Foxtech

Microsoft's big Windows Defender ATP update: bad macros, fileless malware and faster response

Microsoft has released new feature updates to Windows Defender ATP for the enterprise that aimed at reducing the attack surface and giving security teams faster response capabilities.

The updates, detailed today, beef up Defender ATP feature “attack surface reduction” with two new rules that allow enterprise to prevent Outlook and Adobe Reader from creating child processes, which should wipe out attacks that use malicious macros in Office documents to download malware, as well as exploits for vulnerabilities in both Reader and Office.

The new additions bring the total number of attack surface reduction rules to 14, which all target common malware techniques and help defenders mitigate ransomware, untrusted executables in email, malware that attempts to steal credentials from lsass.exe — the Windows local security authority subsystem — and unsigned processes running from USB drives.

Another update aims to help defenders during a security crisis, such as a fast moving malware outbreak. The new emergency security intelligence updates can be issued by Microsoft’s Windows Defender ATP research team to all cloud-connected devices in an enterprise.

It’s a fast-track to accessing updates from Microsoft’s Defender ATP cloud, which could take the heat off security admins who might otherwise be waiting hours for updates from their own internal Windows infrastructure.

As an aside, Microsoft notes that it’s added new “dedicated detections” for malicious cryptocurrency miners, which have become a growing menace to enterprise. The Bitcoin price boom appears to be over for now, but criminals are stil looking to free-ride others' hardware for to generate some crypto-currency. A university in Canada earlier this month disabled its entire IT network for four days to halt a cryptocurrency miner that was bleeding its compute and power resources for unauthorized purposes.

Microsoft has also rolled out a new feature called “incidents”, aimed at giving responders the big picture when they’re under attack. Incidents are designed to bring some order to potentially noisy Defender ATP alerts by automatically grouping alerts that likely have been triggered by the same attack.

Incidents also groups affected machines and displays the connections between malware and infections in a graphical interface within the Windows Defender Security Center.

Microsoft claims it can save up to 80 percent of analyst time by cutting out much of the manual work that goes into correlating malicious events.

Other key recent additions include the automation of processes for investigating and remediating ‘fileless’ malware attacks, an increasingly popular method for avoid detection by executing in memory and leaving no trace on disk. This adds automated memory forensics to pinpoint memory regions that may have been used in a fileless malware attack.

Finally, Microsoft is using its acquisition of code-hosting repository GitHub to improve Defender ATP by tapping into the security researcher community who share their queries with others on the site. The queries can be used as customer detection rules, giving customers a shortcut to creating detection rules, which would otherwise require them to come up with an alert title, severity of the issue, a category, description, and recommended actions.

The Christmas phishing flood is coming

The couple weeks leading up to Christmas is always a chaotic and overwhelming time. You are attending Christmas social events, pulling late night work shifts to try and get your work finished before we all leave for that well-deserved break. Then there is the Christmas shopping, fighting those dreadful crowds to get that perfect gift for someone special. I have to say the lead up is not such a great time (No I am not a Grinch, I really enjoy the Christmas and new year break with my family – it’s just that lead up to the break that really gets under my skin).

The stress during this time of year is not just caused by the above but something even worse, as you all know I am a security professional trying to help our customers keep cyber safe in this lead-up, as this is a time of year in which cybercriminals really turn up the heat.

During these weeks you will all see a flood of system attacks and phishing scams like no other time of year. Maybe the cybercriminals have overspent on Christmas gifts this year and need to fill up their coffers with cold hard cash again before the New Year so they can meet their repayments on their mansions or Bentley they just bought and now can’t afford the repayments on (Poor cybercriminals). Okay, jokes aside I feel that the reason criminals choose this time of year to launch a big offensive is it is a really good time for them to scam money out of the unsuspecting victims.

You are all focused on leaving for your break and just want to be helpful to your fellow staff/customers, so they can all do the same. So, when Alfred or Jo from your Product development team asks you to pay a last-minute invoice, so an order can be completed before leaving for the year you just do it (you don’t notice however the email address it is coming from is not an internal address and nothing to do with them at all). What about the accounts team at one of your suppliers reaching out indicating that they have changed the primary account information that they use and to make all future account payments to the new account (you would normally verify the change request with them via phone prior to making a change like this but you just wanted to help them out and get home to get ready for your partners work party – a mistake you will certainly regret in the new year).

Look I know it’s a busy time of year and sometimes mistakes are made when we are under pressure, but have you prepared your team and business for the flood of phishing/scam emails they will certainly receive in the next few weeks? Have you done some user awareness training to help teach your teams how to pick these scams out of the flood of legitimate emails they are certain to receive?

Yes, I can see some of you rolling your eyes at me or throwing your hands in the air saying that it is too late to do anything now but that is just a cop-out. There is plenty you could still do to help protect you and your team. If you don’t have email filtering services to catch the bulk of these scam emails (yes it won’t catch them all but better to have it then not have it – Trust me on that). You can still get this implemented if you move quickly and the benefits will be far reaching as you move into the new year.

It’s a bit late to organise onsite user awareness training probably (you never know though, it would be worth reaching out to a professional to see if it could happen) but it isn’t too late to send around some basic training information to your team that can help them spot a scam email, this is something most providers of user awareness could easily assist you with to help your team be just that little bit safer.

Please do yourself and your business a favour and prepare for the phishing flood why you still can, if you don’t know where to start reaching out to me or a local security professional most will be more than happy to point you in the right direction. Competition aside we are all here in this industry to achieve the same results, make your businesses safer and reduce the risks of a cyber incident especially over the festive season.

So, let’s put some extra effort in over the next few weeks so we can better equip everyone to withstand the cyber Grinch and have a truly enjoyable Christmas and new year. Till next time…

Google+ leak affects 52 million users and G Suite users

Google has disclosed another privacy leak from Google+, this time affecting millions of users, and now says it will push forward the shutdown forward from August to April.

Today, Google revealed that another bug in its social network that exposed private details of 52.5 million Google+ users, or ten times as many users affected by the leak that Google announced in October when it revealed plans to sunset Google+ for consumers.

The latest leak was only available to developers for about one week in November, and was discovered during a routine security check, Google said in a blogpost today.

The source of the leak was an update in November that affected a Google+ API and gave app developers access to profile information on accounts that were configured by users to be private. In other words, Google shared the information with developers without gaining user consent.

Additionally, if Google+ users had willingly shared profile data with other contacts, apps had access to that data.

Information leaked to developers included a user’s name, email address, occupation, and age.

Google notes the leaked data didn’t include information about users’ financial data, national IDs, and passwords. So users may face additional phishing threats, but likely won’t be impacted by identity theft.

"We’ve recently determined that some users were impacted by a software update introduced in November that contained a bug affecting a Google+ API,” Google said in the blog.

“We discovered this bug as part of our standard and ongoing testing procedures and fixed it within a week of it being introduced. No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way.”

Google delayed disclosing the Google+ leak affecting 500,000 users by eight months, fearing it could attract attention from regulators amid ongoing probes into Facebook’s leak of 87 million users’ data to political consultancy Cambridge Analytica.

The leak happened as Europe was gearing up to roll out out stricter privacy regulations under GDPR, which allow national authorities to impose fines of up to four percent of an organization’s annual global revenue.

A UK ‘fake news’ parliamentary committee last week published internal Facebook emails detailing sensitive internal discussions between 2012 and 2015 that showed select customers, including Netflix and Lyft, were given a free pass to access user data that other developers were blocked from in 2014.

Google says it will shut down all Google+ APIs for developers within the next 90 days, ahead of the accelerated April 2019 timeframe for closing off access to consumers. Google intends to continue supporting Google+ for enterprise customers.

The company confirmed that enterprise customers were impacted by this bug.

“We are in the process of notifying any enterprise customers that were impacted by this bug. A list of impacted users in those domains is being sent to system administrators, and we will reach out again if any additional impacted users or issues are discovered,” Google said.

Marriott Starwood hotel data breach FAQ: What 500 million hacked guests need to know

It’s been a couple of months since a major company unveiled a data breach that affected millions of people, so it’s time for a new one. The Marriot hotel chain has announced a major database breach that could affect anyone who stayed at its 6,700 worldwide Starwood hotel properties since 2014—up to 500 million people in total.

That’s a lot of people an a long stretch of time, so check out our FAQ for all of the information:

What happened?

Marriott says it received an alert from an internal security tool on September 8 warning of an attempt to access the Starwood guest reservation database in the United States. In its investigation of the incident, Marriott learned that an unauthorized party gained access to the company’s customer database and “copied and encrypted information, and took steps toward removing it.”

How did the hackers get in?

Marriott isn’t being totally clear here, but it appears as though this wasn’t the usual exploit of a vulnerability. Rather, someone without the proper credentials was able to access the Marriott reservation database to make a duplicate encrypted copy of customer information, which was then presumably taken outside the system.

How far back does the breach go?

Marriott says the unauthorized access goes back to 2014.

Why wasn’t Marriott alerted sooner?

Also unclear, but perhaps the unauthorized party only recently started accessing the system. Or possibly Marriott recently installed new security software that was able to detect the access.

Why are we just hearing about now?

Marriott says it was only able to decrypt the files on November 19, and is still working to uncover the scope of the breach.

What was stolen?

Marriott is still sorting through the data it was able to recover, but for most customers, the following data may have been stolen: name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, and arrival and departure information, along with reservation dates and communication preferences.

What about credit card information?

For some users, Marriott says payment card numbers and payment card expiration dates were included in the stolen data, but card numbers were encrypted using Advanced Encryption Standard encryption (AES-128).

Possibly not. As Marriott explains: “There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken.”

What about my SPG points?

Marriott says there is no evidence that any loyalty points were obtained, but you should check your account for any suspicious activity.

Has the breach been stopped?

Presumably, but Marriott doesn’t explicitly say whether the unauthorized access has been shut down. However, the chain is working with law enforcement agencies and regulatory authorities, so the likelihood of a continued breach is extremely low.

What is Marriott doing to stop future breaches?

Again, it’s not totally clear if the hacker exploited a vulnerability or merely used an unauthorized password, but Marriott says it is devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network.

How do I know if my data was accessed?

Marriott began sending emails on a rolling basis on November 30 to affected guests, so sure to make check you spam folder if you haven’t received one.

What can I do if I was affected?

Marriott has set up a dedicated call center to answer any questions you may have. U.S. Customers can call 877-273-9481 seven days a week to reach a representative.

Should I change my password?

Marriott hasn’t said whether any accounts were accessed or passwords stolen, but it certainly can’t hurt. But this was a breach of the company’s internal database of hotel guests, not online accounts.

Should I cancel my credit card?

Also not a bad idea. If you know the credit card or cards that are on file with Marriott or Starwood hotels, cancelling them now is the best way prevent any future malfeasance.

What else can I do?

Marriott is providing all guests in the U.S., Canada, the UK with the opportunity to enroll in Kroll’s Web Watcher Monitoring Service, which tracks sites where personal information is shared and alerts you if evidence of your personal information is found.

Unisys embraces Invictus Games spirit to deliver Cybersecurity

As 500 Invictus Games competitors from 18 nations were preparing to descend on Sydney for eight days of intense competition, the team at Unisys were also getting Games-ready – locking in the final details for the project of a lifetime.

Created by HRH The Duke of Sussex, the Invictus Games sees wounded, injured or ill veterans and serving personnel contest medals in 11 adaptive sports including wheelchair basketball, sitting volleyball, cycling and indoor rowing.

Unisys has a proud history of working with the Defence community so we jumped at the opportunity to provide information technology and cybersecurity support to the Invictus Games Sydney 2018.

The sensitive nature of the data about competitors required a robust approach to security and was critical to the successful execution of the Games. Here we discuss how Unisys provided an appropriate level of security within a short timeframe for the Invictus Games Sydney 2018.

The Brief

When Unisys came on board as a partner of the Invictus Games Sydney 2018, one of the key areas of concern raised by the Head of Technology was cybersecurity. The brief was simple; implement an appropriate level of security, but with minimal cost. Unisys was ready for the challenge!

The first two points to address were:

What is an ‘appropriate level’ of security?
What are the gaps that need to be addressed from a security perspective?

To address the above, Unisys performed a comprehensive security risk analysis. This helped pinpoint expectations and the appropriate level of security for the data to be protected.

The security risk analysis identified seven high priority areas:

Network security, including wireless,
Security detection and response,
End-point security,
User education and training,
Email filtering,
Anti-phishing training, and
The security of third party suppliers to the Games.

Let’s look at each one in tur

View all images

Unisys has a proud history of working with the Defence community so we jumped at the opportunity to provide information technology and cybersecurity support to the Invictus Games Sydney 2018.

The Brief

The first two points to address were:

What is an ‘appropriate level’ of security?
What are the gaps that need to be addressed from a security perspective?

To address the above, Unisys performed a comprehensive security risk analysis. This helped pinpoint expectations and the appropriate level of security for the data to be protected.

The security risk analysis identified seven high priority areas:

Network security, including wireless,
Security detection and response,
End-point security,
User education and training,
Email filtering,
Anti-phishing training, and
The security of third party suppliers to the Games.

Let’s look at each one in turn.

Network security, including wireless

As the Invictus Games relied on public networks at multiple sporting venues, keeping IT equipment and wireless devices secure was a top priority.

Unisys Stealth^®with microsegmentation enable segmentation of the Invictus Games’ IT equipment into their own security zones, allowing Unisys to implement the required security policies to keep the data secure. This provided a virtual secure network across a shared public WiFi provided by each venue.

With critical applications running in the cloud, Unisys enabled secure connectivity to unsecured cloud applications via a proxy secured by Stealth, including the communications to, and from, the cloud provider.

Stealth provided additional benefits:

You can’t hack what you can’t see – all Stealth enabled devices were cloaked, making them ‘invisible’ to devices without access to these segments by policy. Using Stealth meant any device that was not allowed to communicate to the relevant segment could not even ping a device on that segment
Identity-based security – Stealth enforces security policies based on identities. A simple Public Key Infrastructure was put in place to validate the identity of a user or a device, and then enforce granular access control policies based on these identities. This led to two key outcomes

1. The level of security policy enforcement was more granular and controlled than traditional network based security; and

2. When the user or device moved from one micro-segment to another, the security went with them.

Equivalent security in the Data Centre and the Cloud – Stealth enabled the security policies in the local environment to be replicated in the cloud. The Stealth Enterprise Manager pushed security policies to any workload in the cloud running the Stealth agent.
Ease of deployment – using Stealth as software, it was deployed easily and quickly, and managed just as easily as well. This was important for this case in particular, as the security needed to be stood-up quickly and brought-down just as quickly after the conclusion of the Invictus Games. This would have been a lot more challenging with physical firewall infrastructure.

“A critical part for us was to make sure people had confidence in our ability to manage information with the respect and the confidence that is necessary for something like this, and Unisys effectively removed that problem from us. When they came on-board as a partner we no longer worried about that.” - Patrick Kidd, CEO, Invictus Games Sydney 2018

The entire Stealth deployment protecting the Invictus Games Sydney 2018 infrastructure was monitored by 24x7 detection and response through Unisys Security Operations. Any security-related issues would be quickly detected and managed providing the Games team peace-of-mind.

End-point security and encryption

With Stealth, Unisys was able to achieve security segregation based on identities and encryption ‘on the wire’. However, to protect data in storage, BitLocker was deployed on all Unisys-provided endpoints, providing Games organisers the assurance that if a device was lost, data could not be accessed easily.

Unisys further hardened existing images to ensure all endpoints were protected. The endpoints were centrally managed (including security) using Microsoft Intune, to ensure the images remained secure and patch levels were up-to-date. Additionally, anti-malware software was deployed on the endpoints to provide protection against these types of issues. The combination of these controls ensured that the endpoints remained secure throughout the Games.

User education and training

Top-of-mind for the Head of Technology was ensuring that the users applied the right level of IT security hygiene to keep the environment secure.

This was particularly challenging as many of the users were volunteers from different backgrounds – some were security savvy and others not. Unisys worked with users to educate them about basic security hygiene practices including phishing, password security and so on to ensure that everyone had at least a base level of IT security understanding.

“Unisys helped us with these wider stakeholder groups by providing training and familiarisation in cybersecurity threats … [Unisys] did a full assessment of our security and risk profile, and that included looking at our people, looking at our processes, as well as the technology.” - James Smith, Head of Technology, Invictus Games Sydney 2018

Unisys helped improved the Information Security Policy so that all users had guidelines to refer to in terms of IT Security. This gave Games organisers the confidence that all layers of the IT environment were covered and, with the right knowledge, users had been turned into effective ‘human firewalls’!

Email filtering

Unisys deployed email filtering across the Invictus Games Sydney 2018 user base. With the increase in attacks on organisations via this channel this control ensured that the entry of malware through emails into the Games environment was heavily reduced.

Anti-phishing training

Unisys worked with CoFense, to provide simulated phishing campaigns and anti-phishing training to the Games user base. With users increasingly targeted as an entry point for intruders, ensuring users were trained to spot and reject phishing emails was a critical control to implement.

Third party security assessments including penetration testing

Invictus Games Sydney 2018 used a number of cloud providers to address various aspects of games management such as competition management (such as results and scoring), workforce management, accreditation, etc. Unisys worked with Games organisers and third party providers to assess how they measured up against the Games’ security policies and made recommendations where there were gaps in compliance.

In some cases the providers had the controls available but had not implemented them because they weren’t aware it was needed. This is a common issue found with many organisations using cloud providers.

To provide an additional level of assurance, Unisys repeated the penetration testing after the recommended controls were implemented to ensure the cloud providers could withstand a typical attack.

By taking a simple approach to a complex environment, Unisys was able to secure the Invictus Games Sydney 2018 from cyber threats and achieved this on a tight budget. Unisys takes a Zero Trust approach to security spanning people, policies and technology. And by aligning security investments with risk profiles the desired business outcomes can be achieved by implementing the appropriate level of security. Everyone can achieve an appropriate level of security. It’s just a matter of understanding what that level is and managing the risks to the business.

Stop treating internal and external threats like they’re different things

Survey shows strong focus on business risk, but technological controls are also needed to stop external attackers who use internal credentials with impunity

Security professionals need to stop thinking about cybersecurity threats as being internally or externally focused and understand that the two forms of attack are intrinsically related, a cybersecurity expert has advised in the wake of survey findings suggesting Australian executives see internal threats as the biggest perceived threat to information security.A

recent straw poll, conducted by security consultancy Content Security amongst attendees at AISA’s recent Australian Cyber Conference 2018, found that 29 percent of respondents believe internal threats will be the biggest attack threat through the end of 2019.

That was well ahead of those concerned about privileged account exploitation (20 percent), ransomware (18 percent), and zero-day threats (17 percent) – but CEO and co-founder Louis Abdilla warned that categorising the threats risks glossing over the interconnectedness of those threats.

“In today’s security landscape, the distinction between inside and outside cyber threat no longer matters,” he explained.

“This is because attackers are actively seeking to pose as legitimate insiders. They do this by stealing and exploiting privileged accounts – the same credentials used to manage and run an organisation’s IT infrastructure.”

The survey also queried attendees on their proposed plans for security investments, with 52 percent of businesses saying they would spend at least $500,000 on cybersecurity and breach prevention next year.

Fully 28 percent named SIEM and security operations centres (SOCs) as the most critical technology investment over the next 12 months, with multi-factor authentication (23 percent) and vulnerability management (21 percent) also showing strongly.

And while this level of investment confirmed that businesses are investing in cybersecurity protections as a business priority, fully 45 percent said they were aligning their compliance efforts to either ISO 27001 or NIST risk-management frameworks; by contrast, just 1 in 10 said they were following the guidelines of the Australian Signals Directorate’s Essential Eightstrategies, which are more technically prescriptive.

The increasing prevalence of business-focused strategy frameworks has been reflected in a push to deliver more, and more comprehensive, privacy frameworks that position data management and privacy as a business risk rather than an esoteric IT issue.

The new notifiable data breach (NDB) scheme and EU general data protection regulation (GDPR) have this year tightened reporting requirements around data breaches, no doubt influencing the investment in risk-focused security platforms.

The coming year will lend further weight to growing privacy obligations, with tighter new privacy regulations in California adding to the chorus of pro-privacy voices.

New obligations, such as the Australian Prudential Regulation Authority (APRA) push to make boards responsible for an organisation’s information security, will add further pressure to this trend.

However, Abdilla warns, the blurring distinction between internal and external compromises means the right balance is not to focus exclusively on business risk or technological controls, but a bit of both as appropriate for the environment.

With more Australian organisations looking to increase their maturity, security frameworks and standards provide a foundation to develop a strong cyber security strategy,” Abdilla said. “Ultimately, we should always encourage good security habits and train employees on best practices and how to spot common attacks.”

To help fix service issues before they happen

Internal training, technical work is harnessing AI/ML and web-scale data lakes to manage over 20TB of new data every day

Legacy data warehouse architectures may have been designed for large amounts of data – but even massive warehouses would struggle to manage, much less analyse, the 20 to 30 terabytes of operational data that nbn™ Australia collects on a daily basis.

That data – including network performance data, performance alerts, usage information, network alarms, and more – is vital to understanding how the company’s Australian wholesale broadband access network is performing.

But as network and systems became more complex and its data requirements more sophisticated, nbn has had to explore different approaches – which it did with the establishment of the Foresight Lab over a year ago.

Amongst their many tasks, the technical and data-analytic experts within Foresight scale have been charged with transitioning nbn from legacy data-warehousing technologies to a less well-defined, unstructured virtual ‘data lake’ – an evolution of big-data technologies that sidesteps past architectural constraints through the integration of web-scale technologies.

The virtual data lake is built and managed internally within nbn as a private cloud, offering tight control over data while providing the scalability benefits of web-scale companies that “have changed the way we look at data,” explains Arun Kohli, executive general manager for IT architecture and Foresight Lab with nbn.

“There were always metrics, KPIs, and data used to make the decisions, but the scale that we now call ‘big data’ was very difficult and very expensive. With cloud computing and storage, the technology of the storage has changed – which has helped us exploit the data at scale.”

A foundation for change

Coping better with scale has proved critical in fuelling two other key data paradigms that are driving R&D work.

The second, performance and capacity management, is gaining accuracy and relevance thanks to the detailed analyses it provides about the operation of the wholesale network that nbnoperates across several transmission modes spanning across Australia.

Ongoing analysis of usage patterns and congestion spots helps the company prioritise target areas for its ongoing rollout, while correlations with factors such as time of day have revealed important patterns in consumer demand for services over the nbn™ access network and retail service provider (RSP) demand for nbn™ wholesale products and services.

The third area where nbn’s data collection is helping to drive a service revolution lies in the ability of such massive data stores to feed increasingly common artificial intelligence (AI)/machine learning (ML) algorithms.

By training AI tools with ML algorithms designed to better understand baseline performance and configuration specifications, it becomes much easier for the systems to automatically spot issues that may be causing performance problems or service interruptions.

Whatever the transmission medium, patterns of behaviour are built up over time – providing unprecedented predictive power that can help the company anticipate a performance problem before end users even notice it.

This might be an issue with a setting in an end-user router, or an issue with the way that a hybrid fibre modem is bonding multiple transmission channels. Under today’s models, such problems would only be identified when an end-user complains about their service and the RSP escalates the call – but in the AI/ML world, nbncan help to proactively identify looming issues and resolve them well before they become a problem.

Finding the right skills

Intelligent analysis techniques may be providing new insights into ever-larger quantities of nbn™ data, but they’re also creating new challenges as the company works to build out its base of skilled data specialists.

While establishing the Foresight unit over a year ago, the team faced a challenge to find people with the necessary domain expertise and data-analytics credentials. Instead, they identified internal data engineers for training and separately hired pure data-science specialists to help them transition into the more proactive, AI/ML-led environment.

This was not always straightforward. “Our domain experts are coming from an educational background and industry training,” Kohli explains, “where things are defined by engineering and mathematical formulas. They like to use supervised machine learning because it’s very close to the way they were always taught – but when we talk about unsupervised machine learning, it becomes difficult. It’s a conceptually different way of thinking.”

To resolve these differences, data-focused specialists were paired with internal domain specialists – who understand core nbntechnologies including fixed wireless, satellite networks, hybrid fibre-coax (HFC), fibre-to-the-curb (FTTC), and dense wavelength division multiplexing (DWDM) backhaul – and tasked with training them in the disciplined application of data analysis techniques to their existing knowledge.

This collaboration between three disciplines spawned a process by which the company has been able to upskill its internal network specialists, technical architects, operational support system (OSS) and business support system (BSS) architects, and other specialists – bringing them together on a common purpose to transition nbn into a more data-focused organisation than ever.

In August, nbn revealed their updated corporate plan that highlighted their focus to improve the experience end-users and improve the time to resolve issues as quickly as possible.

“We are very much a metric-driven organisation,” Kohli explains. “Once we understand these issues, we can talk about leading indicators – and not just lagging indicators, which most of the industry does. The end user may still have a service, but we can now spot issues that may impact them in the future.”

Bringing this all together has been influential in helping nbn to spot those issues before they impact an end-user or business. Advances in data uses further enhance nbn’s ability to improve the experience of internet access when customers need it most.

After a tough year in data compliance, 2019 promises more clarity for businesses

Guidelines around data sharing, analytics support increasingly pro-consumer regulatory and cybersecurity environment

New guidelines for data sharing have provided clarity for businesses around their privacy and data breach obligations, but 2019 will see even greater improvements as emergent California privacy guidelines trigger privacy protections across the globe.

After a punishing year in information privacy saw many companies caught flat-footed around consumer privacy and data obligations, the Australian Computer Society’s newly-released data sharing guidelines offer much-needed clarity for businesses that are still struggling to address their regulatory exposure around the data they generate and collect.

Authored by NSW chief data scientist Dr Ian Oppermann, the new report – entitled Privacy in Data Sharing: A Guide for Business and Government – lays down a ‘Five Safes’ data analytics framework including controls that can be applied to open-data regimes such as the open banking paradigm to be first introduced in Australia’s banking industry in 2019.

The report examines notions such as data de-identification, strategies for scoping the uses of data, consent, and more – providing businesses with increasingly substantive guidelines to help them keep up with the growing global momentum towards transparency and user control over data.

Keeping up has proven increasingly tough this year as one Office of the Australian Information Commissioner (OAIC) after another revealed ongoing problems stemming the flow of data breaches. Many businesses are still struggling to understand or act upon their terms of engagement when it comes to cybersecurity, with a recent HP Australia study finding thatmany were conflicted between the need to meet security obligations and the desire to leverage customers’ data to improve customer service and profitability.More from Cisco

This conflict is playing out in the US, where the lack of consistent privacy laws has left consumers far more exposed than in Australia or Europe. Organisations such as US thinktank the Free State Foundation have embodied the conflict between consumer privacy protection and businesses’ right to data.

The new California Consumer Privacy Act (CCPA) will clarify the situation considerably, turning around a legacy of lax US privacy protections by enshrining the right for consumers to stop companies sharing or selling their personal information; providing control over the personal information that businesses collect; and holding businesses responsible for protecting customers’ personal information.

These changes will bring California’s privacy protections closer in scope and tenor to those espoused by the European Union’s general data protection regulation (GDPR) and Australia’s own Privacy Act and coming Consumer Data Right.

GDPR-led scrutiny of companies’ data handling practices has had a range of side effects. Security giant Kaspersky Lab, for one, recently fulfilled an earlier promise by opening a Transparency Centre in Zurich, Switzerland where it will process data for European customers – a move that founder and CEO Eugene Kaspersky said dovetails with greater efforts “to raise levels of trust, security and stability in the digital world.”

For its part, the UK will open a cybercrime-specific court and is considering the appointment of a minister specifically charged with preventing cyber attacks on critical infrastructure.

The confusing blend with Optane Memory

When does a PC have “24GB of Memory?” When its Intel Optane Memory is being counted on top of the 4GB, 8GB, or 16GB of RAM we’re used to seeing on mainstream PCs.

Traditional RAM and Optane Memory do different things, however, so the fact that some PCs are showing this blended spec is bound to confuse shoppers looking for new PCs over the holidays. We’ve taken a closer look at what’s being advertised and how to understand what the PC you’re shopping for really has.

total memory samsclub — Is it OK to market laptops with total “memory” by counting the Optane drive too?

The difference between RAM and Optane Memory

Our story started with the Sam’s Club Black Friday ad above. The ad took the PC’s 8GB of RAM, added the 16GB of Optane Memory, and advertised the system as having “24GB Memory.”

But as all PC users should know, RAM is just a temporary holding place for data. Once power is cut, everything in it is erased. Think of it like counter space in the kitchen, while your hard drive or other storage is the refrigerator. When dinner is over, the counters have to be cleared and food put away in the fridge, or else it’ll spoil. In the same vein, you save everything to the hard drive before powering off your PC, because it dumps whatever’s in RAM.

Intel

Optane Memory can supplement the traditional spinning-platter hard drive on a mainstream PC, providing faster-moving storage for frequently used files.

In contrast, Optane Memory is a form of Intel’s stupidly fast Optane storage technology. Check out our review of Optane Memory for all the details, but basically it’s magnitudes faster than a spinning hard drive and can rival the speed of budget SSDs. And unlike RAM, it doesn’t erase itself when you power off.

Intel uses Optane Memory either as storage, or as a cheap way to make mainstream PCs feel faster even if they’re still using slow (but economical!) spinning-platter hard drives. The Optane Memory stores applications and data you access often, while less-frequently used data stays on the hard drive.

intel optane ssd 800p pins — Intel’s Optane Memory is used to cache or tier storage to give it SSD-like performance. So how is that RAM?

Optane Memory makes a big impact. If we were faced with similarly priced laptops, one with 8GB of RAM and a 16GB Optane Memory drive plus a 2TB hard drive, vs. another laptop with 16GB of RAM and a 2TB hard drive, but no Optane Memory, we’d opt for the one with less RAM and Optane Memory.

Why? Using our countertop-and-refrigerator analogy, having 16GB of RAM for basic computing use would be like having a huge restaurant kitchen to make a meal for four. Having Optane Memory would be like having an island in your kitchen that functions as a countertop and, when done, turns into a small refrigerator.

It’s still not RAM

officedepot — It’s much less confusing when PC specs separate RAM and Optane Memory.

We love Optane Memory, but bottom line, it’s not RAM. That’s where the rub is. Blending the two could make some users think they have 24GB of RAM, when what they really have is only 8GB of RAM—plus the 16GB of Optane Memory. While some may argue that mainstream users don’t know the difference, we think it’s better to be totally clear, like in the Office Depot ad above, and let people know exactly what's what.