Telstra’s biggest cyber concern is organisations that use “Microsoft-style” environments when it comes to preventing cyber threats.
“The place that concerns us most as an organisation … don’t read anything into the fact I’m going to mention the word Microsoft, they’re probably a Microsoft-only environment. They don’t have ERPs, CRMs, they are basically a Microsoft-style environment,” said Telstra Enterprise group executive David Burns, who gave a keynote to the Trans Tasman Business Circle.
“How do we build [cyber resilience] into the tools of systems and networks that we provide … because I think we could all do the basics, and we should all do the basics but [cyber attackers] are very sophisticated players.”
He provided an example of how one of Telstra’s business partners, which he said used a “Microsoft-style” environment, suffered a cyber attack which then put the telco’s customers at risk.
“We are all very vulnerable and you and your organisation are as vulnerable as your weakest link. And that’s how we need to think about it. It is not the role of an IT organisation to protect us. It is each and every one of our roles to work out how to protect us,” Burns said.
He added that government agencies also needed to figure out how to improve their cyber resilience in an increasingly broadening cyberthreat landscape.
At the start of this month, New South Wales auditor-general Margaret Crawford revealed all of the state’s lead cluster agencies have failed to implement all Essential Eight controls. The cybersecurity policy for New South Wales government agencies was not sufficiently robust which is a cause for “significant concern”, Crawford said.
To address these cybersecurity concerns, Telstra currently provides cybersecurity services to enterprise customers and is involved in the government’s Cleaner Pipes Program. Burns, however, conceded this work would not be a big revenue driver.
“We will ask people to help us pay for that, but it’s not exactly going to be as the greatest revenue earner for us,” he said.
“It’s about protecting our environments because I think we all think of the cyber world, certainly amongst our customers, [as] not a differentiator. We want all boats to rise in a tide here. You don’t want to win by someone else being cyber attacked.”
Telstra’s concern isn’t unique. The federal government in March called for organisations to counter ransomware through using multifactor authentication and urging businesses to keep software up to date, archiving data and back-ups, building in security features to systems, and training employees on good cyber hygiene.
“All businesses have valuable data and systems they need to protect. It is vital that they establish strong foundational controls and practice good cybersecurity hygiene practices,” the federal government said at the time.