Coaching & Mentoring

Philip Nesci, IBRS adviser and former CIO, has warned that agencies will need to get their information management sorted out to capitalise on the new rules.
‘‘Agencies need to identify their high-value data sets and where they are located.’’ 

Full Story.

IBRS advisor Dr. Joseph Sweeney discusses why it falls to individuals to look at improving their work in a post-COVID world. Dr. Sweeney comments on the need to build a culture of innovation that empowers employees to understand where improvement is needed in their job.

Full Story.

IBRS analyst Dr. Joseph Sweeney provides best practice-advice on working from home in the current pandemic situation. Dr. Joseph Sweeney discusses current working from home policies which are mandated due to public health reasons, and explains how he has helped many organisations to adopt proper work-from-home practices.

Full Story.

IBRS workforce transformation advisor Joseph Sweeney said many government departments had to navigate difficult IT environments that were only part-way through their digital transformations, with some systems in the cloud, and other legacy software still on premise.

Full Story.

"There is more security work to go round than there are resources. So I don't think the market is that crowded. It's important to remember that security is not something you buy and then it's done; it is an ongoing evolution within any organisation and requires constant care and feeding," IBRS adviser Peter Sandilands said.

"The big four has done a lot of their security work using fresh grads. They can use the tools but don't necessarily understand the real world implications."

Full Story.

NewsIBRS advisor Dr Joseph Sweeney has been tracking the three major Cloud vendors capabilities in AI and said Google is right to believe it has an edge over AWS and Microsoft when it comes to corpus (the data that 'feeds' certain AI applications) and also in AI application infrastructure cost and performance. However, he said this advantage was not materialising into significant gains in the Australian market.

Full Story.

Peter Sandilands, an advisor at analyst firm IBRS, called the discussion paper “a pre-judged survey” that is mostly looking for answers. He also questioned if the resulting recommendations would be published for review and commentary: “Is this window dressing, or are they going to do something out of this?”

The Australian government is charting its next cyber security strategy following an earlier A$230m blueprint laid out in 2016 to foster a safer cyber space for Australians.

In a discussion paper on Australia’s 2020 cyber security strategy, which is being led by an industry panel, minister for home affairs Peter Dutton said despite making strong progress against the goals set in 2016, the threat environment has changed significantly.

Full Story

 

According to a new IBRS study, spend on enterprise solutions is set to increase in 2019-2020. Both IT and line of business buyers need to consider how they manage procurement of these new solutions – and how they can make integration easy for their business.

According to the report, there are three degrees of integration an organisation can opt for: the pre-integrated enterprise, the core services and satellite apps enterprise and the business service mesh.

Understanding the kind of company you want to be is important, says Julie Ember, SaaS transition specialist at TechnologyOne, as that will help inform the decision about what business application environment fits your needs.

“Do you want to be in the business of IT, or focus on delivering your core business?” asks Ember.

“This is important because if an organisation does not, or cannot, build a large, highly skilled IT group, then they need to choose an application environment that can be easily supported – something like Software as a Service where the vendor manages the delivery and upkeep of the applications,” she says.

It is also important to determine if the business needs niche, best-of-breed applications to deliver core business processes, or if it is able to align with off-the-shelf enterprise software, she adds.

“An enterprise software strategy will provide a simplified application architecture with minimal integration, which not only makes implementations quicker, but also ensures the latest enhancements are easy to adopt.”

Full Story

Shadow IT sounds like a covert — quite possibly dark — force. And to some people it may well be. But the truth is both far simpler and more complex.

According to Cisco, Shadow IT is the use of IT-related hardware or software by a department or individual without the knowledge of the IT or security group within the organisation.

“Shadow IT is a term that originally came from people having little apps they brought into the business themselves. Dropbox is the classic one, but there are plenty of them,” says Dr Joseph Sweeney, advisor at leading Australian IT research firm, IBRS.

“Today, shadow IT extends beyond consumer apps to the as-a-service delivery of enterprise business capability, such as Human Capital Management.”

Full Story

Organisations that are resisting the shift to Cloud computing are often basing their decisions on common misconceptions around security, price and integration.

That’s a key finding in a recent report conducted by IBRS, The State of Enterprise Software Report 2019.

The Security Myth

Many of the organisations surveyed declared security as the primary reason for not moving to Cloud services.

Concern over the security of systems — and, critically, of the data they hold — was common in the early days of Cloud computing and it seems at least some of that legacy remains. But it’s a myth.

Dr Joe Sweeney, author of the report said cloud service providers exceed most organisations’ budget and capacity to manage complex cyber security risks.

That’s certainly the view of the Commonwealth Government, which is moving to Cloud-delivered enterprise solutions aggressively.

Full Story

Conducted by Australia’s Intelligent Business Research Services (IBRS) and commissioned by TechnologyOne, the survey of 261 business leaders in ANZ has shown that business functions are having more sway about technology decisions and are increasingly opting for Cloud-based applications.

But it is not always a case of “shadow IT” in the traditional sense where a business unit goes behind the technology department’s back to buy a product or service.

Instead, it is “enterprise shadow IT” selected with the blessings of IT, said Joe Sweeney, principal analyst at IBRS, adding that in some organisations, CIOs have transformed and are more supportive and consultative.

TechSci Research estimates the Australian managed security services (MSS) market will grow at a CAGR of more than 15 percent from 2018-23 as a result of the increased uptake of cloud computing and the popularity of bring-your-own-device (BYOD).

That’s a decent growth rate, enough to pique the interest of managed IT services providers looking to grow their business.

They already have established client relationships and those clients, like all businesses, face constant challenges keeping secure in the face of an every evolving threat landscape and a shortage of cyber skills.

Many managed IT services providers (MSPs) already offer some elements of security, such as antivirus, intrusion detection and managed firewall, but there’s a huge gap between these and offering a fully fledged managed security service via a 24x7 security operations centre (SOC) and security information and event management (SIEM) software to provide real-time analysis of threats, generate alerts and advice on remedial action.

Technical competence is one challenge faced by any MSP contemplating becoming an MSSP.

Full Story

  • What is the future of work and how do we prepare our kids for it?
  • Are schools and universities setting kids up for future success?
  • Does technology in the classroom improve outcomes for kids?
  • Should every school student be learning to code?
  • And what are the skills that kids will need in tomorrow's world?

These are just some of the questions I ask Dr Joe Sweeney, technologist, researcher, writer and expert in workforce transformation in this episode of the Potential Psychology podcast.

Joe and I discuss schools, education, technology, tools, parenting and the future of work. We talk about why LEGO is important for the digital world, the role of books in future happiness and success and why the most important thing we can do for our kids is teaching them to think.

Join me as we explore the future - and the past - with Dr Joe Sweeney.

Full Story

The timing couldn't have been worse for PageUp; two days before Europe's new data protection regime came into force the Melbourne-based online recruitment specialist's security systems detected suspicious activity.

By May 28 – three days after the General Data Protection Regulation went live – PageUp knew client data may have been compromised and that it had 72 hours to alert the British Information Commissioner's Office, due to the UK's incredibly stringent laws on breach disclosure.

It has also liaised with the Office of the Australian Information Commissioner as required under the mandatory data breach notification rules, which came into force in February.

On June 1 it alerted its customers; on June 5 it confirmed the breach publicly.

Read More

In terms of cyber security years, Australia is still in the dark ages, a period typified by a lack of records, and diminished understanding and learning.

We're only a few months into practising mandatory data breach notification, while many parts of the world have been doing this for years. The United States has been disclosing breaches for more than a decade.

Countries where data breach notification is the norm are still maturing, and there is no upper limit for our understanding on managing cyber risk. But you can see that by the steps other parts of the world are taking that they do see security incidents very differently to Australia.

This month, at the annual gathering of the Society for Corporate Governance in the United States, Commissioner Robert Jackson Jr. from the Securities and Exchange Commission (SEC) said investors are not being given enough information about cyber security incidents to make informed decisions.

Read More

Cyber security and risk advisor at analyst firm IBRS, James Turner, said the cyber skills shortage was prompting a wider rethink around the domain in terms of resourcing for the last few years.

“It’s partly about talent scarcity but it’s also about bringing fresh eyes. It shows up in the diversity of thinking around cyber issues,” Turner said.

“Diversity is incredibly valuable, it counters groupthink. You want that in your security team, and definitely in any good red team.”

Turner said human history was “littered with disasters that stemmed from a group of people all thinking the same way and not contemplating that there could be other views.”

“I’ve seen people from not just analytics backgrounds but also as broad as history, languages and music go into cyber security and be highly effective.” 

Full Story

 

PageUp People, a successful Australian Software-as-a-Service vendor, has been the victim of a crime, with a data breach that could be extremely damaging for its prospects. There are two lessons for the industry that are worth drawing particular attention to.

The first lesson is that we need the victim to survive. Once PageUp is safely through this incident, one of the most valuable things its executives can do for the industry is to share their experiences and the lessons learnt.

Sharing this information is important because, as one security executive from an ASX50 company said to me, it could have been any of us. And, it is only through sharing these experiences and the lessons from these crimes that we, as an industry, can improve.

Despite years of security incidents and data breaches worldwide, many Australian executives think their organisations are magically immune. It's far too easy to underestimate the potential impact, the flow-on consequences, and the personal cost for people involved or affected.

 
 

Australian businesses currently face a cyber security triple threat that has nothing to do with warding off hackers.

Rather there are three new regulatory forces impacting specific points of the cyber security posture of the Australian economy, where relevant businesses will face all kinds of trouble if they fail to keep up to speed.

These external obligations are the Notifiable Data Breach (NDB) scheme, the Security of Critical Infrastructure Bill, and APRA's draft of Prudential Standard CPS 234.

There are lessons to be learned from all three of these external obligations. At a simplified level, the NDB scheme addresses the security of people's data; the Security of Critical Infrastructure Bill addresses the technology that supports our lives, and CPS 234 addresses the processes and governance that protect our wealth.


Full Story:

More than 60 data breaches have been reported in the first six weeks of the country's new Notifiable Data Breach (NDB) scheme, with healthcare providers making up almost a quarter of the mandatory notifications.

Of the 63 notifications revealed in the first report by the Office of the Australian Information Commissioner since the laws came into effect on February 22, legal, accounting and management services businesses made up 16 per cent, while finance institutions composed 13 per cent.

IBRS cyber security advisor James Turner said many companies in the healthcare sector still did not realise the gravity of the responsibility on their shoulders in terms of keeping people's data safe.

"I've been talking to healthcare providers around the traps and I'm stunned by the lack of awareness of the NDB scheme. I'm hoping the industry bodies and royal colleges are doing something to raise awareness," he said.

Full Story



 

Do not mistake cyber security for being merely a technical discussion about IT problems to be fixed. Cyber security is now, and always has been, purely a response to risk. The risks have changed dramatically over the last 20 years, but the way many people view security is stuck in the 1990s.

Here in Australia, we're now under the Notifiable Breach Disclosure scheme and it's worth using this as a barometer to understand how well executives actually appreciate that they run digital companies working in a digital economy, with all the risks that come with hyper-connection and digital interdependence.

How well an organisation understands itself and its ability to work through responding to a suspected data breach is a direct reflection of how well it understands its business, as well as its dependence on technology and data. In other words, how well does the company understand and manage risk? Yeah, governance, that old chestnut.

People talk about digital transformation and disruption as though these were destinations to get to. But, digital transformation is a continual process and risk management is a necessary component. There is no finish line for transformation or risk management, there are only companies that will cease to be competitive.


Full Story

The Future of Work: The Role of People

Foreword by Joseph Sweeney, IBRS Advisor
 
For the past 30 years, organisations have applied technology to people to make the workplace more productive. But despite substantial investments in technology, productivity has grown annually on average at just 1.8 percent.  Something was not working.   
 
During the last few years, we’ve seen a shift in power. Instead of organisations dictating technology, increasingly people are choosing the technology they wish to apply in the workplace. Initially seen as a problem, shadow IT, is now accepted and embraced.    
 

NewsThousands of Australian small businesses remain woefully unprepared for the introduction of new laws that will require them to publicly disclose if their customers' data is breached by hackers or technology problems, according to local industry experts and recently conducted research.

Mandatory data breach reporting laws come into effect in Australia in February, years after they were introduced in other countries, such as the US, but a new study by cyber security provider CyberArk has found 44 per cent of Australian businesses are not fully prepared.

While it is predictable enough for a security vendor to warn that businesses need to worry more about security, independent Australian cyber security expert James Turner, of IBRS and CISO Lens, said small businesses were "absolutely not" prepared for the new laws.

Full Story

Cyber security experts have warned the long-term implications of chip vulnerabilities nicknamed Spectre and Meltdown discovered by researchers this week are still unknown, despite it appearing that cyber criminals were unaware of the flaws.

Australian cyber security expert James Turner, of IBRS and CISO Lens, told The Australian Financial Review just because these flaws were unlikely to have already been exploited, does not mean they could not be in the future.

"This is the exact reason why the security industry was screaming all through the last few years about the importance of security for the internet of things. The internet of things is billions of different devices, growing in size every month, all based substantially on hardware," he said

"It simply won't be economically viable to get everyone to replace the CPU on their TV, fridge, Alexa, lightbulb, thermostat, electric lock, and so on, just because we've found another hardware flaw that impacts billions of devices that are all hyper-connected."

Full Story

 

The adults in the lives of young people need to know more about security and safety in an online world and they could be learning this at work

The Office of the eSafety Commissioner deals with some of the most confronting aspects of abusive behaviour on the Internet: child exploitation material, image-based abuse, and cyber bullying, to name a few.

Julie Inman Grant, the eSafety Commissioner, is dedicated to helping ensure young people have positive experiences online.

To this goal, in the first week of November, the Office of the eSafety Commissioner, in conjunction with its New Zealand equivalent NetSafe, hosted Australia's first online safety conference.

About 400 delegates from around the world came to share ideas, approaches and research in the area of cyber safety.

 Full Story