Digital Business

AiiMs recommends buyers keep both eyes wide open online

By Leon Gettler, Talking Business >>

THERE IS SO MUCH Australians can do to protect themselves from online scammers and hackers. However, according to Janty Ayoub, founder and CEO of the AiiMs Group, people are not doing it.

“The first thing is that ‘buyer beware’ is the first thing that comes in at my end,” Mr Ayoub told Talking Business.

“If something doesn’t look right, don’t do it. Nothing is free in this life and when we’re purchasing online and put into a different data base and we don’t know where our data goes – and where our details go – and next minute we’re given an offer or deal like a free iPhone for paying $2 for a delivery, it just doesn’t make sense.

“So obviously that’s phishing for your information and phishing for your credit card details. You have to only purchase from trusted sites.”

Identifying trusted sites

Mr Ayoub said there were a few methods that helped users identify trusted sites. 

He said every site had a padlock near the company’s name.

“That padlock identifies whether it’s a secure site or not,” Mr Ayoub said.

“If the padlock is open, it’s a sign that it’s an unsecure site so it’s not verified. When the padlock is closed, it’s a sign that the site has been verified.”

Mr Ayoub said the AiiMs group always told client to read the reviews of websites, of companies and their offerings. This is all part of the process of due diligence.

“Type in the company’s name in Google and read what they’re about before you make that purchase,” he said.

“If they’ve had no reviews, then there is something wrong. If they’ve had five reviews and they’re all good, then that will increase your trust signals.

He said it was also important that people checked the terms and conditions of the product and service the company is offering.

Mr Ayoub said this was something that most Australians did not do.

“Unfortunately [about] 82 percent of online buyers don’t read the terms and conditions,” he said. “They’re more interested in knowing price, delivery, how fast something can come and the terms and conditions are among the smallest read pages on a site pre-purchase.”

He said terms and conditions were also governed by Common Law, so there was some consumer protections, but there were still problems.

“Again, it’s buyer beware. You are always told to read the Ts and Cs,” he said.

Check the URL itself

Mr Ayoub said another thing people could do to protect themselves from scammers was to check the URL of the site. With that information, people can do Google searches and see whether the company is a legitimate business, he said.

He said it was vital that the URL had a padlock on it.

“If the padlock is open, then it’s not a trusted site,” Mr Ayoub said.

“That business hasn’t applied the right principles of security online.”

He said “not being savvy” was no longer an excuse for people not to take precautions

“Online has come a very long way at helping anyone of any language and of any tech background to make a purchase and view a product online,” Mr Ayoub said.

“Across the whole world, we’re seeing a very big rise in hackers and scam artists playing on the vulnerability of people not being tech savvy.

“By not being tech savvy, you don’t understand – when you click a link or are asked to click on something -- that the technology being used is there to basically extract all of your personal information. It could be from your bank account, it could be from your driver’s licence.”

www.aiims.com.au

www.leongettler.com 

 

Hear the complete interview and catch up with other topical business news on Leon Gettler’s Talking Business podcast, released every Friday at www.acast.com/talkingbusiness.

https://play.acast.com/s/talkingbusiness/talking-business-22-interview-with-janty-ayoub-from-aiims

ends

Four clear ways a roll out of Digital IDs would benefit Australians

THE Australian Government’s push to accelerate the rollout of a nationwide digital identification system (Digital ID) is gaining momentum, with several Ministers supporting its implementation.

The Digital ID system aims to provide a secure and convenient way for Australians to verify their identities online and access government services.

The recent review of the myGov service portal by David Thodey, former CEO of Telstra and IBM Australia, has further fuelled the call for faster implementation of Digital IDs in Australia.

Mr Thodey said Digital IDs would revolutionise the way Australians interact with government services, providing a range of benefits to individuals, businesses, and government agencies.

Digital IDs are not only beneficial for individuals and government agencies but are also crucial for businesses. They provide a secure and reliable method of identity verification, offering businesses an unparalleled level of security measures that effectively safeguard their personal data and privacy.

In addition, Digital IDs offer businesses a trusted means of complying with regulatory requirements for identification purposes, ensuring that they meet strict regulations regarding customer identification and verification.

Many industries and sectors, such as financial services, healthcare, and government agencies, are subject to strict regulatory requirements. Failure to comply with these regulations can result in significant penalties and reputational damage for businesses.

Code Heroes CEO and founder, Brendt Sheen said, “Digital IDs are crucial for businesses as they provide a secure and reliable method of identity verification.  

“The implementation of Digital IDs offers businesses an unparalleled level of security measures that effectively safeguard their personal data and privacy and also provide businesses with a trusted means of complying with regulatory requirements for identification purposes, ensuring that they meet strict regulations regarding customer identification and verification.”

Drawn from reports on the development of a Digital ID system for Australia, here are four ways that Digital IDs will benefit Australians and businesses:

 

Provides you with complete control over your personal data 

Digital lDs offer users complete control over their personal data and the freedom to decide exactly what information to share, with whom, and when, all through the convenience of a mobile app that can also act as a gateway to government services. 

The freedom of choice on what information you would like to share also means that users can limit the amount of personal information shared, thereby reducing the risk of identity theft and privacy breaches.


Boosted security measures

Digital IDs are built on advanced encryption technology, making them more secure than traditional ID cards, which can be lost, stolen or counterfeited. 

The encryption technology used ensures that personal information is protected by several layers of security measures, making it virtually impossible for unauthorised users to access the information. This high level of security gives users peace of mind, knowing that their personal information is being handled safely and appropriately.

 

Streamlined business processes

Digital IDs significantly streamline business processes by providing a secure, efficient and user-friendly way for businesses to verify the identity of their customers. It will enable businesses to easily and quickly verify the identity of their customers without the need for in-person verification or manual processing of identity documents.

It eliminates the need for lengthy and complex account opening and customer onboarding processes, which can be time-consuming and costly for businesses.


Regulatory compliance

Digital IDs will play a critical role in helping businesses comply with regulatory requirements for identification purposes. Many industries and sectors are subject to strict regulatory requirements regarding customer identification and verification, including financial services, healthcare, and government agencies. Failure to comply with these regulations can result in significant penalties and reputational damage for businesses.

By using Digital IDs, businesses can ensure that they meet these regulatory requirements, providing a secure and reliable way to verify the identity of their customers. 

Digital IDs offer a range of advanced security features, such as encryption and multi-factor authentication, which help businesses to protect against fraud and other risks associated with identity theft.

www.codeheroes.com.au

ends

Have you already given away work secrets on ChatGPT?

Curious about how ChatGPT can help you at work? Be careful what company information might be given away while experimenting, warns UNSW Business School professor, Rob Nicholls.

 

OPINION by Rob Nicholls >>

WHETHER IT’S MILD CURIOSITY or the business imperative of starting to use artificial intelligence (AI), as part of a unique selling proposition, many people now use ChatGPT, either at work or at home.   

When it launched, the user-friendly AI large language model went from zero to 100 million users in only 60 days. Since then, Microsoft has invested $US10 billion dollars in start-up Open AI and embedded GPT4 into Bing. Dedicated Bing apps with GPT4 are now available on the App Store and the Play Store.  

Part of the user experience of OpenAI’s ChatGPT is that AI tools can generate really useful text from a specific prompt, making for possible opportunities to save time in the day-to-day at work with machine learning – for example, when writing emails.  

You can even use the job description provided in an advertisement to get ChatGPT to write the ‘perfect’ cover letter. Or the staff member from People and Culture can generate the “perfect” job advertisement for LinkedIn from the scratchy brief provided by the business unit.   

 

Trying out ways ChatGPT can be used comes with some risks at work

As a starting point, let’s look at the example of the job advert.  

If the role is one which is commonly advertised, then little is lost by sharing the form of the job description with a couple of hundred million other uses of ChatGPT. 

But if the job description includes information which could be used by a competitor to identify your business, then the risks are significantly higher (especially if recruitment is an important part of insider business strategy in your workplace).   

With companies like Samsung having recently been stung by staff members inadvertently giving away material via ChatGPT, it is important to consider the risks carefully before using it at work.  

 

And just like that – the code was gone  

This issue is particularly challenging if staff members have started using ChatGPT as part of the code development process.   

It’s really appealing to do so. One of the great aspects of ChatGPT is its automation use case in reducing coding time in software development projects for programmers.

This can be done at a design level, “How do I sort job application letters using Natural Language Processing in Python?” or at the code level, “How do I use Gaussian Naive Bayes in scikit-learn?”.   

(One really useful feature is the ability to paste code in as a prompt to ask ChatGPT to improve it. This is as simple as “what is wrong with the following code?”. ChatGPT can even recognise the coding language that you’re using!)  

The problem is that ChatGPT can then include the material that you have used as a prompt to improve its answers in the future, ‘training’ the algorithms. This is precisely what happened to Samsung developers who used ChatGPT to both improve code and keep meeting notes.  

Material that would have been regarded as some of the most sensitive by Samsung was available to developers outside of Samsung, simply because Samsung engineers used ChatGPT to decrease their development time.   

 

Will GPT4 make using ChatGPT at work riskier?  

The latest in the GPT series after GPT3, GPT4 has an incredibly accurate voice-to-text feature. But the risk of the text becoming part of the training set to improve the generative AI is high.  

It’s a simple way to both transcribe work meetings and, even better, to generate the minutes before the end of the meeting. However, the transcription will also be part of the GPT4 ecosystem before the end of that meeting. There have been news headlines about Italy’s decision to ‘ban’ ChatGPT over privacy concerns.   

Essentially, the argument made by Italian authorities is that the data collected by ChatGPT was in breach of the European General Data Protection Regulation. However, and consistent with other European countries, it seems likely that Italy will walk back from this approach by the end of April. The only change required will be to have an age verification (over 18) check on users.  

Generative AI uses billions of data points in order to be able to create text on a predictive basis. It improves in response to user feedback. The challenge faced by businesses that employ curious people is that this feedback may include company confidential material.   

The solution is simple in theory, but much harder in practice. If material would not normally be disclosed outside of the business, it should not be used as a prompt for ChatGPT or for Bing.   

The practical difficulty with this rule is that search engines, including Google with its generative AI called Bard, are an essential business tool. The issue may be to decide whether search engines are there to provide information, or to provide answers.  

 

So, I should avoid using ChatGPT at work?  

Not sure what you should (and shouldn’t) share with our friend, ChatGPT? Try this simple test:  

Is the output of the ChatGPT session a document that would normally be regarded as confidential by your business? Then it should not be shared on ChatGPT.  

If you did write your cover letter or resumes using ChatGPT, the AI system used to filter applicants could also run your cover letter through GPTZero. This online tool from Open AI can detect whether text was written by a generative AI by examining that text’s ‘perplexity’ (a measurement of the randomness of the text) and ‘burstiness’ (a measurement of the variation in perplexity).  

But of course, the improvement in ChatGPT’s text output is challenging these tools. So, who is to say how this will change into the future with developing AI technology? 

 

About the author

Rob Nicholls is an associate professor at the School of Management and Governance, University of New South Wales (UNSW) Business School.

 

 

ends

 

Citrix warns about length and breadth of cyber security challenges

By Leon Gettler, Talking Business >>

CYBER SECURITY has become challenging now, with remote work and people working off any device.

Citrix Australia and New Zealand managing director, Martin Creighan said the problem now is that people’s personal, work and tech worlds have become more complex.

“We’re using mobile phones that have more computing power than the first space shuttle,” Mr Creighan told Talking Business.

“We’re using computers on a day-to-day basis. We’re connecting to different systems, to various organisations. We are working now from multiple places, so people are enjoying hybrid or remote work. They’re working from home or they’re working from the café down the road or they’re working from the office.

“All of that makes what we’re doing, and the job for our cyber security teams, even more complex.” 

Mr Creighan said remote work, with workers using any device, made things more complex and difficult for IT managers and chief information security officers.

“We’ve seen a proliferation over the last couple of years, as COVID hit, and everyone going remote and bring your own device to work,” Mr Creighan said. “And with multiple devices out there – devices that may not have been tested on the corporate network, or coming in and accessing the network from a wi-fi connection, or a connection that may not be secured at a corporate check.

“It just increases the complexity that IT managers have to deal with and that’s a big struggle for them.”

SURVEY BRINGS PROBLEMS TO LIGHT

As part of Citrix Australia and New Zealand’s efforts to come to terms with the new work challenges, the company conducted a survey of 250 IT leaders in Australia.

The leaders were asked whether their expenditure on cyber security would decrease with soaring inflation and the rising cost of living.

All of them said there would be no decrease. Organisations would keep spending on cyber security. They were saying that data protection, IT security and innovation would remain key areas of spending.

Most said they would spend at least as much, if not more, on these areas.

“And 63 percent of Australian IT leaders overall expect an increase in spending on data protection,” Mr Creighan said.

MEETING A CHALLENGING WORLD

The increased spending indicated in the business leaders survey was in response to a world that was becoming more difficult to manage.

“The challenge is how to do that in a world where it’s becoming more complex, because we have more people accessing our data and other sources of data from multiple devices in multiple places at multiple times,” Mr Creighan said.

He said a lot of cyber security incidents were the result of people not paying attention to what they were doing. So they click a link they think will take them to an important application or a fake banking application link.

As a result, he said, 63 percent of security breaches were caused by human error.

The other big challenge for companies and cyber security professionals was that the cyber ‘crooks’ were now using advanced technology, artificial intelligence, robotics and machine learning to hack into systems.

“It’s this cat and mouse game of us trying to leap frog one another,” Mr Creighan said.

“As we get more tools and processes and systems in place, they’re using the tech to do bad things and we’re using the tech to try and protect ourselves.”

www.citrix.com

www.leongettler.com

 

Hear the complete interview and catch up with other topical business news on Leon Gettler’s Talking Business podcast, released every Friday at www.acast.com/talkingbusiness.

https://play.acast.com/s/talkingbusiness/talking-business-40-interview-with-martin-creighan-from-citr

ends

Nozomi Networks hosts 'Operation Cyber Crisis’ challenge across Australia tomorrow

CYBER PROTECTION group Nozomi Networks is marshalling Australian online security talent to join a first-of-a-kind series of simulated threat hunts, to protect key national infrastructure from attack, in a cyber war game scenario on December 1.

Nozomi Networks Inc. has created the event -- named Operation Cyber Crisis -- to bring together Australia’s best cyber talent to strategise in simulations how to stop cybercriminals aiming to take down key critical infrastructure.

Operation Cyber Crisis will play out two increasingly difficult cyber threat scenarios targeted against industrial systems and critical infrastructure. The challenges will incorporate elements of cyber reconnaissance, operations security, and malware analysis, putting the teams in tough scenarios to truly assess their decision-making abilities under stress. Participants will be sent a challenge coin after the event. 

The event will be run and managed by retired United States Marine Corps (USMC) Colonel Bill Hagestad II, a China cyber espionage expert who has worked extensively with the FBI and the SANS Institute.

“Operation Cyber Crisis is more than just fun, it’s about testing your cyber skills and building up your preparedness in the face of an attack,” Colonel Hagestad said.

“The crisis control team has formulated the game based on real-world threats and are on hand to analyse and evaluate each move the teams make. It’s a game of strategy and skill, but most importantly it shows the participants how their cyber skills will hold up when confronted with a serious threat.”

The games will be an opportunity for Australia’s top cyber minds to flex their problem-solving muscles and demonstrate and assess the best ways to counter incoming attacks.

Practising for real-world events builds up specialists’ cyber resilience, helping them be better prepared for the serious and rapidly evolving cyber landscape, according to Nozomi Networks regional manager for Australia and New Zealand, Ameen Al-Majzoub.

“As Australia looks to fill up to 30,000 cyber roles in the next few years, quality of training at all levels becomes so important," Mr Al-Majzoub said.

"This is a series of lifelike scenarios combining multiple attack methodologies together and will be an invaluable experience for any cyber pros looking to gain an understanding of what can happen in the trenches.”

Other members of the crisis control team will include former Queensland Police operational commander of the Fraud and Cybercrime division, Brian Hay; former US Department of Justice Federal Prosecutor, Jonathan Rusch; and Nozomi Networks’ director of cybersecurity strategy, Chris Grove.

The virtual event will be held on Thursday, December 1, AEDT from 10am to 12pm.

Interested participants and spectators can register here.

 www.nozominetworks.com

 

ends

Cybersecurity remains a big problem for industry – UNSW discovers why

THE RECENT MyDeal incident is the third major cybersecurity  ‘fail’ affecting Australians. University of NSW (UNSW) digital experts are calling for Australian business to restore public confidence in Australia’s cyber capabilities – fast and effectively.

In the past three weeks, three cyber attacks resulted in identity leaks that have sent ripples around the nation and raised the concerns of UNSW Institute for Cybersecurity (IFCYBER) chief scientist and professor, Sanjay Jha.

“Has the triple-A of cyber security (authentication, authorisation and accounting) failed?” he asked.

In the recent MyDeal.com.au incident, early reports suggested that a compromised credential, most likely related to elevated users, was used to access a database storing user information. The attack led to the scrambling of 2.2 million customers’ data, which included email addresses, full names, phone numbers, delivery addresses and some customers’ birthdates. 

In an interview with Channel 9 News, Professor Jha said, “… the breach raises serious concerns for the end user's confidence in using online services and poses a serious challenge for the industry”.

“Compromised credentials should not provide easy access to malicious actors when multi-factor authentication (MFA) is in place,” he said.

“You would expect more stringent authorisation and access control and network partitioning to protect these critical assets.”

SAFELY NAVIGATING THE DIGITAL WORLD

Following basic practices on Cyber Security Guidelines listed by the Australian Cyber Security Centre can help a business to protect its systems from cyber threats.

Arash Shaghaghi, a senior lecturer in cybersecurity from the UNSW School of Computer Science and Engineering and UNSW Institute for Cybersecurity, said it was evident from the recent attacks that some industries were not adopting the latest research on cybersecurity fast enough.

“Users’ data is collected by various services without any control from the end user, and often the data collection to join these services is excessive – leaving end users vulnerable and with limited options when a serious breach occurs,” Dr Shaghaghi said.

“Other parts of the world are investing heavily in technological measures such as self-sovereign identity (SSI), where users would have better control over who had access to what part of user identity and other information. 

“SSI gives individuals control over the information they use to prove who they are to websites, services and applications across the web,” Dr Shaghaghi said.

“We need to enhance investment in practical research and think of measures that facilitate the adoption of the latest technologies to reinforce our resiliency against the growing number of attacks targeting Australia.”

THE OPTUS CASE

Last month, 10 million Optus customers experienced a similar fate when cyber criminals hacked into the system, stealing personal details such as passport ID and driver licence numbers. It was reported in the media that the breach suggested an open port without authentication, for testing purposes, was left in the production version.

Unfortunately, these problems are well-known to the industry, Prof. Jha said.

“About five years ago, we were white boxing early versions of Philip Hue bulbs and Phillip Hue Bridge. We found that you could control these devices through such open ports,” he said.

“This was reported to the company who fixed the problem in their future version.  A simple penetration testing of servers before deployment could have potentially made such attacks difficult, if not impossible.” 

Prof. Jha is also concerned about the state of risk assessment and authorisation processes across the industry and said further stringent penalties for negligence would go a long way.

Often these processes were a box-ticking exercise in an Excel spreadsheet, and many conducting these tasks do not have adequate background in cybersecurity, he said.

“This re-emphasises the need for quality education along with more research in quality tools to improve these processes,” Prof. Jha said.

“My team is working on such tools for a Distributed Energy Resource Management Security project at UNSW funded by Cyber Security Cooperative Research Centre.

“Cyber security is a cat-and-mouse game. Researchers and industry experts need to come together in Australia and work closely to build stronger and more resilient capabilities that help safeguard businesses and users in today’s world of cyber war and cyber terrorism.

"We need to regain the community's confidence in our cyber capabilities.”

www.unsw.edu.au

ends

Contact Us

 

PO Box 2144
MANSFIELD QLD 4122