Telstra chief executive Andy Penn describes the level of cyber attack activity in its operations in Australia and globally on a daily basis as “frightening.”
While cyber risk for large institutions such as governments, major banks, and large retailers has long been closely managed, the topic is set to be an increasing focus across industry and businesses of all sizes in the coming years.
With some projections predict 20 billion devices will be connected to the internet by 2020 around the world, access points for hackers and malicious agents are increasing at an exponential rate.
Delivering the Sir Edward “Weary” Dunlop Lecture at the annual Asialink chairman’s dinner in Sydney last night, Penn spoke about the cyber activity levels seen in the Asian region, saying it not only was a challenge for business but added a new dimension to local strategic tensions including the militarisation of the South China Sea.
Telstra itself was the victim of a cyber attack last year on Pacnet, a corporate IT network business it had then recently acquired.
Through its submarine cable network Telstra accounts for around a third of all data traffic, including internet traffic, between countries in the region and with Australia, Penn said. He went on to talk about the scale of cyber risk that telecommunications companies and businesses more broadly are having to manage, emphasising that the sources of threats are not confined to criminals and programmers not otherwise gainfully employed:
We get to see the scale of cyber activity every day and it is pretty frightening.
Connectivity provides many great benefits to society and the economy.
But better connectivity also means that barriers to crime, espionage and protest have lowered, and even mistakes can happen at a pace and at a scale that is unprecedented.
The actors in a cyber world are no different to those in the physical world.
They include state-sponsored criminal activities and ideologically motivated activism.
They include individuals seeking fame or fortune and issue-motivated groups looking to disrupt to make a protest point.
They include organised crime syndicates looking for profit.
And they include nation states trying to gain tactical or strategic advantage or, in some cases, acquire intellectual property.
Many of you here today would be aware of the breach of Sony’s network in 2014. This was the result of a well-organised hack at the hands of European Criminal gangs allegedly hired by the North Koreans.
The hackers remained undetected on Sony’s network for over 5 months.
Sony last control over 38 million files, personal staff information, and 5,000 company emails. As a direct
consequence Sony failed to file its quarterly financial results on time.
In the immediate aftermath, Sony was also forced to process many transactions manually because more than half of all its systems were wiped clean by the hackers.
Penn also referred to the attack on the Bangladesh Central Bank, in which hackers successfully moved $81 million to The Philippines, which they were then able to send on to casinos.
“However, cyber risks can of course potentially play a more significant role in world events,” Penn said.
“In the grand scheme of things these incidents and their consequences are relatively minor if expensive and potentially embarrassing for those affected.
“A lot has changed in Asia since the second world war but tensions still exist whether it is nuclear sabre rattling between India and Pakistan, the militarisation of the South China Sea, North Korea or sovereignty over Taiwan. Cyber risk adds a whole new dimension to these conflicts.”