Data Breaches Under Telstra Information Technology
Task: The purpose of this assignment is to find recent news that invctves information security breaches, analyse the chosen news and produce a report.
You are to researct a real life business example of your choice and the impact of IT on that business.
1) Does your chosen business need IT?
2) Why IT is important for business survival?
3) What is required to apply IT into your chosen business? (le. cost, planning, designing. equipment, installation training, etc .)
4) How does your chosen business use IT? (internally such as employees and externally such as customers, suppliers)
5) What benefits and advantages does IT bring to your chossen business?
6) What type of risks does IT bring to your chosen business? (I.e. scurity. privacy)
7) How can your choosen business maintain and monitor IT?
Telstra breaches the privacy of 15,000 customers
The business example that has been chosen over here is “Telstra information technology” based on data breach. Telstra is an Australian leading telecommunications company which offers the wide ranges of telecommunication services in all the markets. It also provides the mobile services such as 3.7 million as well as data services and 1.7 voice services. They trust that the more people stay connected there are more opportunities. They also build technology as well as the content solutions which is simple to be used. Telstra Australia is considered as the largest and the fastest mobile network. It is considered as the Australia’s leading telecommunications and the information services company and it helps the customer in improving their lives based on the telecommunications connection.
Introduction Telstra is the largest telecommunication company which provides the data and the communication services for its customers. Unlike all the other organizations Telstra has also fall within the scope of the privacy act where it has the responsibility to protect the customer information. It needs to take steps from the misuse of the customer information, loss of the information, unauthorized access of the information. The information should not be modified or disclosed to anyone. Based on the information, it was clear that Telstra had kept the personal information about its clients in the spreadsheet and those files has been hosted with the third party who provides the services and also work with Telstra. As Telstra has requested them to extend their access control in order to approve certain authorized parties. As Telstra has requested, the third party has also planned to remove the access control and by removing the access control altogether the files were made publicly available online. Later Google has indexed this file and it has been discovered on the simple search. It was found that nearly 15000 customer information such as full name, address and the phone number has been compromised. It was found that 116 downloads has been done. This was the identified security data breach in Telstra which occurred due to simple access level removal. (Reichert, 2019)
Telstra Data Breach
Telstra data breach has not occurred for the first time and it was revealed that it has compromised the private information about the customers in the year 2011, December. It has also breached the information on the same host on the same platform. The personal information of 734,000 customers has been leaked online. Telstra has said that there was error in their website search function due to which the personal information has been breached. It has accidently made these details visible to their customers through its tools. Since they take the privacy and the security information more seriously, it had disabled the Telstra tools. It was found that team has identified emails from the Telstra network to 18 customers regarding the network interruption based on the search function which has caused error in the network. It has also apologized the affected customers. (Certex International, 2019)
Adherence to the Telstra policies
Telstra Information technology needs to take responsible steps to protect its client data. Since it has already faced the similar issue it should have taken the mitigation techniques to overcome the issue. It has also confirmed that it was the low risk from the privacy perspective where only the name, phone number and the address has been exposed. Previously Telstra has taken necessary steps to protect the data from the deconstruction and the reconstruction policies. It should have taken more steps to protect the personal information. It has belief that if one security step has been taken there is no need to test it continuously. Since the digital world is changing constantly and updating, a process which has been secured at one point need not be secured throughout.
The usage of the OT along with the IT system provides major benefits. It also helps in integration of the both cyber and the physical system which exposes the new attack vectors for the hacks. The traditional IT systems are built with the strong security features where the hackers usually target the simple ways to break the system. In few cases, the network has been separated from the internet which don’t have the physical or the logical connections. Here the sensitive data such as the passwords, PIN code and the keys used for the encryption are modulated, encoded and also it’s being transmitted through the use of the IR signals. (Telstra Security Report, 2019)
Ransomware is considered as the function within the Telstra Information technology system which is used to lock the boot system. The devices are kept inoperable until those are being restored and back up. If it needs to be made operable they must make some payment. Even after the payment there are possibilities where the IT business can face the downtime in the operations and it also disrupts the supply chain. It finally leads to the loss in the finance as well as the physical assets.
IOT – Distributed Denial of Service
The distributed denial of service (DDoS) is considered as the leading one through the years. It occurs where it can able to gain the access to the connected devices through cameras, and the passwords which could be cracked easily and exploit the system with the minimal effort. The concept over here is it could install the malware on the devices by using the bots.
Explain Cyber preparation and awareness regarding Telstra Information technology
The cyber security preparation and the awareness is built on the technology as well as the business. Even though the employees are considered as the greatest asset to the organization they are also considered as the greatest problem to the organization. Usually the cyber criminals targets the employees based on their lack of their knowledge and the security practices which they carry one. There are even various insider threats which leads to the loss in the cyber security. There are cases were the corporate data is being stolen. The greatest risk to the IT security is the human error in the Telstra, the risk has occurred due to the human error. This is usually caused by the inadequate business habits and lack of understanding skills. There are possibilities for the external hack to cause the damage to the employees and trigger the incidents and cause the damages. The security awareness programs needs to be incorporated to prevent from those incidents right from the employees.
The organization also need to stay balance in providing the robust security and also delivering the stronger user experience data. They also should focus on the end user and they should check for the financial benefits by reallocating the budgets.
Increasing the security awareness to manage the risks
The increase in the security breaches leads to the loss in the productivity, corruption of the business data, the loss of the customer and the loss of the intellectual property of the Telstra organization. These issues could be mitigated based on the awareness program as well as the training. Few organizations has also reported based on the reduction in terms of the security incidents and the breaches which occurs due to the targeted programs. The targeted programs also includes the phishing email drills, the process of identifying the employees who are at the major risks and the continuous training programs.(Layton, R, 2014)
Identify the risk at the starting point
Few organizations are not well worst in adapting the frameworks overnight. It is important to recognize the issue through the use of the framework. There are various challenges which includes the ability to work with the business organizations and also to secure and support the employees. The employees needs to be capable of providing the solutions through the usage of the cutting-edge technology and also the robust business process which provides the cyber resiliency.
Improving the security performance
Based on the research, it is found that the security performance of Telstra Information technology needs to be improved to protect the data from the data breaches. The frequency of the attack might increase in the year 2019. The challenges which are being faced by the organization in terms of the security needs to be considered as the top priority. Now a days the organizations are moving towards the presumption of the breach approach. Based on the focused working, the evolution of the breach could be controlled. Two things which needs to be done by the KPI respondents is to detect the security issues and to notify the issues if it occurs. The organizations should not take too long time to detect the breach. The quantity of the attacks are increasing on the yearly basis and the costs which are associated with the breach also remain the same irrespective of the damage and the physical infrastructure and the loss to the property and based on the downtime. (Telstra Security Report, 2019).
Impact of the new regulations
New regulations needs to be enforced to view the current incident response at the regular intervals. GDPR has also enforced the rules to protect the data from the breach as well as from the incidents. It also involves the detailed workflow as well as the process. Here the incidents may be considered as the inevitable and the business needs to show the precautions in order to reduce the issues. The new regulations also includes the purchasing of the cyber security insurance policies which is considered as the additional protection of the data.
Protecting the supply chain
Telstra need to protect the supply chain through the most trusted parties. The usage of the supply chain risk and the assessments needs to be considered as the highest priority. It should have the strong incident response plan which could be used to own the third party system when it’s being connected to the ICT systems.
Telstra Information technology still has the security threats in its business operations. The research has found the two challenges in terms of the cyber security where it needs to have the ability to detect and respond to the security incidents based on the time and it also has the impact on the new technologies. The employees needs to be trained in the cutting edge technologies so as to find the issues if it occurs. Organizations needs to be more concerned based on the potential impacts when an attack occurs such as it may lead to the loss in terms of the productivity, data corruption, the organization also need to focus on the damage to the organization. Few breaches leads to the damage to the public domain and to the negative impact to the organization. The customer may also lose their confidence and it is important to focus on the preventive measures to ensure the protection of the customer data and the privacy of the information. If these steps are taken, Telstra might not face any of the issues. Telstra information technology assignments are being prepared by our information technology assignment help experts from top universities which let us to provide you a reliable assignment help online service.
Reichert, C. (2019). Telstra admits error in search function led to data breach | ZDNet. [online] ZDNet. Available at: https://www.zdnet.com/article/telstra-admits-error-in-search-function-led-to-data-breach/ [Accessed 31 May 2019].
Certex International. (2019). Telstra Breaches the Privacy of 15,000 Customers.. [online] Available at: https://www.certex.com.au/articles/2018/2/17/telstra-breaches-the-privacy-of-15000-customers [Accessed 31 May 2019].
Michael, E. (2019). Breach expectation: the new mindset for cyber security success | Telstra 2019 Security Report. [online] Telstra Exchange. Available at: https://exchange.telstra.com.au/breach-expectation-new-mindset-cyber-security-success/ [Accessed 31 May 2019].
Telstra Security Report. (2019). [online] Available at: https://www.telstra.com.au/content/dam/shared-component-assets/tecom/campaigns/security-report/TELE0394_Telstra_Security_Report_2019.pdf [Accessed 31 May 2019].
Layton, R., & Watters, P. A. (2014). A methodology for estimating the tangible cost of data breaches. Telstra Information technology. Journal of Information Security and Applications, 19(6), 321-330.
Get Top Quality Assignment Help and Score high grades. Download the Total Assignment help App from Google play store or Subscribe to totalassignmenthelp and receive the latest updates from the Academic fraternity in real time.