Blog - Page 21 of 159 - Techbest - Top Tech Reviews In Australia

Is Your Security Approach Ready as AI Enters the Workforce?


We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!

AI in the Workforce: Transforming Security Approaches

Brief Overview

  • AI is moving from a supportive function to a leading role within the workforce.
  • Conventional identity governance falls short in AI-oriented environments.
  • AI entities with enhanced access levels present serious security threats.
  • Automated, AI-driven identity management is essential for safeguarding security.
  • Leadership must align identity strategies with AI projects.

AI: The New Leader in the Workforce

AI is entering the workforce. Is your security framework ready?

The adoption of Agentic AI in business practices is transforming today’s workforce. As AI evolves from a supportive role into a key player, companies must navigate a substantial change in security and governance frameworks.

The Emergence of Machines and the Decline of Traditional Thinking

Conventional identity governance, focused on human employees, is becoming irrelevant. AI agents are introduced via IT projects without standard protocols, resulting in a rise of poorly governed, excessively privileged non-human identities.

The Human Price, The Risk of Machines

While AI offers improved efficiency, it also brings forth notable security vulnerabilities. AI agents demand enhanced access, thereby enlarging the attack surface that can be targeted by malicious actors. Many businesses, especially in Australia, lack the mechanisms needed to address these risks.

Updating Machine Identity Lifecycle Management

Businesses require AI-enhanced identity lifecycle management to streamline access provisioning and maintain real-time visibility. This strategy is vital for upholding compliance and enforcing security measures in an AI-centric ecosystem.

Leaders Must Embrace This Transformation

The challenge of overseeing AI and human identities goes beyond the IT department. Senior leaders need to work collaboratively across various departments to refresh identity governance and embed it into all AI-related initiatives.

Conclusion

With AI becoming a vital element of the workforce, organisations in Australia must evolve their identity management approaches to lessen security dangers. This entails automating identity lifecycle management and promoting interdepartmental collaboration to excel in the AI-fueled enterprise landscape.

Questions & Answers

Q: Why is conventional identity governance insufficient for AI?

A: Conventional strategies concentrate on human identities and are ill-equipped to manage the swift, extensive arrival of AI agents, resulting in governance voids and security concerns.

Q: What risks do AI agents with enhanced access present?

A: Proper management is lacking, meaning AI agents with elevated access create a broader attack surface, heightening the possibility of exploitation by cyber threats.

Q: How can organisations enhance identity management for AI?

A: Through the adoption of automated, AI-enhanced identity lifecycle management systems that offer real-time insights and uphold least privilege access principles.

Q: What role do leaders play in authority governance for AI?

A: Leaders from different departments must collaborate to weave identity strategies into AI initiatives, guaranteeing thorough governance and security.

Q: In what way does AI integration affect organisational security strategies?

A: The integration of AI necessitates a shift in security tactics to confront the distinctive challenges of managing non-human identities and assuring stringent access control.

Q: Why is a “kill switch” important for AI agents?

A: A “kill switch” enables organisations to instantly revoke access for AI agents that act unpredictably, reducing potential security perils.

Orica Enhances GenAI Features with Now Assist


We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!

Orica’s AI Transformation in IT Support

Quick Overview

  • Orica incorporates 20 AI-enhanced capabilities into its IT service desk.
  • The organization recently implemented five new AI use cases using Now Assist.
  • AI workloads now encompass 75% of Orica’s IT support team.
  • Virtual agents’ success rate has doubled since the rollout.
  • Orica has transitioned from a tech-driven to a process-driven AI strategy.
  • ServiceNow Control Tower set to bolster AI scaling and governance.

Orica’s AI Growth in IT Support

Orica, a frontrunner in explosives and blasting systems, is revamping its IT service desk operations with cutting-edge AI functionalities. A year post the integration of ServiceNow’s generative AI suite, the firm has introduced 20 AI-enabled capabilities, recently highlighting five groundbreaking use cases via the Now Assist toolkit.

Orica enhances GenAI capabilities with Now Assist

Success and Adoption Driven by AI

Bradley Hunt, Orica’s DevOps and regional apps manager, underscored the significant influence of AI on the IT support team, with AI now assigning tasks to 75% of the team in the past quarter. During the ServiceNow World Forum in Sydney, Hunt mentioned that the initial strategy was tech-driven, aimed at acquainting staff with AI functionalities.

After joining the early access program for Now Assist, Orica swiftly doubled its virtual agents’ success rate, currently rerouting 94% of effective flows from the service desk. The engagement with AI among IT personnel has surged by 70% over the last six months, enabling roughly 12,000 AI-driven actions each month.

Transitioning from Tech-Led to Process-Led

Orica has effectively moved to a process-led methodology, concentrating on weaving AI into team workflows to optimise return on investment. The organization’s approach includes outlining team processes to locate areas where AI can reduce or eliminate steps, which enhances operational efficiency and governance.

ServiceNow Control Tower for Future Development

Orica is overseeing its AI demand and governance through the ServiceNow platform, acting as a singular source of truth for converting AI concepts into production-ready solutions. CIO Rachael Sandel highlighted the importance of the ServiceNow Control Tower in offering visibility, coordination, and automation to support AI scaling.

“It’s not solely about technology,” Sandel remarked. “It’s about fostering an environment where AI can flourish.”

Conclusion

Orica’s deployment of ServiceNow’s generative AI suite within its IT service desk has significantly enhanced efficiency and adoption rates. With a transition from tech-driven to process-driven approaches, Orica is set to further advance its AI capabilities leveraging the ServiceNow Control Tower.

Q&A

Q: What is Orica’s main objective with AI integration?

A: Orica seeks to improve efficiency and effectiveness in IT support by incorporating advanced AI functionalities.

Q: What has been the effect of AI on Orica’s IT support team?

A: AI has assigned tasks to 75% of the IT support personnel, markedly enhancing workflow and productivity.

Q: What is the forthcoming step in Orica’s AI strategy?

A: The next step involves leveraging the ServiceNow Control Tower for enhanced visibility, coordination, and automation.

Q: How has the adoption of virtual agents evolved at Orica?

A: The success rate with virtual agents has increased, deflecting 94% of effective flows from the service desk.

Q: What does the transition from tech-led to process-led mean?

A: It signifies a focus on integrating AI into workflows to enhance efficiency and ROI, rather than merely implementing technology.

PHILIPS TAT2149WT Wireless Bluetooth Earbuds Review


We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!

PHILIPS TAT2149WT Wireless Bluetooth Earbuds – Small Earbuds Great Value Natural Sound with Dynamic Bass, Clear Calls and Pocket Size Charging Case – White

Home Affairs Signs $25 Million Biometrics Renewal Agreement with Unisys


We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!

Renewal of Home Affairs and Unisys Biometrics Agreement

Renewal of Home Affairs and Unisys Biometrics Agreement

Home Affairs finalizes $25 million biometrics renewal with Unisys

Brief Overview

  • Home Affairs has renewed its biometrics contract with Unisys for $25 million over three years.
  • EBIS platform aids in identity authentication through biometrics such as facial recognition and fingerprints.
  • Initial contract with Unisys commenced in 2018, originally worth $44 million.
  • The new agreement prolongs the operation and assistance of EBIS until 2028.
  • Responsibilities related to policy and strategy have been shifted to the Attorney-General’s Department.

Overview of the Agreement

The Australian Department of Home Affairs has reinstated its collaboration with Unisys, extending the utilization of its biometrics platform via a new $25 million three-year agreement. This renewed deal guarantees that Unisys’ Enterprise Biometric Identification Services (EBIS) system remains functional, enabling secure identity confirmation for migrants and travelers.

Background on the EBIS System

Initially launched in 2018, the EBIS system was created by Unisys with an initial contract worth $44 million. The system uses Unisys’ Stealth identity platform, allowing effective matching of biometric information such as facial images and fingerprints against watch lists. EBIS became active in 2020, succeeding a prior Unisys system that was in operation for 12 years. Over time, the original deal grew to a total of $77 million before concluding in June 2025.

Contract Specifications and Future Plans

The latest agreement, although valued at $25 million, extends the operational support of the EBIS system until 2028. However, the contract includes a maximum service end date of 2024 for certain services. This renewed contract includes essential software maintenance and support services, ensuring the consistent reliability of the EBIS platform in safeguarding identity verification operations.

Shifts in Departmental Roles

In spite of the renewal, Home Affairs has shifted some of its identity and biometrics responsibilities to the Attorney-General’s Department (AGD). This shift involved transferring biometrics assets valued at $23 million as of August 31, 2023. This strategic move reflects wider policy and administrative transformations within government departments.

Conclusion

The Australian Department of Home Affairs continues to be dedicated to securing its borders and verifying identities through cutting-edge biometrics technology. By renewing its agreement with Unisys, the department guarantees continuity and dependability in its biometric systems, despite departmental changes and evolving responsibilities.

Frequently Asked Questions

Q: What is the total value of the new agreement between Home Affairs and Unisys?

A: The total value of the new agreement is $25 million over three years.

Q: What function does the EBIS system serve?

A: The EBIS system is utilized for identity authentication via biometrics such as facial recognition and fingerprints to compare against watch lists.

Q: When was the EBIS system first introduced?

A: The EBIS system was first introduced in 2018 and became operational in 2020.

Q: For how long is the new agreement expected to be in effect?

A: The agreement extends the operation and support of EBIS until 2028, with a maximum service end date of 2024 for specific components.

Q: Why were the biometrics responsibilities transferred to the Attorney-General’s Department?

A: This transfer was part of a strategic shift in policy and administration, reflecting broader governmental changes.

Pink Wireless Earbuds,Bluetooth In Ear Headphone with Microphone Review


We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!

Pink Wireless Earbuds,Bluetooth In Ear Headphone with Microphone Comfort&Lightweight Earbud with Noise Cancellation,3D Surround Stereo,Long Life Portable Mini Charging Case(S/M/L earctips)

Hackers Obtained Clorox Passwords via Basic Social Engineering Techniques, Lawsuit Discloses


We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!

Quick Overview

  • Clorox filed a lawsuit against Cognizant following a cyber attack in 2023.
  • Hackers obtained Clorox passwords through social engineering techniques.
  • The breach caused damages amounting to US$380 million (A$576 million).
  • Scattered Spider hackers deceived IT support desks to gain credentials.
  • The lawsuit emphasizes security shortcomings on Cognizant’s part.

Overview of the Cyber Attack

In August 2023, Clorox, a manufacturer of bleach, encountered a significant cyber attack carried out by the hacking collective known as Scattered Spider. This group is infamous for leveraging social engineering strategies, predominantly aimed at IT support desks to obtain credentials, subsequently exploited for ransomware attacks.

Information on the Lawsuit

Clorox has initiated legal action against its IT service provider, Cognizant, asserting that the hackers accessed sensitive passwords through basic social engineering methods. The lawsuit, lodged in California state court, accuses Cognizant of insufficiently securing Clorox’s network by providing credentials without thorough verification.

Hackers’ Approach and Implementation

The hackers reportedly reached out to the Cognizant Service Desk, seeking access to Clorox’s network. Alarmingly, the service desk released the credentials without applying fundamental verification steps, such as confirming employee identification numbers or verifying the identity of the caller’s supervisor.

Impact of the Breach

The breach resulted in US$380 million (A$576 million) worth of damages to Clorox. This included around US$50 million set aside for recovery efforts, while the remainder was due to Clorox’s inability to supply products to retailers after the attack.

Deficiencies in IT Security

Clorox’s lawsuit highlights various security deficiencies by Cognizant, including improper termination of certain accounts and flawed data recovery methods, which aggravated the breach’s consequences.

Conclusion

The cyber attack on Clorox, executed by the Scattered Spider group, reveals critical weaknesses in IT security protocols. By taking advantage of straightforward social engineering methods, hackers inflicted substantial financial harm and disrupted Clorox’s business operations. The legal action against Cognizant emphasizes the pressing need for strong security practices and comprehensive verification processes in IT services.

Q&A

Q: Why did Clorox decide to take legal action against Cognizant?

A: Clorox sued Cognizant after a cyber attack exposed significant security flaws, enabling hackers to access passwords through social engineering strategies.

Q: In what manner did the hackers infiltrate Clorox’s network?

A: The hackers leveraged social engineering to mislead Cognizant’s IT help desk into providing network credentials without proper verification.

Q: What financial consequences did the attack have on Clorox?

A: The attack led to US$380 million (A$576 million) in damages, comprising US$50 million in recovery expenses and interruptions in product distribution.

Q: What security shortcomings did Clorox point out in their lawsuit?

A: Clorox identified issues such as insufficient account deactivation and faulty data restoration practices, which added to the attack’s impact.

Q: What role does the Scattered Spider group play in this incident?

A: Scattered Spider is a hacking group recognized for employing social engineering to manipulate IT staff, gaining unauthorized access to networks for ransomware purposes.

Microsoft Reports Ransomware Utilization by Specific SharePoint Server Intruders


We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!

Rising Menace: SharePoint Server Hackers Now Employing Ransomware

Brief Overview

  • Microsoft discloses ransomware usage in active cyber-espionage operations.
  • Storm-2603 group takes advantage of SharePoint server weaknesses.
  • Over 400 victims identified, with a likelihood of additional cases.
  • Ransomware interrupts networks, insisting on cryptocurrency payments.
  • Unaddressed security vulnerabilities in Microsoft SharePoint lie at the heart of the campaign.
  • Chinese hackers are suspected, but Beijing refutes any connection.

Intensifying Ransomware Operations

Microsoft has disclosed that a cyber-espionage faction known as “Storm-2603” is currently utilizing ransomware in their operations against susceptible SharePoint server applications. This represents a notable escalation in the campaign, which has reportedly impacted at least 400 victims, as stated by Eye Security, a cybersecurity company based in the Netherlands.

SharePoint server hackers use ransomware

Consequences and Reactions

In contrast to conventional state-sponsored cyber operations centered around data theft, ransomware has the potential to create significant disturbances. The tally of affected organizations has surged from 100 to 400, with Eye Security indicating that this count might underestimate the reality due to unidentified attack paths. Vaisha Bernard, chief hacker at Eye Security, mentioned that various breaches may not produce obvious traces.

The National Institutes of Health is among those targeted, and server breaches have been confirmed. Preventive actions are being taken, which include the isolation of additional servers. The initial breach reports were published in the Washington Post.

Weakness and Abuse

The campaign emerged after Microsoft’s incomplete remedy of a crucial security vulnerability in its SharePoint server software. This security gap triggered a hasty effort to implement corrections. Both Microsoft and Alphabet, the parent company of Google, have cited Chinese hackers as exploiters of this flaw, although Beijing has denied any participation.

Recap

To summarize, the current cyber-espionage efforts against susceptible SharePoint servers have escalated with the incorporation of ransomware by the Storm-2603 group. This development emphasizes the necessity of securing IT infrastructure and illustrates the complex dynamics of global cyber threats.

Common Questions

Q: What is the primary threat highlighted by Microsoft?

A: Microsoft indicates a major threat involving ransomware deployment by the Storm-2603 group targeting susceptible SharePoint server software.

Q: How many organizations have been affected?

A: At least 400 organizations have faced impacts, according to Eye Security, with the possibility of more undiscovered victims.

Q: How does ransomware generally function?

A: Ransomware operates by incapacitating victims’ networks, denying access until a digital currency payment is made to the perpetrators.

Q: What was the initial cause of the vulnerability?

A: The vulnerability stemmed from Microsoft’s inadequate patching of a security gap in its SharePoint server software.

Q: Who is thought to be exploiting the vulnerability?

A: Microsoft and Alphabet suspect Chinese hackers are taking advantage of the flaw, yet Beijing denies any involvement.