Telstra CEO Andy Penn launched the first annual report of the Australian government’s Industry Advisory Committee (IAC) on Cyber Security with a speech at the National Press Club on Thursday, July 15.
He delivered a blunt 3-point message for Australian firms:
- Use multi-factor authentication (MFA);
- Back-up systems and data offline; and
- Never pay a ransom.
The 30-minute speech summarises the committee’s 43 page report, covering the rapid increase of ransomware attacks, ‘cyber-crime-as-a-service’ (leasing ransomware for a share of profits), traditional email scams, and the “significant increase in nation-state sponsored malicious attacks targeting Australia”.
In addition, Penn also published a summary as a 900-word blog post on Telstra’s website.
He noted Telstra has assisted 17 enterprise customers to recover from ransomware attacks over the past year, and a number of “very senior individuals who are customers of Telstra” were targeted by business email compromise (BEC) scams.
Penn previously chaired a 6-person industry advisory panel, established in November 2019, that made 60 recommendations to inform the revised national cyber strategy, which was released by Minister Peter Dutton in August 2020.
The panel was revitalised as a 10-person standing industry advisory committee in October 2020, with Penn as chair.
The full committee membership is:
- Andrew Penn, CEO, Telstra (Chair)
- Cathie Reid, Chair, AUCloud (Deputy chair)
- Darren Kane, CISO, NBN Co
- David Tudehope, CEO, Macquarie Telecom Group
- Patrick Wright, CTO/COO, NAB
- Chris Deeble, CEO, Northrop Grumman Australia
- Bevan Slattery, Chairman, FibreSense
- Corinne Best, Trust and Risk Business Leader, PwC Australia
- Rachael Falk, CEO, Cyber Security CRC
- Prof Stephen Smith, UWA Public Policy Institute (ex-Minister of Defence, Foreign Affairs)
The committee released its first discussion paper, on ransomware, in March 2021.
Penn has been with Telstra for 9 years, starting as Chief Financial Officer in 2012, and becoming CEO and Managing Director on 1 May 2015. He previously spent 23 years with the French multinational AXA Group, one of the world’s largest insurance and investment groups.