such as risk management, technical controls, physical security controls and writing security policies, but you’ll also need great soft-skills in written English. You’ll be required to write business cases, present to the board of directors, be great with customers and have the training required to work with the media. When a security breach occurs, it’s often the CISO that speaks to the news channels and discusses its impact. This can be a highly rewarding career but comes with

12 | Chief IT Magazine

a great deal of responsibility and accountability, so may not be for everyone. Another great role to aim for is a Security Architect, where you advise technical teams on technical security during the architecture and design phases of projects. This is a highly technical role (much in the way of a penetration testing role is highly technical) but comes with a great deal of dependency on the architect having business and engineering skills. You need to be able to properly elicit security requirements, something that is often overlooked by developers, drive those requirements into the designs via use cases, and ensure that security is considered right through the development lifecycle, from inception, through live service, to decommissioning and eventual asset destruction. The security architect advises on policy matters as well as technical matters, being a jack of all trades, but unlike that saying, he is not a master of none, he also needs to be a master of many. The security architect role is very demanding on the individual and continual training and education is essential to make sure they keep up with the technical changes and challenges affecting the general IT market as well as the political and business imperatives that are driving change in the community, such as the move to cloud computing or the initiatives hitting certain business where IT managers are moving to a bring your own device (BYOD) model. The security architect advises the CISO on the best technical measures to take and how policy should be written to mandate certain practices, then works with the technical teams to ensure implementation is effective in delivering the risk mitigations. Aligning Skills with Job Roles If you want to take this seriously, it’s time to find a tool to help you develop your career plan. Until AISA comes up with one that’s appropriate to the security industry in Australia, you can use the UK’s equivalent organisation’s Skills Framework (Skills Framework), which provides a high-level structure of skills and competencies expected of information security and information assurance professionals. It can be used to underpin and support your professional career development. Using this framework anyone can build a skills profile for their current skills and skill levels (referring back to Figure 1) and if a target job role had a skills profile (B) then you could compare A to B and identify the skill gaps that need to be filled. Take a look at the IISP Skills Profiler (https://www. infosecskills.com/Profiler) as a self-assessment tool designed to help security professionals understand their skill sets and skill levels to inform decisions on professional development and training. This provides easy access to the IISP Skills Framework, resulting in a digital skills profile that can be compared to target profiles. If every organisation defined job roles using such a framework, then job vacancies could have a detailed skills profile attached, against which applicants could compare their profile, identify any gaps and then at least know what they need to do to achieve that role. Let’s hope that AISA can become the hub of our industry over the next few years and align with these kinds of frameworks used successfully elsewhere.

PRESENTING THE 14TH ANNUAL

National Security Summit

Policy, Surveillance, Interoperability

30 – 31 August 2016 | Vibe Hotel, Canberra PRESENTATIONS FROM: Chief (Ret’d) Mike Fisher, Former Chief of US Border Patrol, CEO, Scorpion Security Services LLC Colonel Tom Hanson, Assistant Chief of Staff, G-7, US Army Pacific Dr. Marc Siegel, Commissioner, Global Standards Initiative, ASIS International Lieutenant General Angus J Campbell, DSC, AM, Chief of the Australian Army Michael Pezzullo, Secretary, Department of Immigration and Border Protection Admiral (Ret’d) Chris Barrie AC, Former Chief of Defence Force, RAN, Adjunct Professor, Strategic and Defence Studies Centre, Australian National University Nicole Seils, Head of Government Relations, Lockheed Martin Australia & New Zealand Assistant Commissioner Wayne Buchhorn, Investigations Division, Australian Border Force Assistant Commissioner Neil Gaughan APM, National Manager Counter Terrorism, Australian Federal Police Jacinta Carroll, Head, Counter Terrorism Policy Centre, Australian Strategic Policy Institute Professor Peter Leahy AC, Director, National Security Institute, University of Canberra Dr John Moss, National Manager Intelligence, AUSTRAC Tony Antoniades, Head of Export Control and Security, BAE Systems Australia

LANYARD SPONSOR:

CONFERENCE SUPPORTER:

Todd Smithson, Chief Security Officer & Technology Control Manager, Thales Australia

www.informa.com.au/nationalsecurity

MEDIA PARTNER:

Cyber Security

What we can do about ransomware - today and tomorrow APAC countries must take note of the prevalence of ransomware attacks in the U.S. and Europe. The good news is that tools and technologies are emerging to combat these cybercrimes. By Alan Zeichick Principal Analyst, Camden Associates.

14 | Chief IT Magazine

ansomware is a huge problem that’s causing real harm to businesses and individuals. Technology service providers are gearing up to fight these cyberattacks – and that’s coming none too soon. In March 2016, Methodist Hospital reported that it was operating in an internal state of emergency after a ransomware attack encrypted files on its file servers. The data on those servers was inaccessible to the Kentucky-based hospital’s doctors and administrators unless the hackers received about $1,600 in Bitcoins. A month earlier, a hospital in Los Angeles paid about $17,000 in ransom money to recover its data after a similar hack attack. According to the CEO of Hollywood Presbyterian Medical Center, Allen Stefanek, “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key.” As far as we know, no lives have been lost due to ransomware, but the attacks keep coming – and consumers and businesses are often left with no choice but to pay the ransom, usually in untraceable Bitcoins.

The culprit in many of the attacks — but not all of them — is a sophisticated trojan called Locky. First appearing in 2013, Locky is described by Avast as using top-class features, “such as a domain generation algorithm, custom encrypted communication, TOR/BitCoin payment, strong RSA2048+AES-128 file encryption and can encrypt over 160 different file types, including virtual disks, source codes and databases.” Multiple versions of Locky are on the Internet today, which makes fighting it particularly frustrating. Another virulent ransomware trojan is called CryptoLocker, which works in a similar way. Ransomware is a type of cyberattack where bad actors gain access to a system, such as a consumer’s desktop or a corporate server. The attack vector might be provided by downloading a piece of malware attached to an email, visiting a corrupted website that runs a script that installs the malware or by opening a document that contains a malicious macro that downloads the malware. In most ransomware attacks, the malware encrypts the user’s data and then demands an untraceable ransom in order to either decrypt the data or provide the user with a key to decrypt it. Because the data is

Cyber Security

“The U.S. Federal Bureau of Investigation received 2,453 complaints about ransomware cyberattacks in 2015, which the FBI says cost the victims more than $24 million dollars in ransom. Who knows how many people quietly paid and didn’t tell anyone, because of shame, perhaps, or lack of knowledge about who to tell?” encrypted, even removing the malware from the computer will not restore system functionality; typically, the victim has to restore the entire system from a backup or pay the ransom and hope for the best. As cyberattacks go, ransomware has proven to be extremely effective at both frustrating users and obtaining ransom money for the attackers. Beyond the ransom demands, of course, there are other concerns. Once the malware has access to the user or server data… what’s to prevent it from scanning for passwords, bank account information, or other types of sensitive intellectual property? Or deleting files in a way where they can’t be retrieved? Nothing. Nothing at all. And even if you pay the ransom, there’s no guarantee that you’ll get your files back. The only true solution to ransomware is prevention. RANSOMWARE’S SCOPE AND IMPACT The U.S. Federal Bureau of Investigation received 2,453 complaints about ransomware cyberattacks in 2015, which the FBI says cost the victims more than $24 million dollars in ransom. Who knows how many people quietly paid and didn’t tell anyone, because of shame, perhaps, or lack of knowledge about who to tell? One top network security vendor, Wedge Networks, has seen huge growth on the carrier networks that its service monitors. “On those networks”, says CEO James Hamilton, “We saw a 100% increase in the observed number of ransomware attacks detected in 2015 versus 2014, and a 50% increase in mobile ransomware from Q4 2015 to Q1 2016.” Wedge Networks is an Alberta, Canada-based company with extensive customer deployments across Canada, the United States and Asia Pacific. Mr. Hamilton explains that “Last year, our customers in Canada reported more ransomware attacks (as a percentage) than we observed in the U.S. In APAC, Japan and Taiwan are experiencing a slower increase in ransomware than we’re seeing in Southeast Asia, possibly due to more mature and advanced security practices in those markets.” Mr. Hamilton continues, “Just last week I was discussing

ransomware with a service provider planning to roll out Security-as-a-Service in a major Southeast Asia market and they stated that ransomware has become more widely active in their country over the past 12 months. Previously it was very infrequent, but they are seeing it spread rapidly.” Jason Steer, EMEA Solutions Architect for Menlo Security, based in Menlo Park, Calif., explained that while consumers can lose important files, especially irreplaceable financial documents and personal photos, ransomware can be devastating for businesses. “For enterprises, ransomware is a major pain and slows them down from getting on with their key IT-related business functions,” Mr. Steer explains, adding that Menlo Security focuses on malware prevention. “We have met many customers where every local file and central server stored file has been encrypted by ransomware. This impacts every user accessing any central file on the network and for any user impacted it encrypts every local file on their PC as well.” The impact? “You are dependent on the age of the most recent backup and may not be able to restore every file. The cost of losing that data may be minimal or large depending on the importance of the file.” Cylance has seen some pretty devastating ransomware damage recently. A cybersecurity firm based in Irvine, Calif., the company is spending a lot of time helping its customers prevent ransomware attacks, as well as helping new victims recover from trojans. Andy Solterbeck, Regional Director APAC for Cylance, explained about Angler, a cyberattack exploit toolkit that hackers can use to customize their own attacks – kind of a do-it-yourself starter kit. The damage from Angler: “It’s currently causing 90,000 infections per day, and bringing in at least $60 million dollars per year.” There are so many attack vectors, it’s virtually impossible for a consumer – or an IT professional – to keep track of them all. Jayendra Pathak, Chief Architect at NSS Labs, a top tech security analyst firm based in Austin, Tex., says “Adobe Flash is becoming an extremely troublesome vector towards delivering ransomware. Microsoft Word attacks are also on the rise, exploiting human weaknesses in opening email attachments.” The days of paying a few hundred dollars as ransom may be over, as cyberattackers target businesses, Mr. Pathak adds. “On top of that, ransomware authors are moving to more targeted campaigns aimed at the enterprise. Asking ransom for hundreds of thousands of dollars is on the near horizon. NSS Labs has tracked thousands of infections primarily coming from drive-by campaigns.” He adds that while ransomware is a problem all over the world, it is more prevalent in areas where online payment systems are extremely common. “The United States and Europe are primarily targeted. Japan, Korea, China, and Singapore’s ransomware infection rates are relatively less in comparison to Europe and the U.S. However, APAC countries must take note of the prevalence of ransomware attacks in the U.S. and Europe. Now is the time to be embracing preventative cybersecurity measures.” THE INDUSTRY RESPONDS For consumers, the best way to prevent a ransomware attack is to be proactive. Backup often, and maintain many backups so

Chief IT Magazine | 15

Cyber Security

that recovery can pre-date the infection. Don’t click on email attachments. Use up-to-date anti-virus and anti-malware tools and services. Don’t use old versions of Web browsers that lack current protections. Disable macros in Microsoft Word and Microsoft Excel, and consider uninstalling Adobe Flash. Even then, however, there is no guarantee that systems will be protected against ransomware. In the enterprise, and on carrier networks, there are larger-scale tools that can be more effective. For example, Menlo Security offers an isolation platform that ensures that malware cannot touch the end user’s laptop, desktop or mobile computer, or infect a corporate server, explains Mr. Steer. It’s ideal for implementation by enterprise IT and security professionals. “Isolation is a new concept on the block to help organizations become more resilient to attacks. Enabling endpoints to be more secure and robust ensures they get hacked less and the fallout of data and intellectual property loss is reduced,” he says. “Gartner considers isolation as key in the malware prevention capability: It’s what administrators can do to prevent their users running into bad things through no fault of their own.” Mr. Steer continues, “The Menlo Technology eliminates the possibility of malware reaching user devices via compromised or malicious websites or documents. The user’s web session and all active content (e.g. video, JavaScript or Flash), whether good or bad, is fully executed and contained in the Isolation Platform. Only safe, malware-free rendering information is delivered to the user’s endpoint. No active content - including any potential malware - leaves the platform. So malware has no path to reach an endpoint, and legitimate content needn’t be blocked in the interest of security and all done without changing the enduser’s surfing experience.” Wedge Networks’ customers are carriers and cloud service providers, who want to detect and block malware – including ransomware – before it ever gets close to the end-customer’s network or devices. Its technology is based in the cloud, and that’s where Mr. Hamilton says security like this belongs. “One of the biggest breakthroughs is the realization that security needs to evolve from an endpoint and perimeter paradigm to a cloud-based connectivity paradigm in order to close gaps with today’s IT model,” he explains. “The network, the users, and their devices are no longer static. They are dynamic and constantly moving and changing. As a result, the only way to secure the network is to secure the connections for everything connecting to that network. This can only be achieved by moving security to the cloud-layer of the network, which has visibility of everything connecting to the network.” How does Wedge Networks’ technology protect against ransomware? “Our Wedge Cloud Network Defense was purpose-built to run in the cloud to support virtually unlimited scale, and to support the multi-tenancy operational requirements of service providers that want to offer Securityas-a-Service to their customers,” Mr. Hamilton describes. “Cloud Network Defense dynamically scales up or down cloud-compute resources to support the widely varying security workloads of their customers with efficiency and sustained performance.” In other words – it blocks ransomware trojans and related threats without affecting

16 | Chief IT Magazine

network performance or application response time. Cylance’s Mr. Solterbeck explains how his company addresses ransomware: Artificial Intelligence. “We apply the power of Machine Learning and Artificial Intelligence to the problem of malware detection,” so that even if the attack has never been seen before, Cylance’s technology can successfully block it. “CylancePROTECT predicts cyberattacks and blocks them on the endpoint in real-time before they ever execute – and that includes malware like ransomware, memory attacks, unauthorized scripts and privilege escalations that can give hackers complete access to your systems.” THE PROBLEM WILL GET WORSE The bad news is that malware, including ransomware, is on the rise. The good news is that the cybersecurity industry is responding with tools and services that can help protect businesses and consumers. Don’t get complacent, however: There will always be malware, and ransomware isn’t going away. “There is no magic fairy dust to solve this problem on the near horizon/in the near future, says NSS Lab’s Mr. Pathak. “The effective solution to combat this threat is keeping applications up to date, not putting implicit trust on anything that is received via email, disabling macros altogether, and keeping backups regularly.” Have you done your backups? If not… now is the time.

Cyber Security

Chief IT Magazine | 17

Cyber Security

Verizon data breach The 2016 Verizon data breach indicator report (DBIR) was released recently, described by Verizon as “… bigger than ever, examining over 100,000 incidents, including 2,260 confirmed data breaches across 82 countries. With data provided by 67 contributors including security service providers, law enforcement and government agencies, this year’s report offers unparalleled insight into the cybersecurity threats you face.

T By David Stafford

18 | Chief IT Magazine

he report revealed that we continue to leave our information systems exposed for many months (even years in some cases), subscribing to the age old belief that the bad guys won’t be targeting us. Really? Surely, we don’t all subscribe to that belief ? Not all attacks are targeted. In fact, a large number are simply opportunistic. And who can blame them, especially with the goldmines of valuable information just sitting out there on the Internet, ready for the taking. With a new data breach in the headlines every other week, one thing is certain: we cannot afford to leave our systems unpatched? Of all the mitigating controls used to reduce the risk of a breach, keeping systems and applications patched up to date is one of the best. It’s not necessarily the easiest, however, it is the most cost-effective. Despite this, it’s clear that we still don’t patch our environments properly, leaving most businesses exposed to some extent or another. You need to consider your entire environment. Where are all your systems? What versions are you running? Where are they located? What applications might also be exposed and require patching? All this being said, there will be systems that have dependencies of running outdated, legacy software where the replacement cost is high, so they possible need to be handled differently. Nevertheless, ignoring these issues will lead to a financial headache, and at some point you will be offering a sincere apology to your customers

when their data appears on Pastebin. In some cases, you can use network segmentation to reduce the risk, so doing nothing is not the answer. Before we look at the motivation behind attacks, one further statistic caught my eye. There is a dramatic upward trend of breaches affecting this type of asset, one that can’t be patched and somewhat unfortunately has a mind of its own. The human! Phishing campaigns yield incredible results for attackers, however, there are simple controls that can help reduce the risk. The most cost-effective and arguably simplest control is procedural in nature. A well-developed Security Awareness training and education programme will go a long way to building a security aware culture within the workplace. This will result in a reduced likelihood of phishing campaigns being successful. Credential theft will reduce as staff use more complex passwords as good practice – arising from their heightened awareness. Now to the why? The main motivator is consistent: financial gain, with espionage a fair way down in second place. However, you shouldn’t take this on face value. Banks are not the only targets for financially-motivated, unscrupulous attackers or sophisticated criminal syndicates. User information, even without bank details, has a price on the black market. Recently, LinkedIn had their dirty laundry aired for the second time, with media reporting that the stolen data, email addresses and hashed passwords, were for sale on the

Cyber Security

Figure 1- Extract from the Verizon 2016 Data Breach Investigations Report

in writing and ask to see compliance reports from testing tool. Dust off your Security Incident Response plan and review it. Have someone else review it, someone that is not in your immediate team, ensuring it makes sense and can be followed. Furthermore, run a drill. Utilise standardised incident management plans and adapt them to the Confidentiality, Integrity and Availability (CIA) needs of your systems. Lastly, consider sharing the risk report with all of the stakeholders (as well as the executive) as a means to better understand the harsh reality of what could be in store for the business. These activities will go a long way to improving your security posture and reducing the likelihood of your organisation’s data ending up on the black market, or being splashed across the front page of your local newspaper. The Verizon report, in all its glory, should be in every Information Security Manager’s toolkit. You can access it here www.verizonenterprise.com/verizon-insights-lab/dbir/2016/. There is undoubtedly a lot of information to consume within this report, information that will likely leave you shaking your head at some of the bad practices your teams may be undertaking. However, and let’s be clear about this, this report is brutally honest, which is something we should all be striving for.

Chief IT Magazine | 19

Cyber Security

Locating a new weapon for Australia’s data detectives By Simon Hill Regional National Security Lead for Esri Australia and Esri South Asia

n an era of big data, where every officer and vehicle is a sensor, how do you make sure you integrate, analyse, and disseminate this information swiftly and efficiently? How do you transform your data into actionable intelligence that radically improves decision-making at all levels? Given everything law enforcement manages has a location, analysing from this geographic starting point provides a basis for anyone – crime analysts, investigators, commanders, and patrol officers – to visualise data in a way that helps them identify, predict and ultimately reduce crime. Location-based analytics, also known as location intelligence, provides the platform for understanding the patterns, links and correlations of crimes, criminals and victims through the universal language of maps. Identifying crime hot spots Heat maps are produced by mapping crime over a period of time, using colour keys to highlight hot and cold spots. Viewing the information spatially in this way exposes underlying criminal movements and patterns in the data, particularly when it is analysed even further. For example, by setting date parameters, users can limit the heat map to a specific time period, type of stolen goods, or whether violence was used. They can then overlay further information, such as active warrants or prison releases, to identify suspects based on past criminal behaviour or location. Other layers provide insights into the dynamics of specific cities and suburbs, including events and locations that draw crime such as festivals, businesses and buildings. Ultimately law enforcers can focus their attention on specific areas to make sure police are present in the right place at the right time. The result is more effective and efficient policing

20 | Chief IT Magazine

and higher levels of service via more efficient allocation of resources. When this capability is pushed out across a department or station beyond specialist analysts, every member of the force becomes empowered by location-based analytics. So officers can access current crime analysis and suspect information while in the field or during an investigation; while command staff can use location-based analytics to understand trends, make critical decisions when crime spikes, and collaborate with other law enforcement agencies to allocate resources. Transformation of a crime capital Once the second deadliest nation in western Europe, Scotland provides a compelling case study into how location-based analytics can aid in cutting crime rates dramatically. Not too long ago, Scots were remarkably three times more likely to be murdered than their English neighbours. Scotland was declared the most violent country in the developed world by the United Nations as more than 2,000 people were subject to an aggravated attack each week. In Glasgow, Scotland’s most violent city, the local Strathclyde Police set up a Violence Reduction Unit to address violent crime by using location intelligence to prioritise the strategic, focused use of resources. Part of the solution involved collecting data from external sources, such as hospitals, fire departments, schools and social services organisations. They mapped this with other data related to factors known to impact violent crime – including poverty, housing, unemployment and environment. Hidden trends and patterns in criminal behaviour in the city were revealed, enabling the unit to understand where crimes were happening and why. Armed with this powerful insight, law

Cyber Security

“VRU’s use of location-based analytics to both understand and predict crime led to a 39 percent fall in all crime – not merely violent crime – in the Glasgow city centre. Statistics from 2015 show homicide rates in Scotland are now at

Shootings

their lowest levels since records began in the 1970s.” enforcers could make predictions about where crimes were likely to occur, so that they could discard their previous ‘needle in a haystack’ approach and better target resources to prevent them. For example, the team mapped knife-crime alongside ‘pathways’ to crime, using transport and vandalism data from bus companies to visualise previously unidentified links between the two. Consequently, the VRU was able to advise local police forces on where to establish the best locations and times for stop-and-search operations. VRU’s use of location-based analytics to both understand and predict crime led to a 39 percent fall in all crime – not merely violent crime – in the Glasgow city centre. Statistics from 2015 show homicide rates in Scotland are now at their lowest levels since records began in the 1970s. The Glasgow case study offers valuable lessons for Australia’s law enforcers on how location-based analytics can be used to develop crime-related forecasts and inform policy development.

Citizen Complaints Dashboard

Information collaboration and integration Given our often sparsely located police forces and stations, the collaborative capabilities of location-based analytics would allow you to integrate and share data effectively. This becomes even more apparent considering that keeping our communities safe requires partnerships between a range of agencies, not just state and federal police, but also intelligence agencies and defence forces. National security, for example, is a multi-department, multi-agency mission. Critical to this approach is an ‘allsource intelligence fusion’, where agencies use and contribute common data to each other. Benefits include greater economies of scale and increased efficiencies, and improved sharing of intelligence data. This leads to more efficient allocation of resources and ultimately reduced crime rates. Location-based analytics can effectively deliver this level of connectivity and sharing of static and dynamic data across agencies and organisations by bringing all this data into one common map-based picture.

Anti Robbery Detail Dashboard

Dismantling silos Similarly, location-based analytics can successfully integrate internal information silos. With unprecedented amounts of data being collected internally, the ability to share and analyse this information has never been more crucial. The advent of body and dash cameras, and technologies such as digital number plate recognition, means every individual police officer is now a sensor, collecting and streaming immense amounts of data. The fact that much of this data is hived in silos without an easily accessible linking element only increases administrative burden and, more importantly, impacts analysts’ ability to produce real-time, valuable insights to be actioned. In short, information is prevented from getting to those who need it. This was a problem faced by Canada’s Vancouver Police Department (VPD), which struggled with having large

Chief IT Magazine | 21

Cyber Security

amounts of mission-critical data stored in disparate, internal management, analysis and project systems. Apart from the resultant widespread duplication of efforts and data redundancy, these silos also hindered police investigators. Critical elements of investigations were scattered over multiple jurisdictions and could not be easily shared. Often, by the time data was located and consolidated, it was out of date and no longer useful. VPD used location-based analytics to bring this data together and, via a user-friendly geo-dashboard, provided accessibility across the department. This provided crime analysts with instant access to offender information and datasets to identify suspects, predatory behaviour, resource inefficiencies and response times. This meant they were able to focus on conducting analysis at a much deeper level, instead of spending significant amounts of time completing nonanalytical tasks. The system was also relied on heavily to plan for the 2010 Vancouver Winter Olympics, where it was used to monitor street closures and deploy police, among other tasks. The good news for the region’s law enforcers is this innovative ‘smart policing’ approach to location analytics can ensure forces are agile, responsive and intelligence-led; and able to meet the demands of the 21st-century law enforcement environment effectively. To learn more about how location analytics solutions are being used by some of region’s – and the world’s – leading law enforcement agencies to solve and prevent crime, visit: www.

22 | Chief IT Magazine

esriaustralia.com.au/ law-enforcement. About the Author Simon Hill is the Regional Industry Lead for National Security, providing leadership and industry expertise to teams across Australia, Singapore, Malaysia, Indonesia, Brunei, Bangladesh and Timor-Leste.With almost 25 years’ experience working within the defence and public safety sectors, Simon is passionate about partnering with national security agencies to help them leverage the power of geography and spatial analytics to defend borders and increase security for their respective nations.

Cyber Security 30 August â&#x20AC;&#x201C; 1 September 2016 Melbourne Park Function Centre | Australia

Transforming the underlying systems and processes to enable the digital organisation

Delivering key industry and forward-thinking experts:

James Kavanagh Chief Technology Officer Microsoft Australia

Patrick Maes Chief Technology Officer and General Manager Strategy & Planning for Global Technology, Services and Operations ANZ

Emma Whitty Vice President, Information Systems Clough

Arno Brok Chief Executive Officer Australian Information Security Association

Ajay Kumar Dhir Group Chief Information Officer Adhunik Group of Industries

Katherine Squire General Manager, Application Development ASX

Alex Adams Group Head of Infrastructure & Operations, ANZ and Asia Pacific Jetstar

Andrew Clark Vice President Asia Pacific & Global Solution Architect Moven

Nicholas Tan Chief Infrastructure Architect News Corp Australia

Cameron Gough General Manager, Digital Delivery Centre Australia Post

Rainer Rhedey General Manager Information Technology Infrastructure, Operations and Enterprise FairFax Media

Rhys Evans Delivery Manager, NAB Labs National Australia Bank

Andrew Oldaker Chief Technology Officer Melbourne Health

David Carroll Chief Technology Officer City of Adelaide

Andre Bertrand Head of IT Risk and Security SEEK

Bernard Wansink Chief Information Officer Schiavello Group

Mike Brett, General Manager ICT Infrastructure, Department of Human Services Leesa Addison, Chief Information Officer, CPL â&#x20AC;&#x201C; Choice, Passion, Life Julian Dabbs, Chief Technology Officer, Guzman y Gomez Chris Gough, Director of Digital Innovation, Department of the Environment Hartley Olley, Head of Architecture, Governance and Infrastructure, AIA Australia Andrew Hatch, Dev Ops Manager, SEEK

Addressing the biggest challenges facing IT Infrastructure managers:

Delivering effective, enabling and future-proof infrastructure Facilitating high performance, efficiency and agility across the organisation while reducing costs Harnessing the cloud and cloud-based technologies to drive and accelerate innovation Transforming legacy systems to maximise outcomes and meet current and future demands from end-users Underpinning the organisation with secure infrastructure Achieving the ultimate and most cost-effective technology mix Supporting partners:

Catherine Buhler, General Manager, Security Operations, Telstra Helen Robson, Branch Head, Technology Infrastructure, Australian Bureau of Statistics Malcolm Shore, Director, AISA Cybersecurity Academy Rob Stocker, IT Infrastructure Lead, Newcrest Mining Luke Kendall, Technology Manager, CPA Australia

See inside for more...

PLUS! Full day in-depth learning sessions on Thursday 1 September 2016

In-depth Learning Session A Ensuring optimal security across IT infrastructure on premise, in the cloud and in containers In-depth Learning Session B Applying the neuroscience for innovative and effective leadership across IT infrastructure Early Bird Offer Register before 15 July and save up to $500! Register online at www.questevents.com.au or call +61(0)2 9977 0565 Media partners:

+61 (0) 2 9977 0565

+61 (0) 2 9977 0567

info@questevents.com.au

Organised by:

www.questevents.com.au Chief IT Magazine | 23

Australian Security Industry Awards

Cyber Security

Call for Nominations

2016 RECOGNISING EXCELLENCE

Industry Partners:

Awards Ceremony & Dinner:

20 October 2016 The Westin, Sydney

Organised by:

Nominate now:

www.asial.com.au

Media Partners:

the peak body for security professionals. 24 | Chief IT Magazine

Cyber Security

REGISTRATION NOW OPEN SOURCE

LEARN

NETWORK

1000â&#x20AC;&#x2122;s OF PRODUCTS & SOLUTIONS

THE LATEST TRENDS & TECHNIQUES

WITH YOUR INDUSTRY PEERS

PRINCIPAL EXHIBITION SPONSOR

LEAD INDUSTRY PARTNER

ORGANISED BY

LIMITED EARLY BIRD PASSES AVAILABLE FOR THE ASIAL SECURITY CONFERENCE

Cyber Security

Trust and Stealth in the Cloud

Unisys’s Tom Patterson Discusses his Career as well as his latest work with Unisys

By Tom Patterson Chief Trust Officer and Vice President, Unisys

26 | Chief IT Magazine

om Patterson is Unisys’s Chief Trust Officer and Vice President of their Global Security business. He brings more than 30 years of leading-edge security experience, expertise, and innovation to Unisys, helping commercial and public sector clients tackle some of their most complex security challenges. Like many of today’s leaders in the cyber security industry, Patterson started his career working for the U.S. government before venturing into the private sector where he’s since worked as a CSO (MCC), big-four partner (Deloitte), chief eCommerce strategist (IBM), and a founder of a tech start-up, backed by the Carlyle Group. Tom has also lectured on security at the Wharton School and Cal Poly, frequently giving keynotes at corporate and government events on security matters. The common thread to Tom’s diverse security career is building trust. With his TOP SECRET government clearance, Tom also works on a pro bono basis with Congress, Federal law enforcement and the intelligence and counterintelligence communities, and has contributed to Presidential Executive Orders. Nowadays, Patterson leads Global Security Solutions at Unisys, where he has helped defend many of the world’s biggest businesses, leading both technical teams in threat intelligence and threat response, as well as consulting at the strategic board/executive level, where appropriate governance is necessary to help the business address the threats of hacking, data-loss and cybercrime. Patterson’s primary focus within Unisys is to help the company bring better products to market, since he firmly believes that, “security will either make or break technology.” Patterson is regarded by many as a cyber security leader, and is regularly invited to consult with C-level executives.

When asked what the primary issue he sees in the market, Patterson said, “It’s really hard for companies to know who to trust, since the industry is full of vendors selling the next must-have security products.” Patterson says that his outlook has always been to act in his customers’ best interests, becoming a trusted advisor that the executives can be assured he’s working in their best interests, helping ensure their strategic security direction is cogent and based on real risk reduction. Importantly, investment decisions need to be made on more than mere, “vendor brochure-ware,” so transparency and advocacy are the two pillars of his organisation’s approach and ethos, which Patterson believes are critical in helping them become the trusted advisor that executives need. The latest evolution in technology, where everythingas-a-service has shifted focus to the cloud has truly excited Patterson. Unisys has worked closely with Microsoft to help add Unisys Stealth (cloud)™ to the Microsoft Azure platform. Stealth layers additional security countermeasures into the Microsoft Azure cloud platform, helping to unify security management for anyone that wants to shift their line of business solutions into the cloud. Patterson said, “As enterprises shift from data centres to the cloud, security and efficiency are the keys to success. Unisys is pleased to add interoperability with Azure to our Stealth offerings, giving enterprises unparalleled security, greater controls, and lower costs with increased operational efficiency when working with Azure.” Unisys’s Stealth technology actually provides security to both data and applications within Azure, using a clever identity-driven encryption service to deliver its so-called “micro-segmentation”. This is a new approach to network security architecture, allowing the division of physical networks into thousands of logical micro-segments. The

Cyber Security

philosophy is that even if attackers manage to take over one micro-segment within the enterprise, they would not be able to move across to other networks. This effectively takes the old network segmentation principle that security architects have been using for decades to a whole new level, where segments are as small as single endpoints. In addition, enterprises can extend infrastructure they manage in their own datacentres to Azure using the XDC (extended data centre) capability of Stealth. This automates the shifting of secure workloads from local datacentres into Azure, which offers a real cost saving to service providers. Patterson is confident that Stealth can remove many of the roadblocks that are in the way of enterprises making the transition to cloud. It allows organisations to extend protection from their datacentres to Azure on demand, providing end-to-end encryption from local workstations, servers or virtual machines to virtual machines in Azure. The underlying encryption technology Stealth is built upon means that unprotected Azure VMs are undetectable to unauthorised users.

government organisations to solve their most pressing IT and business challenges. Unisys specialises in providing integrated, leading-edge solutions to clients in the government, financial services and commercial markets. With more than 20,000 employees serving clients around the world, Unisys offerings include cloud and infrastructure services, application services, security solutions, and high-end server technology. For more information, visit www.unisys.com.

Patterson is confident that Stealth can remove many of the roadblocks that are in the way of enterprises making the transition to cloud.

About Unisys Unisys is a global information technology company that works with many of the worldâ&#x20AC;&#x2122;s largest companies and

Chief IT Magazine | 27

Frontline

Now is the time for multi-modal biometrics at border security checkpoints

B By John Kendall Border Security Program Director, Unisys

28 | Chief IT Magazine

order security today is facing a perfect storm of challenges that requires every tool available to manage it. John Kendall, Border Security Program Director, Unisys, explores why the time for multi-modal biometrics, including face, fingerprint and iris recognition technology, has arrived. Many border security agencies have clung to outdated technologies and inaccurate assumptions when it comes to leveraging biometrics. For many, the reluctance to modernise technology at the border relates to flat budgets. For others, time simply doesn’t allow them to screen travellers effectively. Globally however, border security agencies can no longer afford to stand still in time. The sheer volume of travellers crossing borders means advanced technology must play a role in effective border security. In 2015, a record 1.2 billion people travelled overseas – up four per cent. In addition, the war in Syria has sparked the largest human migration seen since the end of World War II . This, coupled with fear caused by the recent Paris and Brussels attacks has created a dire need to efficiently and accurately monitor who enters, and leaves, each country. Multimodal biometrics are the future and border security agencies must be ready to adopt them.

Biometrics can help New ePassports include facial biometric data on the chip, so biometrics can automatically detect stolen or forged passports by authenticating the traveller against the rightful holder of the travel document. Border agencies can also use biometrics to check the traveller against a watch list of known “most wanted” persons to identify individuals of interest when entering or leaving the country. Automated clearance eGates are also capable of performing these checks quickly and accurately. Border security solutions employing biometric technology are used in many countries today including the US, UK and Australia. But these biometric solutions display little differences from those deployed 15 years ago and continue to exhibit the same shortcomings. In particular, most of the current biometric solutions are unable to detect individuals travelling under multiple identities and travel documents. This is a vulnerability that can be exploited by terrorists and other criminals to avoid detection when travelling internationally. If an individual is able to obtain a new passport (perhaps from a different country) under a new “clean” identity, then

Frontline

the chances of getting stopped by border security officers is very small.

"As a result, fingerprint biometrics is

Achieving accuracy and speed

far more accurate than facial matching.

The types of biometrics captured at most border crossings aren’t well suited for near-real time searching against very large databases (e.g., biometric records of all travellers who previously entered or exited the country). The International Civil Aviation Organization (ICAO) Document 9303 defines international standards for machine readable travel documents, like ePassports. The standard provides for the storage of three different types of biometrics on the chip – face, fingerprint and iris. Facial biometrics are mandatory, but fingerprint and iris modalities are optional. Facial biometrics work very well for performing a oneto-one verification of the traveller to the facial image stored on the chip as it is quick and accurate. However, they are not as well suited for performing one-to-many searches against a large database of biometric records because of the large number of false matches and false non-matches. For example, if a traveller’s face is compared against the faces of 100 million previous travellers, the facial matching system is likely to return a long list of possible matches against records with similar faces. A border agent then needs to manually review the possible matches to eliminate all the false matches. This is not a problem if you have lots of time, but when facing a queue of tired and frustrated travellers, time cannot be wasted. Because of the relatively low accuracy of facial biometrics, a number of countries have elected to collect and match fingerprints at the border crossing. Fingerprint image analysis detects far more feature points (or minutiae) in a single fingerprint than facial biometrics detects in a face. Fingerprint biometric matching also performs a far more mathematically complex comparison of those feature points (e.g., location, ridge direction, and distance to neighbouring feature points). As a result, fingerprint biometrics is far more accurate than facial matching. In fact, it is possible to perform one-to-many searches against a large database of fingerprint biometric records with very few false matches and false non-matches.

In fact, it is possible to perform one-to-

Real time matching essential In a border crossing situation, the biometric matching needs to be completed in, at most, a couple of seconds, or near-real time. Since fingerprint matching is computationally intensive, near-real time, large-scale fingerprint matching requires significant processing resources - which can be very expensive. So fingerprints work well for one-to-one authentication and one-to-few watch list checks, but fingerprint biometrics are too costly to perform near-real time searches against massive databases (such as the biometric records of all previous travellers). Without that capability, a known suspect travelling under a new identity and travel document can slip through the border undetected.

many searches against a large database of fingerprint biometric records with very few false matches and false nonmatches. " Iris – best of both worlds Iris biometrics offers the advantage of very fast and efficient matching with accuracy similar to that of fingerprints. As a result, it is possible and cost effective to perform near-real time iris biometric matching against very large iris databases. So how might iris biometrics be used in the border security environment? When a traveller enters or exits the country, the border agency captures an image of the iris. This is a simple process that takes a high resolution picture of the eye from up to two meters away – much like taking a photo of the face. Once the iris image is captured, the unique patterns of the iris can be quantified and searched against the entire database of previous travellers to determine whether or not that iris has been seen previously. Iris biometrics represents the best defence against individuals who attempt to enter a country using multiple identities and will go a long way towards tightening border security without delaying the border clearance process. Iris biometrics is not as well known or understood by the public as facial or fingerprint biometrics, but it is used for border clearance in the UAE and is the favoured modality for large-scale civil applications – like national identity. For example, iris is the primary biometric used for the 110 million person Mexico National ID as well as the one billion-person India National ID. Bottom Line Most border agencies try to weather the perfect storm of border security challenges using traditional biometric technologies that only address part of the security risk. With heightened security threats and a growing volume of travellers to process, there is a pressing need to expand border crossing solutions to leverage the power and cost efficiency of iris biometrics. Face and fingerprint biometrics still have a place, with many existing face and fingerprint biometric watch lists, but the time for multimodal biometrics (using face, fingerprint and iris) has arrived.

Chief IT Magazine | 29

Frontline

HELP FROM ABOVE When drones became the unsung hero in the aftermath of Hurricane Katrina,

Australia’s most prominent lifesaving advocate realised UAVs could be the key to preventing shark attacks and coastal drownings in treacherous waters.

A By Adeline Teoh ASM correspondent

ustralia has surfer Mick Fanning to thank for an enhanced shark handling reputation. In July 2015, when Fanning encountered a shark during a competition in South Africa, he punched it until he could escape on a jet ski. The surfer had the benefit of the competition’s support crew to thank for the swift rescue but other Australians aren’t so lucky. As a large island with a long shoreline, Australia has hundreds of remote, unsupervised beaches where encounters with sharks and potential drownings may occur. Records for 2015 show 33 encounters between humans and sharks: in 25 cases the human sustained an injury, and two of those were fatalities. Shark attacks are headline news and heightened public awareness led to political support for a new kind of technology: the Little Ripper, an ocean-faring patrol and rescue drone, part of the NSW Government’s $16M shark strategy. The man behind this technology is Kevin Weldon AM, who is relatively unknown in the technology industry but much better known as Australia’s most prominent lifesaving advocate. A life saving lives Weldon’s life, in a nutshell, has been spent in some form or another saving lives. Aged 15 he joined Queensland’s Pacific

30 | Chief IT Magazine

Surf Club as a surf lifesaving cadet, working his way through the ranks to eventually become president. In 1971, convinced of the value of lifesaving training and advocacy, he founded World Life Saving, a volunteer-led organisation, which later merged with its French counterpart, the Fédération Internationale de Sauvetage Aquatique, to become the International Life Saving Federation. Weldon became ILSF’s inaugural president. Despite spending a lot of his time in and around Australian beaches, Weldon didn’t conceive of Little Ripper during a surfing session or a few rounds with a shark but in the aftermath of Hurricane Katrina more than a decade ago. Following the hurricane, New Orleans flooded and many people were trapped in their homes, forced to wait for help. Some managed to climb onto roofs to signal for helicopters, while others could not. The US Army used two unmanned aerial vehicles (UAVs), more commonly known as drones, to manoeuvre through the flooded streets to find those others who required help. “There were basically mini helicopters manned by the army, coming from the skunk works of Defense,” Weldon explains. “They were able to go up and down flooded streets and find people not on the roof, the people the helicopters missed. They saved 5,000 lives.”

Frontline

Having seen what UAVs could do in a search and rescue situation, Weldon realised he could use the technology to support Australian lifesaving. “As the founder of two worldwide water safety organisations, I thought ‘this is the future’,” he says. Water safety Forget the shark attack headlines for a minute and consider that almost 300 people a year drown in Australian waters, far more than those who encounter sharks. Weldon believes Little Ripper, the drone technology he has developed with senior director Noel Purcell, can provide much needed support to prevent both shark attacks and many of these drownings. Little Ripper drones can patrol isolated beaches and provide rescue help in difficult terrain, such as around cliffs and headlands. Two pilots—one to drive, the other to analyse what the Little Ripper sees—can fly the FADEC (full authority digital electronics control) aircraft from a laptop at a command post. “Little Rippers can patrol all these isolated areas on a regular basis. They can be remotely manned in emergency services trailers and we can go to remote areas quickly and launch them,” Weldon explains. The two-metre long drone, which has a wingspan of 2.5 metres and a flight time of 2.5 hours, has a loudspeaker that can warn swimmers and surfers beyond earshot of beachbound lifesavers of dangerous conditions, whether a shark or a rip. It also carries a nine-kilogram rescue package comprising a flotation device, GPS unit, Shark Shield repellent and other technology to assist subsequent rescue efforts, giving precious minutes to those in trouble while helping to locate the swimmers or surfers for human rescuers. Purcell is currently in discussions with Intel to include its TCAS (traffic collision avoidance system) and ADS-B (automatic dependent surveillance broadcast) technology, which will help pilots track and control the fleet. Other tech, including its electric battery-powered motor, sensors and video capture, already comes standard.

Little Ripper will come into its own when it can monitor currently unpatrolled areas. Now it is only a matter of speeding up the deployment process—”we’ve got it down to 14 minutes but we’ll get there faster”—and training more pilots for the 40 Little Rippers to be launched in the coming year. Next time the headlines scream about shark attacks or you hear of swimmers caught in a big rip, think instead of the Little Ripper and how technology is helping humans survive the forces of nature.

Westpac Little Ripper 3 a

Eyes above water There are currently 16 Little Rippers in operation under the wings of 16 existing Westpac Rescue Helicopter Services that patrol beaches in New South Wales. This, as well as in-water sonar to track shark movements and an accompanying app showing the predators in real-time form part of the NSW Government’s shark strategy. The sonar provides underwater data, while the helicopters take a wide aerial view and the drones provide ‘eyes on the surface’. Weldon says the tests are going well. Recently the test crew placed a mannequin in the sea at an undisclosed location for Little Ripper to rescue. “The mannequin looked like a person floating and the Little Ripper had to find it. It was planted secretly and the Little Ripper found it and also found a shark not too far from it. The shark took a bit of interest in the mannequin and then swam away,” Weldon recounts. The team is now working with the Civil Aviation Safety Authority to do out of line-of-sight testing, “so we can fly them out of sight and remotely,” says Weldon, who believes

NSW Premier Mike Baird, Westpac CEO Brian Hartzer, Westpac Little Ripper Founder Kevin Weldon and President of SLS NSW Tony Haven

Tony Haven President of SLS NSW, Brian Hartzer Westpac CEO, Premier Mike Baird and Kevin Weldon Little Ripper Founder

Chief IT Magazine | 31

Cyber Security

Building a security intelligence centre The Threat

Cybercrime is a highly profitable and low risk business, which is why it’s costing the global economy more than $400 billion every year. Threats are continually evolving and scaling, making them harder and harder to detect and eradicate. The average time from infection to detection has been reported as being as high as 206 days, with a further 69 days being taken to eradicate the infection. So, what’s going wrong; why can’t the security industry combat this ever changing threat? A new buzz-term has emerged over recent months – security intelligence – coming with promises of quicker detection times and faster resolution times, at last putting our security teams on the front foot. Let’s look at whether the promise of security intelligence is simply marketing hype or is there really a progressive paradigm shift happening in the security operations centres that finally sees our analysts getting ahead of the hackers.

The Challenge

For the past two decades, our beleaguered security analysts have been fighting what can only be described as a losing battle. Every day, billions upon billions of events flood from corporate servers, workstations, network devices and applications into our security operations centres’ systems. Every single event could be the trigger our analysts need to detect an attack and start the incident response process. However, correlating attack patterns and indicators of compromise (IOCs) from this kind of data deluge is an impossible task, and it’s often the more subtle, slow-burning attacks that go unnoticed. Huntsman’s product development team has directly observed this issue within our customers’ security operations centres, seeing how even the best trained and most astute security analysts are getting burned out as they hunt for the proverbial IOC needle in the haystack of security events. Even the best, most experienced security teams can’t do everything they need to do to stay ahead of today’s ever-changing threat environment, which is why our customers have asked for help.

Automatic Threat Verification

Careful analysis of our customers’ security operations

32 | Chief IT Magazine

centres has shown that the biggest challenge modern security teams have is finding the time to do the truly valuable work they should be doing, such as hunting for cyber threats. The problem is that most investigations turn out to be nothing more than false alarms, triggered by misconfigured network devices, badly designed applications and miscommunicated system changes that create incidents, and can add up to weeks or even months of wasted effort every single year. Forrester’s recent call to action suggests that the answer is in automation. “Businesses can no longer rely on passive, manual procedures to defend against attacks.” However, the challenge remains as to how we automate the detection of real attacks while filtering out events that relate to false positives, all the time guarding against anything that might be vital to our defence (false negatives). The answer comes in our ability to operate across the security value chain ensuring analytical completeness across the entire ‘kill chain’. The latest version of Huntsman Analyst Portal® solves this problem using a variety of proven technologies, such as machine learning and predictive analytics to automate the process of incident triage and investigation, which in turn enable

Cyber Security

To learn move about Advanced Treat Verification, click here

threat verification and resolution in seconds. Our technology automatically assesses the likelihood of a threat being real by cross-correlating it with corroborating evidence from other intelligence sources for highly accurate decision making. This eliminates the large volume of false positives security analysts have to deal with, freeing them up to investigate real attacks and carry out other proactive security functions. Huntsman Analyst PortalÂŽ aggregates threat information from a variety of sources, such as endpoint security suites, application firewalls, malware sandboxing systems and network infrastructure devices to automatically provide analysts with a summary report of all relevant information so they can immediately start investigating an incident. This means that triage is significantly faster and more accurate, resulting in 90% less time being wasted.

Security Intelligence Centres

Security operations centre managers are now rewriting their standard operating procedures to make use of the extra time analysts have available. This allows them to focus on progressive, proactive threat identification (hunting) and security testing (vulnerability analysis and penetration testing). This focus on building a more defensible enterprise invariably yields better, longer-term reductions in security risk for the business and recasts the services the operations centre provides up the value chain. No longer are they providing security operations, instead they are now providing a proactive, futureproofing of the businessâ&#x20AC;&#x2122; defences akin to the work that national security agencies provide for governments around the world. With the help of Huntsman Analyst PortalÂŽ, security teams can now start looking to a brighter future where security operations centres evolve into security intelligence centres and we finally have the upper hand against the bad guys.

Chief IT Magazine | 33

Cyber Security

Digital Identity How the DTO will improve access to online government services for millions of Australians

T By By John Lord Managing Director, GBG

he Australian Digital Transformation Office (DTO) has recently published a Request for Information to understand the capabilities of local and international businesses to assist them in the design and implementation of a digital identity assurance (IDA) solution. Now is certainly the right time for the DTO to address this, as similar programs have been deployed abroad – especially recently in the UK with the ground-breaking GOV.UK Verify program. As the Australian Government looks to grow and improve online services, and as the cyber fraud landscape evolves, it is vital that the DTO addresses the digital identity verification challenge. The challenge consists of successfully verifying millions of genuine Australian citizens and residents’ identities whilst rejecting fraudsters and keeping the identification process quick and easy for the user The number of online government services is growing, and Australians increasingly expect that these services should be easy to access. In a world where consumers are familiar with everyday online banking and streamlined e-retail experiences, establishing a trusted government digital identification process that is easy, quick and secure for the user has never been more important. What’s the DTO’s plan? Rachel Dixon, Head of Identity for the DTO, recently explained that managing ‘digital identities’ means the ability for the government to trust that citizens who are logging in online or via their mobile to online government services are who they say they are. Additionally, citizens have to trust that

34 | Chief IT Magazine

the Government will deal with them in a fair and secure way. It is to provide some way for citizens to assert their existence online and with some degree of trust in both directions. The DTO is currently in the early stages of the discovery process, and is evaluating the pros and cons of several identification models. It is in the works of building an ‘Alpha product’ to verify the identity of citizens to a level that is sufficient for them to access government services. The project also involves developing a Trusted Digital Identity Framework (TDIF). The DTO will be working with both public and private sector stakeholders to develop a broader framework for trusted digital identities, better enabling them and other agencies and governments to work together. The challenges The ultimate objective for the Australian Government is to encourage citizens to manage more federal – and potentially state – related requests and processes online, to increase efficiencies and reduce costs. This is likely to have a win-win impact for both the Government and citizens, but to achieve this goal, the DTO should address two important issues: 1) Build trust in a climate of increased cyber threats Cyberattacks and data leaks are spreading in Australia, as described by many recent studies including the ACSC’s last Cyber Threat Report. As we are using multiple devices to log on to our favourite websites and apps, the potential for breaches of valuable information has widened. The growing

Cyber Security

‘The DTO is currently in the early stages of the discovery process, and is evaluating the pros and cons of several identification models. It is in the works of building an ‘Alpha product’ to verify the identity of citizens to a level that is sufficient for them to access government services.’ number of financial transactions we conduct online also incentivises hackers to try and gain access to our personal data. For citizens to use online services, you need to ensure that those services are trusted. This means guaranteeing security won’t be breached, and that your users’ personal data will be safe. As soon as sensitive data or money is involved, an extra layer of security is needed, and an extra layer of trust needs to be built. This is where using trusted third party digital identity providers can be highly valuable, meaning there is no central Government-owned database containing all its citizens’ information. If the DTO wants to provide a trusted identification process, they need to partner with the right organisations. Security can be ensured through an identity assurance solution that can verify an individual is who they say they are by referencing on demand multiple datasets from a number of accredited sources. In the UK, the GOV.UK Verify program has benefited from a competitive model, drawing from private sector knowledge and expertise in order to drive innovation in the development and provision of the service. 2) Make the identification process quick and simple, through a single best-in-class platform The Australian Government already offers a wide range of online platforms, each of which enable citizens to access specific services: MyGov, Medicare, and the Tax Office. This is a great first step. But if the Australian Government wants to encourage citizens to process more of their requests online, they need to make it easier for them, and follow a model that enables citizens to login once to a platform that redirects them to all online services whether it is related to tax issues, requests to their local councils, or managing their Medicare profile. The DTO is currently studying the relevance of a federal model. The decision they will make will impact how they need to think about their digital identity approach. Having one common platform with a choice of trusted third party identification providers would give citizens a choice in who verifies them. For now, the DTO needs to evaluate the impact of moving the three above services into one.

Taking the right approach, using the right technology You can find many identification solutions on the market today, from Single-Sign-On (SSO) to manual verification of official identification papers such as Passports or Drivers’ Licences. Each of these solutions has pros and cons, and can be proved efficient in specific contexts, but none of them are highly secure. In order to offer a trusted identification assurance service to Australian citizens, the Government needs to partner with organisations able to swiftly and reliably verify individuals, and provide them unique login credentials that guarantees they are who they say they are without having to go through the identification process again and again. The Government also needs partners able to quickly detect if an identity has been previously compromised, to prevent any loss for both parties – the Government and the citizen. This is a highly complex process. Certified IDA providers use multiple verification techniques that need a high level of expertise. For example, this can include triangulating sources of identity data and verifying somebody is who they say they are through a multitude of checks, including address and financial history, personal knowledge, and document validation. Two-factor verification is an element of this – in other words being asked for something you know as well as proving something you own. For example, you know your username and password, but you need to own a mobile phone to which a security code is sent. Biometrics: the new IDA technology…or is it? When I talk to public and private organisations looking to strengthen their digital identification processes, I often come across decision-makers considering biometric technologies. Many organisations providing online services are indeed looking into biometrics as a possible alternative solution to the conventional ‘password login’ for authentication. Biometric technology undoubtedly has an important role to play in improving service delivery and user experience, with the dual benefit of removing friction for the user and helping to reduce fraud. However is it a technology that the Government should be looking into? Yes, but when it comes to biometric verification – which can include fingerprints, voice and facial recognition – the present consumer technologies available at scale on the market are not robust enough to stand alone and ensure the level of online security vital to verifying identity in the modern age. It must be combined with other proven verification techniques to be truly successful. Regardless of the technology mix that comprises the new digital identification model, this is certainly an exciting opportunity for the DTO to transform how Australian citizens experience online government services.

Chief IT Magazine | 35

Cyber Security

How cloud infrastructure is making enterprise IT more secure

W By James Valentine Chief Technology Officer, Fronde

36 | Chief IT Magazine

hile organisations have long been aware of cloud’s ability to reduce costs and increase agility, industry commentators have debated whether cloud is secure enough to hold sensitive or private information. The key issues in the debate have been: whether cloud services are more easily compromised than on-premise infrastructure; and where the data is stored for legal purposes, also known as data sovereignty. As the debate has continued, cloud technology has leapt forward, particularly in terms of security. Unfortunately, this has coincided with a number of high-profile security breaches; notably the iCloud hack in 2014 that resulted in the release of private images of celebrities. Ironically, most security breaches affect on-premise databases as opposed to cloud-based services. Yet, because moving information and workloads to the cloud means it physically leaves the organisation’s premises, many fear that makes it inherently less secure. In fact, the cloud can offer even better security than on-

premise systems, depending on the cloud provider’s security approach. While many believe it is more difficult to secure information in the cloud, the opposite is true for a number of reasons. First, technology security products such as threat or intrusion detection, firewalls, and antivirus work just as well in the cloud as they do on-premise. Second, the potential for disgruntled or malevolent employees to damage the organisation is reduced. This is because they cannot gain physical access to the data in the same way they could if it was stored on-site. Third, and perhaps most importantly, cloud providers are well aware of the misconceptions around security and take active steps to alleviate concerns. Their data centres are usually independently-audited and they must comply with strict regulations. A significant security breach could spell a cloud provider’s demise, as their entire reputation relies on providing a secure service. This is a powerful incentive for providers to harden their security postures. Individuals have entrusted personal information to cloud-

Cyber Security

Often, organisations with on-premise infrastructure experience regular breaches. They just don’t know about it until well after the event has occurred, or sometimes not at all. Stealth attacks are successful because organisations simply don’t have the resources to devote to security. based apps for years. Organisations such as Facebook, Gmail, Dropbox, and Skype all contain sensitive personal details that present an attractive target for cyber criminals. Yet people continue to use these services because they’re convenient and relatively powerful. They offer much greater functionality and storage capabilities than a standalone device, such as a smartphone, could provide. As individuals, we readily acknowledge that Google and their counterparts are much better at protecting our data than we are. Similarly, organisations should entrust enterprise applications and services to cloud providers. Shifting as much of the company infrastructure as possible to the cloud lets internal IT teams focus on innovation and development, two areas that are sorely needed in an age of intense competition and limited resources. In most instances, cloud providers can and do invest far more in security measures than individual organisations do. They can afford to employ specialist security professionals and devote significant resources to security because that is their core business. Their security budget is therefore far larger than an organisation whose business is manufacturing or professional services, for example. Often, organisations with on-premise infrastructure experience regular breaches. They just don’t know about it until well after the event has occurred, or sometimes not at all. Stealth attacks are successful because organisations simply don’t have the resources to devote to security. They walk a fine line between having a strong security posture and still letting employees do their work without impediment. By contrast, cloud providers such as Google, Salesforce. com and NetSuite, for example, devote massive resources to security around the clock. This not only makes their services more secure than an on-premise solution, it also lets their customers concentrate on their core business rather than on battling cyber threats. It’s true that some cloud services providers are more attractive targets to hackers than the individual companies that may use their cloud infrastructure. However, this unwanted attention is usually met with a security profile designed to stand up to such threats. This sort of security posture is out of reach for most individual companies. Another potential concern some organisations have when it comes to cloud infrastructure is the question of data sovereignty. This relates to where the cloud-based data resides, and whether it is held in a data centre located in a region considered safe for the organisation’s purposes. Some types of data are required to stay within the same national borders as the company that owns them, for example, financial institutions’ data. This was a concern for Australian organisations in the past, but legislation is much

clearer than it previously was as to the particular data that is affected by sovereignty. The vast majority of organisational data is not affected by these data residency concerns. In the rare case where there is a data residency issue a number of large cloud service providers, like Amazon Web Services, offer local data centres. Given the growing capabilities of cloud platforms, and the benefits it can deliver in today’s competitive and fastpaced business landscape, companies are likely to face more risk by not moving to the cloud. Without the cost efficiencies and agility offered by cloud services, they may find it difficult to keep up with competitors. Cloud also makes it easier for organisations to budget effectively, moving much of what was previously capital expenditure into operating expenditure. Cloud providers help organisations keep pace with fast-changing licensing and distribution models, complexities of multi-element contracts, and stringent standards compliance. And, importantly, cloud providers can provide more comprehensive overarching security provisions than most individual organisations. These benefits, combined, make cloud the ideal choice for businesses looking to get ahead of their competitors.

Chief IT Magazine | 37

Cyber Security

The greatest threat to your business today Contributed by F5 Networks

or as long as digital technology has existed, there have been people who sought to exploit it for criminal gains. What once started as opportunistic email scams has evolved into highly complex, targeted operations that generate billions of illicit dollars every year. The result is a sharp rise in threats such as cyber-espionage, crimeware, web fraud, DOS attacks, and POS intrusions that threaten to destabilise organisations across APAC and beyond. Today, almost two-thirds (60%) of attackers compromise systems in just seconds or minutes, with banks, commerce portals and payment services being key targets. This is the greatest threat to your business today. The new norm There are few other industries that have been transformed by digital technology as much as finance. Digital banking consumers numbered 670 million in Asia in 2014, and that is expected to rise to 1.7 billion by 2020. Growth of internet and mobile channels for a range of banking services now averages 35% a year, while traditional bricks-and-mortar

38 | Chief IT Magazine

usage is falling at a rate of 27% across Asia. Adoption rates for mobile ranking are highest in markets like India and China, reaching 60-70% in some cases, far exceeding more developed nations like the UK and US . In short, Asian consumers are wholeheartedly embracing the digitisation of finance. But while this meteoric growth has ushered in a new era of convenience, it has also presented fraudsters with a multichannel digital playground in which to operate. “Here’s the digital paradox: organisations today are able to cover more ground, more quickly, than ever before – thanks to new digital connections, tools and platforms which can connect them in real time with customers, suppliers and partners. Yet at the same time cybercrime has become a powerful countervailing force that’s limiting that potential.” – PWC, Global Economic Crime Survey 2016 A third of organisations are now affected by cybercrime each year, and a similar number think they’ll be affected in the next two years. The range of digitised financial instruments has created a multitude of new touchpoints for criminals to access potential targets. From online banking to

Cyber Security

The majority (84%) of financial firms now rank cyber threats as one of their top business risks . 61% of CEOs are increasingly concerned about the impact of these threats on their business , any yet less than half (37%) of organisations have a cyber incident response plan in place while 32% of organisations are affected by cybercrime. point-of-sales transactions, as our lives have become more interlinked so the threats to our security have increased. According to a recent poll by The Asian Banker, the top three challenges in fighting cyber fraud today are: 1. Protection of multiple and increasing banking channels. 2. Rapid evolution of malware specifically designed to target financial institutions and their clients that are increasingly hard to detect and remove. 3. Lack of willingness from management to actively invest in cyber security measures without being driven by regulations or having suffered major losses from cyber intrusions. The majority (84%) of financial firms now rank cyber threats as one of their top business risks. 61% of CEOs are increasingly concerned about the impact of these threats on their business, any yet less than half (37%) of organisations have a cyber incident response plan in place while 32% of organisations are affected by cybercrime. And the bad news is that threats are becoming increasingly sophisticated. More than one billion personal records were illegally accessed in 2014, including health, financial, email and home address data, an increase of 54% on the previous year. 5 Most Common Threats •

•

Crimeware/Malware – Opportunistic, dynamic, sophisticated. Malware, including phishing, is a favoured tool of criminals around the world to gain access to confidential systems and information. In 2014 alone, 27 million users were targeted by 22.9 million attacks using financial malware. The recently discovered Tinbapore trojan is currently putting millions of dollars at risk across APAC. Web application attacks – Using stolen credentials and personal information, these attacks target the vulnerabilities in web applications, particularly across banks and ecommerce sites. Customers are usually redirected to false sites where their details – and eventually money – are stolen. Last year, experts found some 360 million stolen credentials for sale online . Point of sale (POS) attacks – As chip and pin have had much success in reducing card fraud, attackers have now turned their attention to the servers running POS applications. Using sophisticated algorithms, powerful botnets, and even brute force, payment data is harvested from unsuspecting organisations and turned into currency. Insider compromise – A symptom of our evermore connected world, insider threats are becoming

•

increasingly common as criminals target employees and partners (knowingly or unknowingly). Some estimates attribute more than half (58%) of all security incidents to organisational insiders. Denial of service (DDoS) attacks – Criminals are increasingly favouring this technique, which utilises huge networks of computers to overwhelm websites and force business to grind to a halt. These attacks are becoming ever more common, increasing by 149% in Q4 2015 alone.

Tinbapore Malware First detected in real time by F5 in November 2015, Tinbapore is a sophisticated evolution of the Tinba malware which is now act ively targeting banks and other financial institutions in APAC, with Singapore accounting for 30% of attacks alone. Delivered via junk email, the malware is noteworthy for its use of sophisticated algorithms which allow it to come back to life even after a command and control server is taken down. It’s harder to repair a reputation Four decades ago, some 95% of a corporation’s value was derived from tangible assets such as products, buildings and people. Today, an estimated three-quarters of an organisation’s value is intangible. In short, our newly digitised world has made a brand’s reputation and name its most valuable asset. While the financial and organisational impacts from cybercrimes are enormously damaging, the reputational risks can impact consumer and investor confidence. In some cases, a brand may never recover. Careful planning and prompt action for when, not if, your organisation is threatened can make the difference between retaining customers or losing everything. Always on, always ready While we are living in a heightened climate of fear currently, it isn’t all bad news. Consumer education about the need to safeguard personal data online is improving. Meanwhile, organisations are increasingly recognising the need for cyber security strategies that directly address the risks posed to their business. After all, prevention is infinitely preferable to cure. PWC estimates that almost half of businesses now conduct regular threat assessments, while a similar number have active monitoring or analysis of security intelligence. An impressive 58%, or almost two-thirds, have an overall information security strategy. Banks, commerce portals and payment services need a strategy that offers real-time identification, deep analysis, and across-the-board protection.

Chief IT Magazine | 39

Singapore Feature

Security in Singapore Security forms a key element of Australia’s partnership with Singapore and the private security sector should take advantage

By Chris Cubbage Executive Editor

aving had three back-to-back visits to Singapore in May, it was an opportune time to implicate myself further into this active city, with a proud people and with clear, long term prospects for continued city development and of most interest, a fast growing digital business economy. With dark clouds on the global economic horizon, if any country is set to lead the way through an approaching economic storm, it is Singapore. We have been wise to tie alongside this country’s anchor. On 29 June 2015, Australia and Singapore signed a Joint Declaration on the Comprehensive Strategic Partnership (CSP), a ten year plan to enhance strategic, trade, economic, defence and people to people links, and deepen bilateral relations for a Closer Economic Relationship (CER). The two countries announced in May they want to accelerate collaboration in innovation, science, research and technology. Regional security, defence and cyber-security are key aspects of the CER and there is naturally also an opportunity for Australia’s private security sector to sign-up and partner with Singapore’s security sector. This special report provides insight into how this may occur and why. Introduction to a global landscape The health and well-being of the global economy has direct and indirect context implications on the related security risk and threat environment. To help set the global landscape and business environment, we refer to the most recent PIMCO Secular Outlook 2016 titled ‘The Global Outlook: Stable but not Secure’.

40 | Chief IT Magazine

The PIMCO report provided a consensus that “the post-crisis global economy is just fast enough to avoid stall speed, but there is no evident or prospective source of productivity or organic demand that would support a baseline for more robust expansion. The baseline scenario is that a version of the status quo will evolve gradually” ... however, it was acknowledged “there is a material risk globally that the unconventional monetary policies in place today will be insufficient to maintain global growth, close output gaps and bring inflation to target. Furthermore, compared with the pre-crises experience, with trend growth slow and with debt levels high, there is no obvious ‘spare tyres’ available globally, if and when monetary policy exhaustion threatens global stability. In other words, the global economy finds itself today in a state of disequilibrium that has remained stable thus far only…” ( June 2016). Alongside this report, the OECD’s latest Global Economic Outlook concluded “slower productivity growth and rising inequality pose further challenges. Comprehensive policy action is urgently needed to ensure that we get off this disappointing growth path and propel our economies to levels that will safeguard living standards for all,” said OECD Secretary-General Mr Angel Gurría. Singapore is Shining Despite global downturn, Singapore has cleverly manoeuvred itself to be an important international finance and commerce hub and ranked by the World Economic Forum as the most technology-ready country in the world. A most recent example is KuangChi Science’s announcement to locate its

Singapore Feature

headquarters in Singapore. KuangChi Science was founded in 2010 by five distinguished Chinese scientists and provides a series of disruption space services and is working towards building a global disruptive space technology alliance. In addition, KuangChi Science announced a smart city objective, the Future City Strategy. Dr. Zhang Yangyang, Co-CEO of KuangChi Science, “Singapore provides an ideal innovation base and by creating an innovation headquarters in Singapore, KuangChi Science plans to further collaborate with Singaporean companies and institutes for research and development.” The strategy has been influenced by Singapore’s ‘Smart Nation’ initiative, which was launched in 2014 to make living better for all through tech-enabled solutions, harnessing ICT, communications networks, and big data. Information and communications technology allows local governments to interact directly with the community and the city infrastructure to monitor what is happening in the city and how it is evolving, and to ultimately create a better quality of life for citizens. KuangChi Science has been making investments in security, data transfer, and wireless coverage technology to help make cities smarter and better, effectively optimizing key services to improve city living around the world. HyalRoute has been one of the company’s key investments to support this goal. HyalRoute, now a part of Kuang-Chi GCI’s portfolio of technology innovation companies, is one of the most advanced network infrastructure developers and transnational telecommunication operators in the Asian-Pacific market. The company is engineering and implementing an international fiber-optic network spanning more than 1 million kilometres in length and linking 50 countries. Kuang-Chi GCI launched an international innovation fund based in Israel to invest in companies worldwide. The newly established fund had an initial investment of $50 million, which is planned to grow to $300 million over the next three years. Signing onto Singapore’s Security To facilitate the CER, Singapore will provide dedicated funding of S$25 million over five years. Australia will provide matching funding from a variety of government and nongovernment sources. Australia will also locate one of its five “landing pads” for market-ready start-ups in Singapore. This will assist start-ups to “think global” by linking them into entrepreneur and capital networks and industry value chains, accelerating their business development and growth. A pilot 1.5 Track Dialogue will bring together Government officials and academia in Australia in late 2016 to discuss regional security issues. The two countries will work together on defence science and technology, in areas including combat systems command, control, communications, intelligence integration and cognitive/ human systems integration. In the shadow of China’s militarisation of the South China Sea, these major areas of cooperation and collaboration demonstrate the extent of a fast expanding strategic defence partnership. For civil security, a Memorandum of Understanding has been signed to improve operational collaboration and

‘Kuang-Chi GCI launched an international innovation fund based in Israel to invest in companies worldwide. The newly established fund had an initial investment of $50 million, which is planned to grow to $300 million over the next three years.’ information exchange, share best practices and strengthen law enforcement cooperation in deterring, preventing and disrupting transnational drug crime. Alongside the defence and public security sector, there is naturally a strong security profession in Singapore with the Singapore Security Alliance (SSA), an Alliance amongst the different security industry associations and organisations in the country. Much like the initiative in Australia with the Australiasian Council of Security Professionals (ACSP), the SSA includes the Asian Professional Security Association Singapore Chapter (APSA), ASIS International Singapore (ASIS), International Society of Crime Prevention Practitioners, Singapore (ISCPP), Security Systems Association of Singapore (SSAS) and Conference & Exhibition Management Services Pte Ltd (CEMS), organiser of the largest security exhibition in Singapore – Safety & Security Asia (SSA) series. The principle of the Alliance is to bring together different industry authorities under a uniform community to help address security issues in Singapore. For infosec professionals, the Association of Information Security Professionals (AISP) is registered with association to the Singapore Computer Society (SCS) and Infocomm Development Authority of Singapore (iDA). ASIS International Singapore Chapter has over 200 members and the Chapter actively promotes the certification of security professionals through the Certified Protection Professional (CPP) and Physical Security Professional (PSP) programmes. (Reference: http://dfat.gov.au/geo/singapore/Documents/ australia-singapore-csp-fact-sheet.pdf ) There is a great opportunity for Australian and Singapore security and technology professionals to better collaborate and partner. As Australia’s state based legislation models continue to be sought after for reform and seek out a national model, Singapore provides an ideal partner to work with in particular to work on solving the cyber security skills shortage and upskilling the existing physical security profession. Singapore’s Economic Development Board has been nurturing key industries that are driving Singapore’s economy and will take it into the future with attractive employment prospects. One these industries includes computer security and development of professionals in the information and communications technology sector. The future of the Australia and Singapore partnership is clear and mapped out. However, it will remain on the professional security sector to collaborate and partner to take advantage of this relationship and the opportunities it provides. It could be as simple as memorandums of understanding between our primary associations but could go as far as mutual recognition of agent and consultant licenses, certifications, training and qualifications.

Chief IT Magazine | 41

Cyber Security Singapore Feature

Netevents APAC summit review Innovation in the Cloud - Enterprise is ready but is the Cloud ready for the Enterprise? By Chris Cubbage Executive Editor

42 | Chief IT Magazine

irst comes the purpose then comes the product…” explained Dr. Christian Busch, Associate Director, Innovation and Co-Creation Lab, London School of Economics, as he opened the APAC NetEvents Press & Analyst Summit with a keynote address on innovation. “If a company is able to provide a setting where they’re actually working on real challenges, real problems, real society problems, that’s actually where people will be most attracted to, particularly probably also in a poverty context or context where traditionally people wouldn’t have thought to build consumer or producer bases in.” For Anaplan’s Grant Halloran, an Australian now based in Silicon Valley, “It’s more about thinking from a customer perspective. So if you’re an IT leader today your customers are the business folks, running the company, right from the CEO through to the lines of business leaders. What are the services, from a technology perspective, that these folks need, to get their job done and to achieve the vision of the company over the long term? So that’s the starting point.” Despite the drive and purpose of innovation, Nikhil Batra, Telecom Research Manager for IDC, highlighted the Ashley Maddison breach as a notable case study of the risks involved. As a result of this breach a lot of company CEOs stepped down. There were class action law suits against the company, so much so they announced a reward for $500,000 dollars for somebody to share information on the hackers. But nothing came out of it. One interesting statistic that came out, is that one of the security companies that laid their hands on all of the data claimed to have broken down 11.2 million passwords within 10 days. And surprisingly enough that the most popular password was 123456, which 120,000 accounts had this password in the database. This should make

us think how secure is a service and how much should cloud providers emphasise and provide security to the enterprises? There was a time when the worst thing that could happen to us is a malicious code or a bug would result in a blue screen of death and we would just restart our PCs and get on with it. But now we are getting into an era of IoT and connected things, where things like the connected car is being hacked. A Jeep Cherokee was hacked in late 2015. What these cases demonstrate is that all of the connected things today that we have, be it a smart refrigerator or a smart edge-ware controller or an air conditioner controller, they’re not secure enough. We have had phishing incidents where the email has been coming from a smart refrigerator. Unless we apply ‘security by design’ then we will continue to create insecure systems, devices and connected things. EMPOWERING SMEs WITH CLOUD SERVICES The IT market is seeing the telecommunication carriers start to offer services and solutions and the model being preferred is open source, but that doesn’t mean generic. The reality is that if you’re an enterprise you are going to look to a partner to package up the open standards which makes it easier to deliver your service. Digital transformation to improve business processes through technology is not just for large enterprises and the real opportunity is in the ability to transform smaller enterprises (SMEs). Cloud is an opportunity but demands from vendors a new way to engage with SMEs. The contribution of smaller organisations to a global market is that they stand on their own in contributing to cloud service revenues. The problem is how to reach the smaller

Singapore Feature

In 2003, a group of the worldâ&#x20AC;&#x2122;s most dedicated scientists announced the completion of a 20-year project to map the entire human genome with 99.9% accuracy. organisations, as carriers realise they need to change how to do business. Be it agriculture to professional services to retail, SMEs are realising they are losing out because they are not working effectively with technology. SMEs represent well over 90 percent of all businesses in Asia. Across 14 countries they employ some 1.02 billion people and contribute around $10.9 trillion directly into the economies in which they are based. They also spend significantly as a group on ICT. While the vast majority of the ICT spend is on traditional communications services such as mobile voice, fixed-line and broadband, the growth is increasingly in cloud, virtualization, remote and applications services. According to analyst estimates, SMEs spent about $2 billion on cloud services in developed and emerging Asia Pacific in 2014, with the growth rate for cloud services for emerging Asia Pacific running at around 42%. But these statistics all appear to underrepresent and underplay both the opportunity and the impact of cloud computing services on the SME landscape across Asia. Reference: Asia Cloud Computing Association, SMEs in Asia Pacific: The Market for Cloud Computing 2015 Over time what we have seen is trust is increasingly challenged and there is no front runner in terms of SMEs trust of their technology service provider. Most small businesses in terms of cloud services are buying on a selfserve basis, but they need assistance. The other problem is the different type of demographics and a largely proportional lag by self-employed and micro businesses. It is even more difficult to reach out to micro businesses. MyRepublic, soon to be the four largest Telco in Singapore, with offices also in NZ, Australia, and Indonesia commissioned a study into what is it that SMEs are looking for from cloud providers and whatâ&#x20AC;&#x2122;s holding them back. The study found that despite initiatives, such as income tax off sets, many SMEs are too busy on a day to day basis to tap into the benefits. The richest and most supportive government in the world is in Singapore and there is funds being made available. There is $500M to offset the cloud adoption, with up to 80% of about 10,000 businesses having benefited, but there is over 200,000 SME companies. Educating SMEs not just about technology but also tapping into the potential grants the government can assist them with. IoT Stress Testing Components Software defined networking is rapidly evolving with edge analytics beginning to extract and optimise the data that is

sent back to the Data Centre for analysis. As an example, for a hotel chain, discovering the many edge points requires consideration to the need for each hotel branch optimisation, from the server and router to single appliances and the capability of collecting the data at each hotel branch. Hotels demand that they operate uninterrupted and with branch optimisation, they should have on premises computing capability and should not suffer any disruption. Transactions will continue regardless if there is a network outage. If there is an outage, the data will be transferred when reconnected. With IoT application metrics, the measures, transactions, analytics, data, and the customer can be set up with rules in different ways. Data will be of a transient nature and the infrastructure is application ready and easy for the customer to switch on or switch off services as required. We have standardised application lifecycle platforms onto the cloud and this can extend all the way to the hotel branch and the users within the hotel. When they login they see a catalogue based on the active directory and what apps, price and allows them to pick and choose apps seamlessly. These conveniences will overcome security inhibitors to cloud adoption. Latency and priority routes remain a big issue and service delivery is at the heart the challenge. Much like we can set aside road traffic for a medical emergency, and same thing is in IoT, so too do we need to have a special route available on the cyber roads and highways which are capable of stopping traffic if necessary. It should form part of the design in the interests of public safety and mission critical system integrity and reliability. With any public system there are those who will seek to compromise it. A case from Johannesburg involved thieves targeting over 400 traffic light sim cards, which had been installed as part of a networked traffic management system. The sim cards were then used to access online services at a cost of $1.2M. Despite with what has been observed and the increasing amount of investment in security, the confidence in CISOs is still relatively low. Many enterprises are still waiting to see if something will happen. The sad part in these cases of security breaches, it is often as a result of inadequate testing. The estimates of the losses is not known for some time and the loss is not immediately known. If there is a cyber-crime where passwords and accounts are stolen, they can be used by multiple groups, multiple purposes and the consequence of the loss can be long and complex. Enterprises need to take active steps to ensure security of their networks. Unless regulators step in to force enterprises to report breaches and the results then it will never be known. HOTTEST TRENDS FOR GLOBAL TELCOS Telcos (Telecommunication Carriers) have all been reporting increases in EBIT and there has been selective movement on specific virtual network functions (VNFs) with the return on investment questions still being asked. Telcos recognise that software defined networking and mission critical use cases are emerging. Enterprises also need to understand who is the cloud provider. Telcos were slow to emerge but now as the type of applications moving to the cloud are becomign more mission critical, and managing multiple cloud environments is

Chief IT Magazine | 43

Singapore Feature

Guest Speaker: Grant Halloran, Anaplan

required, then the network increasingly becomes important. Mobility has been taken for granted and there has recently been less focus on mobility with it being all but played out. The market is now preparing for 5G and Long Term Evolution (LTE) and the interest is back to B2B to drive revenues. LTE provides significantly increased peak data rates, with the potential for 100 Mbps downstream and 30 Mbps upstream, reduced latency, scalable bandwidth capacity, and backwards compatibility with existing GSM and UMTS technology. The next wave is 4.5 – and from 4G to 5G there will be more connection of everything. Few are talking about 4G standards needing to be ready but others are already talking about 5G. There is a lot of challenge and a lot of opportunity. The term telco may be extinct in 5 years as they may not own everything but they do conduct it. The very nature of the telco business is to connect people. Telcos will still need to innovate and discover what are the new business models and how telcos are going to be involved with what were previously long term capital investments to now needing to be nimble and agile. An example is how BT services the Williams Martini Racing Formula 1 team, by delivering new innovative business level services, on top of offering network services. In Asia Pacific, Colt services high frequency traders and has to deliver ultra low latency transactions and high performance networking capabilities. They use a licenced 100G network service in Japan is now offering terabyte services on the cloud provider side, with the cloud providers and OTTs driving other traffic for enterprises and customer mobile traffic. This follows a massive investment in physical resources and you don’t now need your own dark fibre to get gaming quality exchange. A common need for gaming and content servers is the need for ultra-low latency which needs high capacity networked services. Another driver has been in mining companies, which having lost $10B in market value has seen cost reductions being brought forward. The demand came to replace a third of their operation staff, and in

44 | Chief IT Magazine

the process mining companies have fast become technology companies. The same trends are being seen in other sectors, such as finance. Media and analysts were briefed across various vendors. Orange recently completed the acquisition of Lexsi through its Orange Business Services entity. Michel Van Den Berghe, CEO of Orange Cyberdefense said “Orange identified cybersecurity as one of its strategic priorities. With this acquisition, Lexsi, the Threat Intelligence Services1 company, bolsters our ability to detect, analyse and respond to the threat of cyber-attacks and positions us as a major player in this field in Europe.” Orange Cyber-defense supports more than 600 companies in France and abroad. Lexsi had more than 400 active customers and 170 experts, including the largest independent incident response team in Europe. Australian Security Magazine was further briefed on Cylance, Menlo, Dell, Ixia and Anaplan. Cylance has developed an innovative way of stopping malware before it ever executes, using a lightweight agent that predicts and prevents cyber threats using artificial intelligence and machine learning. About 3 million attributes of each file is analysed by special algorithms which are updated about twice a year. As Cylance expands beyond its initial Japanese and Australian engagement, the company has signed a further three new reseller partners in the Australian/New Zealand region. Menlo Security announced that the Menlo Security Isolation Platform (MSIP) has been selected by Fujitsu as a key component of its Global Managed Security Service. Fujitsu is combining Menlo Security’s technology with the Fujitsu Digital Business Platform MetaArc, offering gatewaytype solutions that can automatically eliminate the risk of malware infection. Ixia will integrate network visibility across private, public, and hybrid cloud environments by combining the Ixia’s virtual network taps, packet and application flow filtering, Netflow with advanced application identification and geographic location, SSL decryption, and industry leading deduplication capabilities, Ixia’s CloudLens platform provides service providers, cloud providers, and enterprises with unprecedented insight into network traffic in both physical and virtualised environments.

Cyber Security

30 August â&#x20AC;&#x201C; 1 September 2016 Melbourne Park Function Centre | Australia