Australians tend to be humble when it comes to announcing achievements to the world.
It’s our point of difference and what makes us so damn likeable. We’re sure of it.
Less time boasting and more time just getting the job done. That’s the Australian way.
When it comes to communicating how good Cythera is at helping Australian businesses stay ahead of cyber security threats, we know that it is one of those things that needs to be shouted from the rooftops.
The reason is, Cythera helps Australian businesses defend against cyber-attacks.
Co-Founders Craig Joyce and Euan Prentice are two of the minds behind the highly successful O2 Networks. They are the go-to experts for Australia’s leading IT businesses and have made a career out of doing what they enjoy.
When they set to work developing their next project to protect Australian businesses, they wanted to work with the best.
In steps Cythera Services Manager Ben Cuthbert.
Ben is that approachable guy who just gets it. In phone or in person, you know straightaway your business is in good hands.
When you’re starting a cyber security business from the ground up, getting him set the tone on how it needs to come together with his experience in security is the right move.
“Before coming to Cythera to kick off the business, I have been working for Silicon Valley based companies for the last 14 years,” said Ben. “F5 Networks, BlueCat Networks and my last stint was with Palo Alto Networks, helping customers at the larger end of town such as banks and government agencies deploy complex security architectures. To be able to take it to Australian businesses has been really exciting.”
Ben is responsible for building the security capabilities that Cythera delivers as well as running the security operations team.
“This is our people watching our customers environment, responding to alerts, responding to incidents and helping to roll technology out.”
“Part of our role is about educating customers and helping them on their journey to reduce their risk and protect their business.”
“Everything from traditional viruses, malware and ransomware has become really prolific. We see a lot of people who come into the office on a Monday and someone has downloaded something and suddenly no one can log into computers within the network.”
“You can imagine if you are a small or a medium business with 100 employees and no one can log into their machines and can’t service their clients or can’t take payments. You can imagine how quickly that would shatter your business.”
“We see a lot of phishing attacks where someone gets sent an email asking them to log into something like Office 365 or Dropbox. They get their credentials stolen,” said Ben.
“We’ve seen a lot of incidents lately where attackers have got access to invoices and they have edited the invoice and resent them to clients with different BSB and Account numbers. If you are a small or medium business that can really effect your bottom line.”
Ben is head of security ops and services at Cythera, with a leadership team comprised of industry veterans with backgrounds as highly successful entrepreneurs, Tier 1 telco or IT vendor providers.
Ben and the Cythera team are passionate advocates with a belief in the criticality of effective cyber security solutions for businesses of all sizes.
One common question we get asked by customers who have been on the receiving end of a cyber incident, is how to go about reporting the incident to authorities. Many of us are well aware of the avenues to take when we are the victim of common crimes like theft or criminal damage, but what’s less clear is how to go about reporting incidences of cyber-crime.
Be it from phishing attacks that compromised user credentials to targeted ransomware attacks that sought to extort your business, reporting is an important part of the remediation cycle. Reporting allows authorities to document and report on the scale of cyber crime in Australia as well as provide you with assistance in investigation and potential later prosecution of attackers.
In the past there were a number of options available to report cyber crime. CERT and ACORN were the common ports of call, however in 2018 CERT was absorbed by the Australian Cyber Security Centre and, since the start of FY20, the Australian Cybercrime Online Reporting Network (ACORN) has been replaced by The Australian Cyber Security Centre’s Cyber Issue Reporting System.
Please report cyber crimes at the following URL: www.cyber.gov.au/report
Reports can be lodged on behalf of individuals or businesses operating in Australia (with a registered ABN) or government departments.
Note: If you have lodged an ACORN report in the past, this will not need to be resubmitted and will follow the previous path for investigation.
Reporting cyber crime is an important responsibility of Australian businesses and cyber professionals. The scale of cyber crime needs to be adequately reported upon and monitored to ensure that investments made by the government and its agencies are focused and concentrated on the Australian threat landscape.
Additionally, if customer or personal data is compromised during a cyber incident, you may have other obligations with reporting upon a breach as part of the OAIC’s Notifiable Data Breaches Scheme. This scheme applies to agencies and organisations that the Privacy Act requires to take steps to secure certain categories of personal information. This includes Australian Government agencies, businesses and not-for-profit organisations with an annual turnover of $3 million or more, credit reporting bodies, health service providers, and many more.
At Cythera we have a strong understanding of the various doorways open to businesses to investigate, remediate and report on cyber incidents including your business’ responsibilities with respect to mandatory data breach notification.
If you believe your business is (or has) been impacted by a cyber incident we can mobilise quickly, work on your behalf to contain risk and provide a surefooted pathway to restoring your cyber security posture. Contact us on 1300 CYTHERA (1300 298 437) to discuss how we can help today.
Often, when we are presenting the state of the cyber security landscape and the risks that unprepared customers expose themselves and their businesses to, we get a real sense that customers nod but don’t really appreciate the gravity of the reality. Seeing statistics on a page and bridging that to a scenario that they can wrap their heads around and relate to their business is hard. Too regularly we have to see a customer being impacted themselves before they realise the magnitude of the danger to their business and their staff that a cyber attack brings.
To help bring home an actual example of a cyber attack on an Australian business which has had significant brand damage, broken trust with upstream providers and customers and created a demonstrable financial impact to their business, you don’t have to look much further than Landmark White.
By now, many of you should be aware of the difficulties facing Landmark White (LMW), one of Australia’s leading independent property valuation organisations. These difficulties have built over the past year, precipitated by a breach leaking customer valuation records that left about 37,500 unique valuation records and 1680 supporting documents sitting openly on the Dark Web in early 2019.
Despite being contacted anonymously through live chat and through the corporate Twitter account, LMW were slow to respond to initial notifications of the breach, with their Twitter channel unmanned over the Christmas holiday period. After a further email notification from the Australian Cyber Security Centre to a vulnerability on an exposed programming interface on their platforms, LMW claim to have closed the vulnerability by January 23rd.
After this breach and subsequent notification of same, LMW stopped trading on the ASX in February 2019. As a result of the incident and the publicity that it received, LMW was “suspended from receiving work from a significant number of clients which is impacting our revenues, profitability and cashflows,” company secretary and CFO John Wise wrote in a letter to the ASX.
A second breach involved posting to SCRIBD that “mostly comprised PDF valuation documents and other operationally related commercial documents”. This incident LMW believe was precipitated by corporate sabotage and potentially internally generated in nature. This next breach was shortly followed by an exodus of staff from the Sydney franchise business a fortnight later. Heading into a trading halt again following this secondary breach, LMW’s market capitalisation more than halved from $39 million at the close of 2018 and to $15.3 million when shares were suspended in June 2019.
There has been much speculation that LMW directors are seeking an exit for the business with leaked emails from the acting Chief Executive Tim Rabbitt stating they “have to consider alternative options for the business including the potential sale of the whole or parts of the business”.
This is an absolutely horrific scenario and I’m sure there are many people within LMW today who would love to be able to roll back the tape and make some different decisions on how they prepared their business and their cyber security approach.
In part 2 of this article, I will spend some time discussing the biggest drivers we see related to cyber security incidents and outline some suggestions on how you might position your business to best defend itself from the potential of a cyber attack.
The risk to your business in a cyber attack isn’t limited to remediation activities or solely to brand damage. It’s now often linked to a loss of trust with trading partners (with knock on revenue impacts), a breakdown of corporate culture which can lead to staff attrition and a real likelihood that your business will become insolvent. In Part 1 of this article, I gave the example of a real Australian business, Landmark White. Today Landmark White are battling through the impacts of multiple IT data breaches within their property valuation business in late 2018 and 2019.
Common Drivers To a Bad Outcome
The biggest drivers we see in organisations that lead to cyber related incidents and IT data breaches are:
We’ve all heard the horror stories of social engineering or phishing emails that compromise the least IT literate members of your staff and leverage these to launch attacks against businesses. But cyber security is everyone’s responsibility, much in the same way physical security is the responsibility of all staff in a building. An active and ongoing cyber awareness program is critical in businesses of all shapes and sizes; it needs to be reinforced by (and from) the leadership in the organisation as being considered a high priority and it something everyone should be measured against.
Are you scanning your environment daily for vulnerabilities and are you on top of your patching and maintenance of applications, services and infrastructure? This is a crucial function within your business that isn’t just limited to penetration testing (though that is important) but about total lifecycle management and hygiene for all components in your IT stack, including third party providers if you use them.
Use frameworks like the ASD Essential 8 as a starting point to guide risk management activities, but don’t be afraid to cherry pick the best of NIST or CIS to get something that is right sized for your business too. These Frameworks should be seen as starting points, not shopping lists for compliance and risk needs that fit every business.
Many organisations collect logs and run a series of disparate systems to gain insights into their business’s IT function. In our time we have seen a litany of SIEM solutions growing dust in a corner, being ineffective at protecting businesses from delivering any insights let alone preventing an attack. The traditional SOC / SIEM approach is rapidly becoming overtaken by an integrated Managed Detection and Response (MDR) approach that couples SOC-as-a-Service and SIEM functionality with User and Entity Behaviour Analytics (UEBA), threat hunting and incident response capabilities as a turnkey outcome.
Can your organisation justify 24×7 “eyes on glass” to monitor your security environment and provide you the visibility that you need to detect threats in near real time? It’s often a collaborative approach with a managed service provider partner that makes the most financial sense for organisations.
I can’t tell you how many customers we still see that run legacy AV technologies and stateful inspection firewalls and think that they are protected from cyber threats. What worked well in 2001, isn’t fit for purpose today. Many attacks sail on through email or are enabled through legacy technologies like DNS; A dedicated attacker will use any and all tricks in their inventory to get past your defences.
Building a layered security approach with next generation technologies that interoperate nicely together is critical. Technologies like Deep Learning are providing unique mechanisms to block signatureless malware and solutions like EndPoint Detect & Response (EDR) are helping detect and stop attacks in their tracks through global scale intelligence sharing and endpoint integrated protection stacks. Cloud Access Security Brokerage (CASB) solutions let you gain visibility and an ability to enforce cloud data policy no matter where you store your data or manage your workloads. Look long and hard at your IT stack and leverage what is available today and don’t be afraid to turn off what you used yesterday.
If you think a cyber attack won’t happen to you, you may be right, but I’d wager it will only be a matter of time (if it hasn’t happened already). Our job isn’t to scare people into taking this stuff seriously, it is about helping prepare and protect our customers for the inevitable.
If you think you’re ready to start looking hard at your business and its readiness for a cyber attack, please reach out to us at Cythera. We love helping our customers protect themselves and their customers and we have solutions that fit businesses of all sizes. From our monthly subscription bundles, our professional services, to our turnkey Managed Detection & Response platform, we have a wide range of offerings to fit your business needs.
Let’s help you get started today.
A Managed Security Services Provider (MSSP) allows a business to selectively consume externally provided cyber security services to meet the business objectives of your organisation. Here at Cythera we have built a wide range of services and platforms that our customers can consume on a monthly basis, allowing for business to consider contracting security services rather than managing them in-house (or worse, doing nothing at all.)
But what are the benefits to partnering with a MSSP?
Do you have a dedicated security operations centre with staff looking at logs, systems and events 24×7? This is a very expensive and labour heavy endeavour, one that is extremely difficult to resource with the current cyber security skills shortage. Are you doing the best thing by your business by not ensuring you have suitably skilled engineers looking at your security environment around the clock looking for indicators of compromise in your network?
Working with a MSSP lets you know you have a team of security professionals protecting your business 24×7. Professionals with a high degree of experience in managing your technology suite and a focus on helping ensure you don’t get breached.
Even if you have an internal security team, a MSSP will be able to augment your team and leverage their experience across many customer accounts to give you strong strategic advice and assistance to let you adapt to the changing threat landscape. This extends the impact of your internal teams, giving your stakeholders the information they need to successfully grow their business.
Building a full-scale internal cyber security team or a security operations centre comes at a not insignificant cost. Is your business prepared to invest heavily in technology and people and continue to invest in these areas to stay in front of the latest advances of cyberattacks?
A Managed Detection & Response solution from Cythera with 24×7 monitoring for a mid-sized organisation (250-500 staff) will often cost you less than the cost of having a dedicated security professional on staff each year. This is before you factor in the costs of the necessary infrastructure technology you’d need to deliver a similar outcome, let alone the fact that this single engineer would need a never ending supply of NoDoze to allow you to be aware 24×7 of what is happening in your business.
Chosing a MSSP like Cythera lets our customers gain access to the best intelligence about the local Australian cyber security realm, as well as access to world class technology platforms from tier one vendors, selected because they represent the best cyber security protection available today. For smaller businesses, this means that you have access to the types of cyber security protection technologies that would ordinarily only be available to the largest enterprises, but at a price point that won’t break the bank, coupled with threat intelligence relevant to the local market.
The attacks of today are just as likely to come knocking at the door of small to medium enterprises and it is demonstrably risky to not have adequate security measures in place to protect your business . A breach can bring a business of any size to their knees.
Your MSSP is the responsible party when it comes to maintaining, patching, and upgrading the cyber security technology offers that supports your business. No longer do you need to manage complex patching schedules, deal with out of date hardware or technologies that don’t do what you need them to do anymore. At Cythera we own all of that responsibility, constantly patching and maintaining the technologies that protect your users and keeping attackers at bay.
We spend a lot of our time testing, piloting and evaluating the latest cyber security technology offers and ascertaining what is the best fit for our customers as the threats and attacks customers are exposed to evolve. If part of our portfolio needs augmenting or replacement, we do so as part of your MSSP contract, all transparently and with no cost to you as the customer.
As a MSSP, Cythera sits across many customer networks, gaining visibility of the threats commonly (and uncommonly) seen in Australian businesses. We can helpfully provide your business with an outsiders perspective on perceived gaps in your overall cyber security strategy. Additionally, we offer training services to help prepare your business for potential breaches and how to manage these incidents in a controlled and assured fashion. Cythera has a robust cyber security posture assessment methodology based on the ASD Essential 8 and the NIST framework which we can collaboratively work through with your business to gauge your cyber readiness and we offer a wide range of penetration, vulnerability and compromise assessments to test your businesses cyber defences.
The Cythera portfolio is built from a series of cohesive managed cyber security solutions, designed with the threat landscape of today and tomorrow in mind. We help you defend your organisation, your users and your applications from malicious threats so you can focus on growing your business.
With no upfront capital costs and the freedom of a monthly billing cycle, Cythera’s Security-as-a-Service offering gives your business the ability to immediately consume services, straight from the cloud. We worry about making sure you have all of the capacity you need with our linearly scalable solution set. On-boarding can occur in as little as hours and delivery of our service offering is totally untethered from your choice of cloud or telecommunications providers.
Contact Cythera today to learn more.