Partnerships should help build capability

Individuals and companies like to use the term ‘partnership’ when trying to build rapport and relationships.  This creates a sense of cooperation, collaboration and alliance for a beneficial outcome of each party.  

Current market conditions may reflect a potential deflationary environment where organisations may pull back from hiring new staff.  If this happens, how does your organisation react to changing conditions in departments?   Consider how your ICT department operates.  Are you willing to increase headcount to build internal capabilities, or would building a partnership with a domain expert be more efficient with departmental funds?  

Here are five questions to consider when assessing ICT department’s cyber security capabilities: 

  1. What’s important to our business when choosing a partnership? 
  2. How do we define a partnership vs a supplier? 
  3. Do we have budget to hire internally? 
  4. Who in our department has cyber security capabilities? 
  5. How would a partnership augment our internal capabilities? 

Whether you want to outsource activities or augment your existing team, find out how your organisation is willing to build a partnership while building capabilities.  Consider Managed Detection & Response activities and how your current team would handle threats in real time.  Examine how other protection capabilities could be managed with a fresh partnership. 

Cythera commenced operations to help organisations of all sizes with cyber security capabilities. Building a long-term partnership is the ethos of company culture knowing sensitive data and data sources need protecting.   Value is derived from a mutual benefit in all partnerships.  

Get in contact with Team Cythera to better build your department capabilities.

Why You Shouldn’t Be Reusing Passwords In 2020

Who out there has been guilty of reusing a password? We’re all guilty of it! Results from a recent Google survey discovered that at least 65% of people reuse passwords on multiple sites, sometimes even all sites. Whilst this may provide convenience and ease of use to access the everyday applications you use; you’re putting yourself and your sensitive data at risk.

Have I Been Compromised?
Crafty attackers utilise tools to find passwords in previous account breaches and can then go on to compromise any number of accounts that you own with that same password. This tactic is known as credential stuffing. This essentially means that if you use the same password for Facebook and your online banking, it may result in a tarnished image and an empty bank account if a threat actor gets ahold of your password. You can check your email accounts against HaveIBeenPwned to verify if your email address(s) have been involved in any known breaches. You can go one step further to see if your password has been used before and even integrate it into your user registration pages via HaveIBeenPwnedPasswords.

Password Manager
This is your safe to all your passwords. It’s much more secure than your sticky notes that contain passwords stuck to your monitor! Best practice would be to take an inventory of all the web applications you log into and change the password on each site. Password managers can generate complicated passwords, and you don’t need to remember them, because that’s the password manager’s job. Bitwarden or 1Password are good options to solve this. At this time of writing, Bitwarden is open source and free for public use.

Multi-Factor Authentication
Alongside a password manager, you’ll also want to enable multifactor authentication (Also known as 2 Factor authentication or 2FA) on all sites and applications that have the capabilities to do so. Enabling 2FA will provide an extra step to prove you are who you say you are. The primary method is something you know (Your password), and the 2nd factor is something you have. This will generally be a mobile device or a physical token.
You’ll need an authenticator app in order to properly use MFA. You can download and install Google Authenticator which is commonly used from your mobile device’s app store. Additionally, some password managers will allow the use of MFA tokens and one time codes so that you can authenticate your web application in one go.

Organisational Impact
Your users are your biggest asset, but also the weakest link in the chain. It only takes one user that has had their credentials compromised by an attacker to cause severe damage to your businesses reputation. Depending on the security measures in place, once the attacker retrieves those credentials, they may be able to perform anything that that user has access to do. Threat actors are becoming more resourceful than ever before, so think twice before implementing the same password for another web application.
Finally, it’s imperative that all organisations have multifactor authentication enabled for:
·        VPN connections
·        Remote Desktop connectivity applications
·        Office365
·        Outlook desktop

These measures will help further secure your users and business from malicious attackers.

The greatest security toolset you may not be using : Visibility

The Cythera security operations team has detected and responded to several security incidents with our clients over the last few weeks and a common theme brought all of them to light : visibility.

So, you’re running firewalls, and IPS, and next-gen anti-virus, and multi-factor authentication. And you’re logging it all. You’re even pumping it all into a SIEM . Fantastic! You’re already doing better than many organisations.

But what are you doing with that data? Is it just a huge log store? Do you just use it to replay the tape if there is an issue? Does it to populate pretty dashboards? Do you have to write custom log queries or correlation rules to try get any meaningful insights out of it?

They’re in!

Let’s look at a breach we detected, responded to and stopped for a client. Like many of these stories, it started with a user getting phished. They received an email from who they thought was a trusted contact, and in the process was prompted for a login to their corporate email, where they entered their credentials.

The organisation had Multi Factor Authentication so the story should wrap up here. But MFA is not a panacea, and for many organisations multi factor is still a complex beast to roll out everywhere; there’s often legacy apps and multiple operating system dependencies to support. In this case, due to one of these dependencies MFA had been disabled for a specific application and the attacker worked that out, and used it to start accessing and downloading data.

Detecting this incident is where visibility goes well beyond logging. User behavioural analytics picked up that the user was accessing services from both unusual and multiple locations. Deception technology meant the attacker hit tripwires we had set in the organisation. What might have been completely missed in many organisations, or just another alert log to others was for us transformed into an investigation our team responded to, and ultimately used to stop the attack mid-flight.

What else did we find?

  • Attacker was bouncing between VPN’s trying to mask themselves and bypass geo blocking.
  • One of the IP’s had been used in a previous brute force.
  • They accessed services the user had never accessed before.

Many of the organisations we work with focus heavily on prevention capabilities, but are often blind to events and incidents when those prevention mechanisms let something through (and they will all miss something at some point).

If you need help with security monitoring, visibility as well as security detection and response our Managed Detection & Response Platform can provide you with real value. Reach out to us if you would like to discuss.

Protecting a distributed workforce.

COVID-19 has quickly switched many organisations to full work remote / from home policies, and IT teams are dusting off disaster recovery and business continuity plans. We know hackers are using Coronavirus to target users, so it’s important to keep security front of mind when protecting a distributed workforce.

After talking about this topic with a few clients, I thought i’d share my security tips to consider when protecting a remote and highly distributed workforce.

Protecting Endpoints

This seems obvious, to provide some level protection from malware and exploits on endpoints. But keep in mind many organisations do not supply staff with laptops or home workstations, so they may well be accessing corporate email or data from home machines outside of the normal corporate security standards and monitoring. Keep mobile devices and tablets in mind here too. Many technology vendors are providing additional burst or top up licensing so be sure to look into this.

Get Visibility

A highly distributed workforce creates visibility challenges too. Where your users usually connected via fixed perimeters you controlled, now they could be accessing cloud and SaaS data from anywhere, on any device. A Secure Web Gateway is a good solution for this, as it provides visibility into applications and data users are interacting with, and lets you enforce your corporate security policies no matter what they’re accessing. It also connects users to a global point-of-presence network, meaning you don’t have to drag your users back through your own perimeter in order to get visibility and enable your users to access applications.

Dust off that VPN!

Suddenly that often malnourished remote access solution is critical infrastructure. If you do need to connect staff into your environment to access applications, confirm your VPN is provisioned to handle 60-75% of your workforce connecting concurrently. This is also a really good time to ensure multi factor authentication is enabled on all your entry points, including VPN’s (you would be surprised how often it isn’t!).

Cythera provides a Secure Access solution through Cato Networks global points of presence that can be stood up in hours if you need assistance here.

Be able to detect & respond.

This is really a dovetail on the visibility point, but with your users remote, accessing services from anywhere potentially on any device, logging and visibility have never been more important. Ensure you’re taking feeds from your cloud and SaaS applications, and comparing them to security and endpoint data, and running some form of behavioural and threat analysis over them. This will give you a really good head start to detecting and responding to threats before they become incidents. It might be as simple as why is Mary from HR logging in from Melbourne, and then five minutes later successfully authenticating from India. Or it might be a more sophisticated user making Powershell or API calls they have never made before. Visibility is key here. A detection and response platform can give you a good head start if you feel you’re lacking here.

Significant changes in working patterns demand that cyber security be front and centre in your IT planning. Reach out to the Cythera team if you need some air cover.

The Cythera Security Platform

The basic defense trifecta smart businesses are deploying in 2020

2020 is shaping up to be a big year in the cyber security space for Australian business.

Organisations globally are looking to streamline operations and get an edge to stay ahead of the competition.

Savvy leaders will make sure their attention always remains on their core capabilities.

This includes keeping an eye on their core offering and making sure they nail delivery on all elements of their business.

It also means ensuring they keep costs down and sales up.

Highly effective business leaders take foundational steps to make sure business interruptions are minimal at all times.

Owners and decision makers of large scale manufacturing businesses through to highly sort-after local dentistry practices are always well positioned when planning is considered and risks to the business addressed early.

In 2020, cyber security incidents remain a real threat to every Australian business.

Businesses looking to be well positioned in their cyber security defences work towards three main elements.

Cythera Services Manager Ben Cuthbert explains with his three top tips.

Watch as Cythera’s co-founder and head of Security Operations Ben Cuthbert shares his top three tips for defending against cyber attacks

TIP #1. Update your software. Now.

“First of all. Patch,” said Ben. “A lot of people disable software updates or hit the ‘remind me tomorrow’ button on software updates for months on end.”

“Operating system vendors are not just putting out new features or updates, they are often putting out urgent software patches and software fixes.”

“Be more disciplined in terms of keeping software up to date and keep your laptops and operating systems patched.”

TIP #2. Two Factor Authentication.

“A lot of the attacks we’re seeing are based on credential stealing attacks or phishing attacks. One way to try to thwart that is by adding two factor authentication.”

How does multi factor authentication work?

“You enter in your username and password and you have to add in something else such as a code sent to your phone or you need to hit approve within an application,” states Ben.

“It is just another way to validate that it is really you performing an action rather than someone that has stolen your account.”

TIP #3: Upskill your team

“Trying to upskill your staff is the third really big one,” Ben says. “Running a cyber security awareness program or having cyber security awareness as part of your onboarding for staff educating them on cyber security topics.”

Ben Cuthbert is Services Manager of Cythera, with a leadership team comprised of industry veterans with backgrounds as highly successful entrepreneurs, Tier 1 telco and IT security vendors.

Ben and the Cythera team are passionate advocates with a belief in the criticality of effective cyber security solutions for businesses of all sizes.

Find out more on the Cythera Security Platform.

Making enterprise security defences available to every Australian business

Well-known IT leader Euan Prentice has two missions in life. To visit 100 countries by the age of 50 and to ensure that every single Australian business has access to the same level of cyber security protection.

“Having a purpose attached to an IT company is actually a really enjoyable thing,” said Euan.

“I fundamentally believe that cyber security threatens all Australian businesses and should be affordable to all Australian businesses. That just hasn’t been the case in the past.”

With Cythera bucking the trend by bringing affordable, class-leading cyber security solutions to Australian businesses, Euan’s second mission is looking on track.

“Cythera exists to help Australian businesses protect themselves against cyber-attacks,” said Euan.

“Everybody faces the same threats today equally. Whether you are a dentist, a medium sized manufacturer or a large bank. You are subject to the same problems universally.”

Watch as Cythera Co-Founder and Director Euan Prentice shares why he believes in making enterprise security defences available for every Australian business.

Sitting within Cythera’s Melbourne Headquarters, Euan sheds light on the highly complex architecture that underpins the security efforts that Cythera deploys for clients.

“I think people enjoy dealing with Australian businesses located in Australia,” said Euan. “And staffed by Australians.”

Euan Prentice’s formal background was in law and mathematics however believes that IT has always been a hobby and therefor it has been his career.

“I have done it for over 20 years in a variety of roles from Project Management to Account Management and running and owning businesses.”

Euan previously co-founded the highly reputable and successful company O2 Networks with leading cyber security expert Craig Joyce.

“O2 Networks was an incredibly successful IT networking and security consulting firm. We went to large clients and advised them on how to build robust networks that were secure.”

“What we wanted to do was bring those skills to all Australian businesses. Not just the big ones.”

Euan Prentice is passionate about all things technology. From FinTech to Cyber Security, Euan has a proven track record of building highly reputable and successful IT companies.

Euan leads the passionate team at Cythera, known for their role as passionate advocates with a belief in the criticality of effective cyber security solutions for businesses of all sizes.

Cythera understands the challenges local businesses face protecting their business from cyber threats and has built Cythera from the ground up to support businesses to meet these demands.

Read more on Euan and the Cythera leadership team.

Security Operations head shares some of the common cyber threats facing Australian businesses.

Australians tend to be humble when it comes to announcing achievements to the world.

It’s our point of difference and what makes us so damn likeable. We’re sure of it.

Less time boasting and more time just getting the job done. That’s the Australian way.

When it comes to communicating how good Cythera is at helping Australian businesses stay ahead of cyber security threats, we know that it is one of those things that needs to be shouted from the rooftops.

The reason is, Cythera helps Australian businesses defend against cyber-attacks.

Co-Founders Craig Joyce and Euan Prentice are two of the minds behind the highly successful O2 Networks. They are the go-to experts for Australia’s leading IT businesses and have made a career out of doing what they enjoy.

When they set to work developing their next project to protect Australian businesses, they wanted to work with the best.

In steps Cythera Services Manager Ben Cuthbert.

Ben is that approachable guy who just gets it. In phone or in person, you know straightaway your business is in good hands.

When you’re starting a cyber security business from the ground up, getting him set the tone on how it needs to come together with his experience in security is the right move.

Watch as Cythera Services Manager Ben Cuthbert shares some of the common cyber threats facing Australian businesses.

“Before coming to Cythera to kick off the business, I have been working for Silicon Valley based companies for the last 14 years,” said Ben. “F5 Networks, BlueCat Networks and my last stint was with Palo Alto Networks, helping customers at the larger end of town such as banks and government agencies deploy complex security architectures. To be able to take it to Australian businesses has been really exciting.”

Ben is responsible for building the security capabilities that Cythera delivers as well as running the security operations team.

“This is our people watching our customers environment, responding to alerts, responding to incidents and helping to roll technology out.”

“Part of our role is about educating customers and helping them on their journey to reduce their risk and protect their business.”

When to report a cyber incident.

“Everything from traditional viruses, malware and ransomware has become really prolific. We see a lot of people who come into the office on a Monday and someone has downloaded something and suddenly no one can log into computers within the network.”

“You can imagine if you are a small or a medium business with 100 employees and no one can log into their machines and can’t service their clients or can’t take payments. You can imagine how quickly that would shatter your business.”

“We see a lot of phishing attacks where someone gets sent an email asking them to log into something like Office 365 or Dropbox. They get their credentials stolen,” said Ben.

“We’ve seen a lot of incidents lately where attackers have got access to invoices and they have edited the invoice and resent them to clients with different BSB and Account numbers. If you are a small or medium business that can really effect your bottom line.”

Ben is head of security ops and services at Cythera, with a leadership team comprised of industry veterans with backgrounds as highly successful entrepreneurs, Tier 1 telco or IT vendor providers.

Ben and the Cythera team are passionate advocates with a belief in the criticality of effective cyber security solutions for businesses of all sizes.

Read more in some of Ben’s recent blogs

Cythera Co-Founder and Director Craig Joyce shares why he stands for Cyber Security in Australia.

Craig Joyce has a strong reputation for his work in providing senior leaders in Australia with counsel on all matters relating to IT.

Craig has helped countless businesses thrive under varying conditions and across manufacturing, retail and technology sectors, also lending his focus to new businesses that need the right IT tools and advice to grow.

As one of the minds behind the highly regarded O2 Networks, Craig has spent his career taking on challenges in the IT industry and shedding light on the complex cyber security issues that businesses face every day in Australia and around the globe.

“The important thing with starting any business is understanding what it is you are setting out to achieve,” said Craig.

“We stand for cyber security and we are out there to protect our customers. That whole approach of thinking closely around what you would need to protect your own business and what type of services you would want to consume is a really good launching position into figuring out what you think you would need to appeal inside the market.”

Find out more on the Cythera Protection Platform

“We have spent a lot of time looking at the technologies and the cyber security landscape and the threats that are out there and we’ve tailored our solution set to meet those requirements. Also, at the same time we’ve really focused very much on ignoring what’s come before and thinking where things are going in the future so that we know our platform will stand the test of time.”

Two biggest threats to businesses in Australia

“The two biggest threats to your business are going to be attacks that are aimed towards your people and attacks that are aimed at the end point. It is important to have both of those at the forefront of your mind,” said Craig.

“How do you educate your users? How to you make sure their devices are secure? They are the most common forms of attack.”

“Last year, 75% of all attacks were aimed at individual users and behaviours of those users to launch those attacks.”

“Our whole business is based around being your eyes, so we will look at your security infrastructure, we will look at your business and we will identify threats and we will help you remediate any that may occur within your environment.”

“We are the one stop shop.”

Watch as Co-Founder Craig Joyce shares why he stands for Cyber Security in Australia.

Craig Joyce is Co-Founder and Director of Cythera, with a leadership team comprised of industry veterans with backgrounds as highly successful entrepreneurs, Tier 1 telco or IT vendor providers.

Craig and the Cythera team are passionate advocates with a belief in the criticality of effective cyber security solutions for businesses of all sizes.

Cythera understands the challenges local businesses face protecting their business from cyber threats and has built Cythera from the ground up to support businesses to meet these demands.

More on the Cythera leadership team.

How secure is your business from cyber-attack?

There are two common answers to this question; 1) I don’t know. 2) I think we’re secure.

Either answer is unlikely to tell you much about your business cyber readiness, but to be fair it’s not an easy question to answer. There is a lot to know about cyber-security and the threats you will face before you can effectively start to defend your business.

Many businesses have a high-level awareness of cyber-security but unless you’re an expert – it’s nearly impossible to know your current security posture and what extra things you should do to stay protected. What your business spent money on in the past may not be enough to keep it protected today – especially with the emerging threats that are aimed at your users.

Cyber crime is a big problem across Australia. There has been a 712%* increase in reported data breaches over the last 12 months and 60%* of these breaches were caused by malicious or criminal attack.

Compounding the problem is many small to medium businesses don’t think they’re a target.  They think hackers are only chasing the big fish. Unfortunately, they’re very wrong. 83%* of reported data breaches affect companies with less than 1000 people. Hackers continually target smaller businesses because most lack the effective IT security systems and process controls, they need.

We constantly hear horror stories from small business owners that thought they were protected until a hacker gained access to one of their user’s email accounts, found an invoice and changed the payment details. Not only does this have a financial impact, it can carry a reputational impact, be it between your business and business partners, or between your business and your customers.

What can you do to protect your business from cyber-attack?

A good first step is to take Cythera’s FREE Cyber Health Check.  The Cythera Cyber Health Check accurately analyses your security posture and provides you comprehensive risk profile spanning 14 separate cyber security categories. The health check also includes a functional risk dashboard which displays your risk profile in comparison with the Australian Signals Directorate – Essential 8 and National Institute of Standards and Technology security frameworks; The global and local best practice cyber security frameworks.

Don’t guess, know the maturity level of your business to respond to cyber attacks and start planning to put in place the defences you will need to prepare for the cyber threat landscape of the future.


If I had a dollar to spend in cyber security…

The 2018 OAIC data breach statistics revealed that over 75% of successful security breaches start with human error. The most common cyber attacks come in the form of malicious emails sent to unsuspecting employees, meaning employees are literally the first line of defence.

Although we often focus on technology solutions to solve security problems, our people are often still the weakest link, especially non-IT savvy users. If I had to spend a dollar in time or technology, I would look to close this gap while providing an education process that teaches employees about cybersecurity, IT best practices and regulatory compliance.

The best cyber security protection mechanism is in the active and ongoing education of your employees. Experience has shown that quick, relevant, and ongoing training during an employee’s tenure with an organisation are the best way to arm end users to become an organisation’s first line of cyber-defense.

A good security awareness training program should include :

Cythera provides businesses with the ability to significantly reduce risk, decrease incidents and related IT help desk costs, protect their reputation by experiencing fewer breaches, and secure your organisation. Contact us to start your cyber awareness program today.

By using this website, you agree to our use of cookies. We use cookies to provide you with a great experience and to help our website run effectively. You can read our cookie policy here.