<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-AU" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">In this type of breach and, like many others, is that companies provide access to the entire consumer data without any consideration of the consumer who is having their data being accessed.
<br>
<br>
The current model(s) need to change and are changing to be more consumer centric.
<br>
<br>
Preventing 3<sup>rd</sup> party companies’ direct access to consumer data without consumer consent is what needs to be put in place now to remove such egregious breaches from occurring in the future.<br>
<br>
Allowing the consumer to decide who has access to their data and what data they want is the model that should be taken.<br>
<br>
This limits the scope of an attack down to a single consumer as the data passing between “company to company where the source company is the data holder” or “company to company via the consumer where the consumer is the data holder” is only specific to that
consumer not entire data set. If an attacker manages to gain access to that data in-transit, then it will be limited to the scope of that consumer, the risk can be mitigated and the cost to access large swathes of consumer data will be so high that it will
be not cost effective for the hacker.<br>
<br>
It is only a matter of time until companies will need to pivot to facilitate this change.
<br>
<br>
So why not start working towards making this happen before you are forced to.<o:p></o:p></p>
<p class="MsoNormal"><br>
<br>
<p><span style="font-family: Calibri;"><span style="font-size: 10pt;">Regards,</span></span><br style="font-family: Calibri; font-size: 10pt;"><br style="font-family: Calibri; font-size: 10pt;"><span style="font-family: Calibri;"><span style="font-size: 10pt;">Mark Stewart</span></span><br></p><table id="0.m2eaiugmg4" style="width: 350px;" cellspacing="0" cellpadding="0"><tbody><tr><td valign="top" style="width: 20px; font-family: Arial; font-size: 10pt;"><span style="font-family: Calibri;">M</span><span style="font-family: Calibri;">:</span></td><td valign="top" style="width: 330px; font-family: Arial; font-size: 10pt;"><a href="tel:0438005415" style="text-decoration: none; color: rgb(0, 0, 0); font-family: Calibri;">0438005415</a></td></tr><tr><td valign="top" style="width: 20px; font-family: Arial; font-size: 10pt;"><span style="font-family: Calibri;">E:</span></td><td valign="top" style="width: 330px; font-family: Arial; font-size: 10pt;"><a href="mailto:mark@nabc.com.au" style="text-decoration: none; color: rgb(0, 0, 0); font-family: Calibri;">mark@nabc.com.au</a></td></tr><tr><td valign="top" style="width: 20px; font-family: Arial; font-size: 10pt;"><span style="font-family: Calibri;">W:</span></td><td valign="top" style="width: 330px; font-family: Arial; font-size: 10pt;"><a href="https://nabc.com.au/" title="" style="text-decoration: none; font-family: Calibri; color: rgb(0, 0, 0);">www.nabc.com.au</a></td></tr></tbody></table><p style="FONT-SIZE: 10pt; FONT-FAMILY: ARIAL"><img src="cid:logo_134bce06-4035-4c5e-9960-5d389b43b8b5.png" border="0" id="0.gpbann76zu" alt="Logo.png" style="font-family: Arial; font-size: 12px;"> <img src="cid:nabc_9bc8b7c1-99a1-415f-8f90-68e51c42614a.png" border="0" width="185" height="91" id="0.yq5xfznxbwg" alt="NABC.png" style="font-family: Arial; font-size: 12px; width: 185px; height: 91px;"></p><p style="FONT-SIZE: 10pt; FONT-FAMILY: ARIAL"><span style="font-size: 13.5pt; font-family: Webdings; color: green;"><span style="font-size: 8pt;">P</span></span><span style="font-size: 8pt; font-family: Arial, sans-serif; color: green;"> </span><span style="font-family: Arial; font-size: 10pt; color: green;"><span style="font-size: 8pt;">Please consider the environment before you print this e-mail<br></span></span><span style="color: rgb(0, 0, 0); font-size: 8pt; font-family: Arial;">As communication via the internet is insecure in the form of e-mail, you are advised that material which may offend or infringe individual rights may be transmitted without the knowledge or consent of Nuts and Bolts Computing or any of its related entities or subsidiaries. Whilst Nuts and Bolts Computing has taken reasonable steps to ensure the integrity of such communications, it accepts no liability for material transmitted via this medium. </span><span style="color: rgb(0, 0, 0); font-size: 8pt; font-family: Arial;">This e-mail may contain privileged and confidential information and is intended solely for the use of the individual or entity it is addressed to. If you are not the addressee indicated, or the person responsible for delivering e-mail, you may not copy, print, forward or deliver this message to anyone. If you have received this e-mail in error, please contact the sender by reply e-mail and insure that the original transmission and its content is deleted and destroyed. Thanking you for your attention.</span></p><div class="MsoNormal" align="center" style="text-align: left;"><span style="font-size: 7.5pt; font-family: Arial, sans-serif; color: rgb(0, 93, 162);">
</span></div><b><span lang="EN-US" style="mso-fareast-language:EN-AU">From:</span></b><span lang="EN-US" style="mso-fareast-language:EN-AU"> AusNOG <ausnog-bounces@ausnog.net>
<b>On Behalf Of </b>Bevan Slattery<br>
<b>Sent:</b> Tuesday, 27 September 2022 8:46 AM<br>
<b>To:</b> ausnog <ausnog@ausnog.net><br>
<b>Subject:</b> DMARC Violation[AusNOG] Optus Hack</span><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Hi everyone,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Obviously a big week in telco and cybersecurity. As part of my work I am on the Australian Cyber Security Industry Advisory Committee as an industry representative.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I am keen to look at opening up a dialogue with more and more telco, DC and Cloud CISO’s on what they are doing around this issue and looking to take a proactive step towards best practice on customer data and system security.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">There will be some pretty serious consequences of this hack on the industry and importantly we need to make sure we are as best placed to help each other continually increase in security posture through best practice, but also working with
each other as an industry.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Are people keen on having a online/VC session sometime in the next few weeks where like-minded industry participants get together and discuss security, retention, encryption, threat detection etc.? If so, just ping me directly and if there
is enough interest I will send out an invitation to the list for a call.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Cheers<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">[b]<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>