Information Technology

Australia is looking to create a new national data commissioner role that will be responsible for applying the data reforms presented in the Data Availability and Transparency (DAT) Bill 2020. The DAT Bill, which is still awaiting passage, seeks to create a scheme of controlled access to public sector data. Under the legislation, data would only be shared for three purposes: Government services delivery, informing government policy and programs, and research and development. As part of making this new role official, Minister for Employment, Workforce, Skills and Family Business Stuart Robert announced that Gayle Milnes would become Australia’s first national data commissioner designate once the DAT Bill passes. The Governor-General will be asked to consider this appointment as a statutory office holder after the Bill’s passage. Milnes will be responsible for implementing the country’s data sharing and release framework, and oversee the data sharing and release activities of Commonwealth agencies. “Milnes is an experienced public service leader with an excellent record of driving nationally-significant outcomes in senior Australian Government statutory, data and regulatory roles,” Robert said. Milnes’ appointment will see Deborah Anton move on from her role as interim National Data Commissioner.

Prior to the appointment, Milnes was the first assistant secretary of the Data, Analytics and Policy Division at the Department of Infrastructure, Transport, Regional Development and Communications. She has also held other senior leadership positions across the Australian Public Service, such as CEO of the Climate Change Authority. If appointed to the statutory office, Milnes would be appointed for a period of five years. Related Coverage More

A Bill allowing Australia to directly issue sanctions against cyber attackers was unanimously passed by the Senate yesterday evening, and is set to appear before the lower house for another sign off. The Bill, colloquially known as a “Magnitsky-style” of law, if enshrined, would allow the Australian government to directly issue sanctions against individuals or entities that ban them from visiting Australia or making any investments in the country. The legislation is partly based on the United States’ Magnitsky Act, which was ratified in a bid to punish Russian officials that were responsible for the death of whistleblower Sergei Magnitsky who accused them of tax fraud. Along with targeting cyber attackers, the proposed laws also seek to allow direct sanctions against human rights abusers, corrupt officials and threats to international peace, security, and international humanitarian law. The Australian Centre for International Justice (ACIJ) lauded the move, saying it would strengthen Australia’s committee to human rights globally. “It goes without saying, targeted sanctions should be a tool for protecting against the most serious violations of human rights wherever they occur in the world. We hope the Australian government will approach the use of this new sanctions power consistently, equally and free from double-standards,” ACIJ executive director Rawan Arraf said. The types of sanctions passed by the upper house on Wednesday evening are noteworthy as they can be issued to individuals or entities so long as they fall under one of those categories of thematic concerns. Currently, Australia’s sanctions regime only allows for the issuance of sanctions that either adhere to United Nations-enforced international obligations or a country-specific approach.

If the laws are ratified, they will be reviewed by a joint parliamentary committee after three years of being in effect. Related CoverageSocial media platforms need complaints schemes to avoid defamation under Aussie anti-troll BillUnder Australia’s proposed anti-troll laws, courts would gain the ability to issue orders compelling social media platforms into disclosing the personal information of users accused of defamation.Australia to launch federal probe into big tech and the ‘toxic material’ on their platformsThe federal government’s latest crackdown on big tech will see an inquiry be established looking into their impact on the mental health and wellbeing of Australians.Telstra’s biggest cyber worry is businesses with basic single vendor environmentsOne of Telstra’s business partners with limited IT infrastructure suffered a cyber attack that the telco explained potentially put its customers at risk.Australia prioritises 63 critical technologies including quantum and blockchainAU$70 million will be put into building a new quantum commercialisation hub as part of Australia’s Blueprint for Critical Technologies.US, UK, and Australia pin Iran for exploiting Fortinet and Exchange holesAmerican and Australian authorities claim to have observed Iranian-backed attackers scanning and exploiting various systems.Australia’s new ransomware plan to create ransomware offences and reporting regimeUnder Australia’s new Ransomware Action Plan, organisations that suffer from a ransomware attack will be required to report the incident to government. More

CrowdStrike and CISA have announced a new partnership that will see the cybersecurity company provide endpoint security for the government organization — and others — while also “operationalizing” the Executive Order endpoint detection and response (EDR) initiative.CrowdStrike was chosen as one of the platforms to support the initiative at multiple federal agencies and will use its CrowdStrike Falcon platform to “secure critical endpoints and workloads for CISA and multiple other major civilian agencies.”

Executive Order (EO) 14028, which was signed by President Joe Biden in May, listed a variety of measures that needed to be taken across the government to better secure systems in the wake of the SolarWinds scandal and other breaches. Government organizations were urged to do more threat hunting, EDR, and IT modernization while also further embracing cloud technologies. George Kurtz, co-founder and CEO of CrowdStrike, said CISA is on the front lines when it comes to defending the US government’s most critical assets against evolving threats that nation-state and eCrime adversaries present. “Improving our nation’s defenses and cyber resiliency requires strong collaboration between the government and the private sector. This partnership will arm CISA and government agencies with CrowdStrike’s powerful technology and elite human expertise to stop sophisticated attacks and protect our nation’s critical infrastructure,” Kurtz said. James Yeager, a vice president at CrowdStrike, told ZDNet that CISA was looking to beef up its Continuous Diagnostics and Mitigation (CDM) program and “advance its mission of securing civilian ‘.gov’ networks and leading the national effort to understand and manage cyber and physical risk to critical infrastructure.”The White House is providing funds for the project through the American Rescue Plan and Yeager said the company was encouraging agencies to work with CISA to ensure their security program is equipped to enable proactive threat hunting and a coordinated response strategy to combat advanced threats.

“The United States and allied nations face unprecedented threats from today’s adversaries. Continuous cyberattacks on critical infrastructure, supply chains, government agencies, etc. present significant ongoing threats to national security and the critical services millions of citizens rely on every day,” Yeager said. “The federal government cannot afford to stay static amidst an evolutionary and highly dynamic threat landscape. Visibility is key. You cannot defend what you cannot see. The state of the endpoint has evolved, yielding a highly complex and expanded attack surface. As a result, we need to broaden the scope of visibility. Agencies need solutions that can collect and correlate data across multiple security layers – email, endpoint, server, cloud workload, and the network–for faster detection of threats and improved investigation and response times through automation and data analysis.”Yeager added that with the shift toward a remote workforce, security policies need to include remote working access management, the use of personal devices, and updated data privacy considerations for employee access to documents and other information. “Moreover, agencies need to employ protection measures that can quickly adapt and scale to support this modified IT landscape, by leveraging innovative tooling that is effective against all types of threats and that supports all workloads– on-premise systems, remote devices, cloud instances, and virtual machines,” Yeager explained. More

Crowdstrike published its third-quarter financial results on Wednesday, beating market estimates with solid growth from subscription customers. Crowdstrike’s total Q3 revenue was $380.1 million, a 63% increase over a year prior. Non-GAAP net income came to $41.1 million or 17 cents per share. The cybersecurity company added 1,607 net new subscription customers in the quarter for a total of 14,687 subscription customers as of October 31. That represents 75% year-over-year growth. Subscription revenue was $357 million, a 67% increase. 

Analysts were expecting earnings of 10 cents per share on revenue of $364.19 million. “CrowdStrike delivered a robust third quarter with broad-based strength across multiple areas of the business leading to net new ARR growth accelerating and ending ARR growing 67% year-over-year to surpass the $1.5 billion milestone,” said George Kurtz, CrowdStrike’s co-founder and chief executive officer. “Our outstanding results this quarter demonstrate the flywheel effect of our platform and reflect continued strong customer adoption for our core products in addition to the growing success of our newer product initiatives including identity protection, log management, and cloud. With our leading technology, unmatched platform, and approach to stopping breaches, we continue to eclipse our competitors and extend our leadership position.”Crowdstrike’s annual recurring revenue (ARR) increased 67% year-over-year and grew to $1.51 billion as of October 31. Of that, $170 million was net new ARR added in the quarter. 

In addition to adding a record number of net new subscribers in the quarter, Crowdstrike reported solid growth in the portion of subscribers adopting multiple modules. CrowdStrike’s subscription customers that have adopted four or more modules, five or more modules, and six or more modules increased to 68%, 55%, and 32%, respectively, as of October 31. For the third quarter, the company expects total revenue in the range of $406.5 million and $412.3 million.Burt Podbere, CrowdStrike’s chief financial officer, added that the company managed to maintain high unit economics while generating strong operating and free cash flow. “Given the growth drivers of our business, as well as our exceptional third-quarter performance and momentum into the fourth quarter, we are once again raising our guidance for the fiscal year 2022,” Podbere said. 

Tech Earnings More

The vast majority of Brazilian companies plan to boost their cybersecurity budgets in 2022; a new study carried out by consulting firm PwC has found.

According to the Global Digital Trust Insights Survey 2022, the increase in cyberattacks in Brazil is among the key concerns of business decision-makers in Brazil, with each threat requiring a different response, new tools and training so teams can be prepared for future incidents. This scenario has prompted 83% of Brazilian organizations to plan for an increase in spending on cybersecurity in the coming year, the research has found. This compares with the predicted rise in budgets cited by 69% of those polled. “In Brazil, both CEOs and other top executives believe the cybersecurity mission is changing and playing an important role in building trust and expanding their businesses. They now see the importance of the data they have”, said Eduardo Batista, a partner at PwC Brazil.The study suggests that 45% of Brazilian companies estimate an increase of 10% or more in investments in data security, compared to 26% worldwide. Only 14% of Brazilian leaders expressed the same levels of concern in relation to cybersecurity in 2020, against 8% worldwide. In 2021, 50% of the companies polled by PwC claimed to have allocated up to 10% of their technology budget to security-related actions.Despite the predicted rise in investments around cybersecurity, the study points to a lack of a more sophisticated understanding around third-party and supply chain risks. However, Brazil has better numbers than their global counterparts in that front. According to the research, around 24% of firms globally have little or no understanding of that type of risk, while around 18% of Brazilian companies have that level of perception, both in terms of understanding the risks and carrying out related actions.Moreover, the study points to an “expectation gap” among leaders regarding top executive involvement in cyber issues. While Brazilian CEOs say they are likely to get involved after a company breach or when contacted by regulators, other executives on their team say this is seldom the case.

According to PwC’s Batista, the top management of businesses must “ensure that risks are monitored and that the security model is simple, but efficient to prevent these risks from bringing real impacts to the company, such as the shutdown of the operation, loss of profit and damage to the corporate image.”Only a third of organizations worldwide have advanced data trust practices. According to the study, Brazilian businesses fare better for all practices, such as the adoption of processes and technologies for encryption resources. For example, 53% of the Brazilian companies polled has audited the security of third parties or suppliers, while less than half of the global companies surveyed have done so. For 77% of Brazilian leaders polled, organizations have become too complex to protect (compared to 75% worldwide). Board members, IT and security leaders are concerned that this difficulty exposes their organizations to cyber and privacy risks. The findings of the PwC study suggest a potential shift in spending attitudes towards cybersecurity in Brazil. A separate study published in February 2021 has found that most Brazilian firms failed to increase security spending through COVID-19. According to the survey carried out by consulting firm Marsh on behalf of Microsoft, 84% of organizations failed to boost their security spend since March 2020, even though 30% of those polled saw an increase in malicious attacks. More

The use of cloud computing applications has grown significantly in the last two years as the Covid-19 pandemic forced many organisations to adapt to remote working.Many of those businesses may never go back to being fully on-premises, either because they are switching to a permanently remote model or a hybrid model where employees balance their time between working remotely and working from the office.

Special Report

Managing the Multicloud

It’s easier than ever for enterprises to take a multicloud approach, as AWS, Azure, and Google Cloud Platform all share customers. Here’s a look at the issues, vendors and tools involved in the management of multiple clouds.

Read More

While this has brought benefits, the increased use of cloud applications and services also brings security risks. Employees can now access corporate applications from anywhere — and that can be exploited by cyber criminals.A successful phishing email attack, or a leaked or easily-guessed username and password, could provide an attacker with access to a user account and a gateway to the entire network. And because the user is remote, potentially malicious activity might not get picked up until it’s too late, if at all.Hybrid cloud is becoming increasingly common in enterprises, because using multiple different public and private clouds can provide benefits when it comes to agility and combining different providers to optimise environments and workloads throughout the organisation. There’s also the benefit that if one cloud service suffers an outage, the business can keep operating, because there’s the ability to keep running from multiple services.But just as cloud usage brings additional security risks if not managed correctly, this is multiplied in a hybrid cloud environment.”This complexity and these differences can lead to the opportunity for adversaries,” says Kevin Bocek, VP Security Strategy and Threat Intelligence for Venafi. 

SEE: A winning strategy for cybersecurity (ZDNet special report)The ease of setting up cloud computing accounts means it can be done by anyone — developers, administrators or other IT staff. This can be often be done without the involvement, or even knowledge, of security teams.”We’re dealing with this new environment where security teams don’t have control, and they have to really change the way that we’ve been trained for the last 20 or 30 years,” says Bocek.Some organisations, when deploying cloud based services, may believe that the security element is handled entirely by the vendor, when this often isn’t the case.

That can lead to misunderstandings about configuration and issues surrounding the security of potentially internet-facing services — and the data that could be exposed if such services aren’t secured properly.”What we’ve observed during our investigations is also a lot of misconfiguration in the cloud, and it’s coming back to the lack of skills, and ability for the people to really understand what they are doing. They are just clicking ‘next’, and they are not really looking at what they’re doing. At the end of the day, they might expose interesting information for the attacker,” says David Grout, EMEA CTO at Mandiant,  As a cybersecurity company, Mandiant is often called to investigate security incidents, a quarter of which involve public cloud assets. Like any other software, cloud-based platforms need their security managed — and that starts with applying patches and security updates as soon as possible after they become available. That’s because, just like other software and applications, vulnerabilities can be uncovered in cloud suites. And once they’ve been disclosed, cyber criminals and other malicious attackers will attempt to exploit unpatched instances — and it’s the responsibility of the cloud user, not the vendor, to actually apply these updates.”People think that they will be covered by the cloud providers, but at the end of the day, the applications are yours and you need to manage the patching,” says Grout.In order to manage and patch, security needs to be aware of what software and services are being used. If IT is procuring multiple cloud services, it can be difficult to keep track, but knowing the extent of the infrastructure is key when it comes to keeping it secure. This applies to cloud services too.”If you have a multi cloud platform — or even a single cloud strategy — at the end of the day, you need to find a way to collect all the information in one single platform,” says Grout.One of the most important things that can be done to stop attacks is to apply multi-factor authentication to all users of all cloud services. That additional barrier can protect against the vast majority of attacks that attempt to steal identities required to access cloud services.MORE ON CYBERSECURITY More

Cybersecurity companies Presidio and Crowdstrike are partnering with Amazon Web Services (AWS) for a new Ransomware Mitigation Kit designed to provide organizations with tools to deal with attacks before and after they occur. 

ZDNet Recommends

Best security key 2021

While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read More

The kit combines the security capabilities of Presidio, CrowdStrike, and AWS’ company CloudEndure, addressing the five pillars of the NIST Cybersecurity Framework.Sandy Carter, a vice president at AWS, said there is no one silver bullet when it comes to mitigating ransomware attacks and other cyber incidents but explained that protection “requires a layered approach and a team that is on top of emerging threats and capable of maximizing the benefits of industry-leading security technology such as the combination of Presidio, CrowdStrike and AWS.”The companies said the kit will provide “end-to-end white-glove service to identify and protect against cyber threats, detect, and respond to risks as they occur and recover all critical data and applications prior to the breach.”Leveraging technology from CrowdStrike and CloudEndure, the kit offers enterprises visibility and breach protection across a range of digital assets, a beefed-up cloud security foundation, detection and attack prevention capabilities, as well as response and attack mitigation tools. The kit also has backup recovery features that help organizations restore lost or compromised data. “The ability for an organization to identify and respond to cybersecurity incidents could mean the difference between a minor disruption and a potentially catastrophic event. Tens of thousands of cybersecurity events occur on a daily basis that have the potential to cripple an organization for weeks or months at a time,” said David Trader, field CISO at Presidio. 

“It’s not a matter of if your organization will experience a crippling cyber event; it’s a matter of when. Preparation is critical.”

AWS re:Invent More

Leveraging its threat analysis team’s expertise and broad visibility, VMware’s Carbon Black is rolling out a new service that helps organizations respond and contain cybersecurity threats or breaches. The new Carbon Black Cloud Managed Detection and Response (MDR) for endpoints and workloads is supported by analysts with decades of experience. They monitor and analyze data for customers in the VMware Carbon Black Cloud using advanced machine learning and algorithmic toolsets. The threat analysis team “has not only expertise derived over many years but also the ability to watch the threat landscape over a broad spectrum,” Kal De, VP and GM of VMware’s Security Business Unit, said to ZDNet. “We have approximately a million endpoints under active monitoring at any given point in time… versus an individual [at a customer organization] — their visibility is limited to what’s happening in their particular environment.”The new offering builds on the managed detection capabilities Carbon Black has offered since 2017. Now, if there’s an incident, analysts can proactively reach out to the affected customer and initiate a two-way conversation. They’ll respond to questions regarding alerts and offer recommendations for policy changes customers can take to remediate the threat. Analysts can maintain visibility on a compromised endpoint even after isolating and securing it, and they’ll continue communications until the threat is contained. MDR analysts provide around-the-clock monitoring, which Carbon Black says will help reduce security staffing pressures.”What we’re trying to do is combine machine intelligence with expert eyes that can offer a much higher degree of accuracy in responding to the signal quickly and effectively,” De said. Compared to competing for security products, he said Carbon Black offers a “much more unified boots on ground, human response.” More