Humans will surprise you every time: Telstra head of cyber security

The workers in Telstra’s mailroom knew something was strange when the room was clogged with workers asking for the packages they had been sent.

There were no packages waiting for the employees, who had received a phishing email encouraging them to click to track an incoming package. The message did not say that it was in the mailroom – but when the workers decided to get proactive rather than click the email, the mailroom got crowded quickly.

Puzzled calls by mailroom staff eventually revealed the source of the confusion: the IT-security team had been proactively phishing the employees, testing to see whether they would click on a message notifying them of an impending delivery.

But nobody predicted the action many employees would take – and this, Telstra head of cyber security Jacqui McNamara told a capacity crowd at this week’s CSO-Kaspersky Labs Cyber Insights event, highlights the universal problem that security executives face in teaching people to be secure.

“What we’ve found is that everything comes down to humans in the end,” she said. “We keep trying to take humans out of the picture, but humans are unreliable.”