The basic defense trifecta smart businesses are deploying in 2020

2020 is going to be a game changer.

Businesses globally are looking to streamline operations and get an edge to stay ahead of the competition.

Savvy leaders will make sure their attention always remains on their core goal.

This includes keeping an eye on their core offering and making sure they nail delivery on all elements of their business.

It also means ensuring they keep costs down and sales up.

Highly effective business leaders take foundational steps to make sure business interruptions are minimal at all times.

Owners and decision makers of large scale manufacturing businesses through to highly sort-after local dentistry practices are always well positioned when planning is considered and risks to the business addressed early.

In 2020, cyber security remains a real threat to every Australian business.

Businesses looking to be well positioned in their cyber security defences work towards three main elements.

Cythera Services Manager Ben Cuthbert explains with his three top tips.

Watch as Cythera’s co-founder and head of Security Operations Ben Cuthbert shares his top three tips for defending against cyber attacks

TIP #1. Update your software. Now.

“First of all. Patch,” said Ben. “A lot of people disable software updates or hit the ‘remind me tomorrow’ button on software updates for months on end.”

“Operating system vendors are not just putting out new features or updates, they are often putting out urgent software patches and software fixes.”

“Be more disciplined in terms of keeping software up to date and keep your laptops and operating systems patched.”

TIP #2. Two Factor Authentication.

“A lot of the attacks we’re seeing are based on credential stealing attacks or phishing attacks. One way to try to thwart that is by adding two factor authentication.”

How does multi factor authentication work?

“You enter in your username and password and you have to add in something else such as a code sent to your phone or you need to hit approve within an application,” states Ben.

“It is just another way to validate that it is really you performing an action rather than someone that has stolen your account.”

TIP #3: Upskill your team

“Trying to upskill your staff is the third really big one,” Ben says. “Running a cyber security awareness program or having cyber security awareness as part of your onboarding for staff educating them on cyber security topics.”

Ben Cuthbert is Services Manager of Cythera, with a leadership team comprised of industry veterans with backgrounds as highly successful entrepreneurs, Tier 1 telco and IT security vendors.

Ben and the Cythera team are passionate advocates with a belief in the criticality of effective cyber security solutions for businesses of all sizes.

Find out more on the Cythera Security Platform.

Making enterprise security defences available to every Australian business

Well-known IT leader Euan Prentice has two missions in life. To visit 100 countries by the age of 50 and to ensure that every single Australian business has access to the same level of cyber security protection.

“Having a purpose attached to an IT company is actually a really enjoyable thing,” said Euan.

“I fundamentally believe that cyber security threatens all Australian businesses and should be affordable to all Australian businesses. That just hasn’t been the case in the past.”

With Cythera bucking the trend by bringing affordable, class-leading cyber security solutions to Australian businesses, Euan’s second mission is looking on track.

“Cythera exists to help Australian businesses protect themselves against cyber-attacks,” said Euan.

“Everybody faces the same threats today equally. Whether you are a dentist, a medium sized manufacturer or a large bank. You are subject to the same problems universally.”

Watch as Cythera Co-Founder and Director Euan Prentice shares why he believes in making enterprise security defences available for every Australian business.

Sitting within Cythera’s Melbourne Headquarters, Euan sheds light on the highly complex architecture that underpins the security efforts that Cythera deploys for clients.

“I think people enjoy dealing with Australian businesses located in Australia,” said Euan. “And staffed by Australians.”

Euan Prentice’s formal background was in law and mathematics however believes that IT has always been a hobby and therefor it has been his career.

“I have done it for over 20 years in a variety of roles from Project Management to Account Management and running and owning businesses.”

Euan previously co-founded the highly reputable and successful company O2 Networks with leading cyber security expert Craig Joyce.

“O2 Networks was an incredibly successful IT networking and security consulting firm. We went to large clients and advised them on how to build robust networks that were secure.”

“What we wanted to do was bring those skills to all Australian businesses. Not just the big ones.”

Euan Prentice is passionate about all things technology. From FinTech to Cyber Security, Euan has a proven track record of building highly reputable and successful IT companies.

Euan leads the passionate team at Cythera, known for their role as passionate advocates with a belief in the criticality of effective cyber security solutions for businesses of all sizes.

Cythera understands the challenges local businesses face protecting their business from cyber threats and has built Cythera from the ground up to support businesses to meet these demands.

Read more on Euan and the Cythera leadership team.

Security Operations head shares some of the common cyber threats facing Australian businesses.

Australians tend to be humble when it comes to announcing achievements to the world.

It’s our point of difference and what makes us so damn likeable. We’re sure of it.

Less time boasting and more time just getting the job done. That’s the Australian way.

When it comes to communicating how good Cythera is at helping Australian businesses stay ahead of cyber security threats, we know that it is one of those things that needs to be shouted from the rooftops.

The reason is, Cythera helps Australian businesses defend against cyber-attacks.

Co-Founders Craig Joyce and Euan Prentice are two of the minds behind the highly successful O2 Networks. They are the go-to experts for Australia’s leading IT businesses and have made a career out of doing what they enjoy.

When they set to work developing their next project to protect Australian businesses, they wanted to work with the best.

In steps Cythera Services Manager Ben Cuthbert.

Ben is that approachable guy who just gets it. In phone or in person, you know straightaway your business is in good hands.

When you’re starting a cyber security business from the ground up, getting him set the tone on how it needs to come together with his experience in security is the right move.

Watch as Cythera Services Manager Ben Cuthbert shares some of the common cyber threats facing Australian businesses.

“Before coming to Cythera to kick off the business, I have been working for Silicon Valley based companies for the last 14 years,” said Ben. “F5 Networks, BlueCat Networks and my last stint was with Palo Alto Networks, helping customers at the larger end of town such as banks and government agencies deploy complex security architectures. To be able to take it to Australian businesses has been really exciting.”

Ben is responsible for building the security capabilities that Cythera delivers as well as running the security operations team.

“This is our people watching our customers environment, responding to alerts, responding to incidents and helping to roll technology out.”

“Part of our role is about educating customers and helping them on their journey to reduce their risk and protect their business.”

When to report a cyber incident.

“Everything from traditional viruses, malware and ransomware has become really prolific. We see a lot of people who come into the office on a Monday and someone has downloaded something and suddenly no one can log into computers within the network.”

“You can imagine if you are a small or a medium business with 100 employees and no one can log into their machines and can’t service their clients or can’t take payments. You can imagine how quickly that would shatter your business.”

“We see a lot of phishing attacks where someone gets sent an email asking them to log into something like Office 365 or Dropbox. They get their credentials stolen,” said Ben.

“We’ve seen a lot of incidents lately where attackers have got access to invoices and they have edited the invoice and resent them to clients with different BSB and Account numbers. If you are a small or medium business that can really effect your bottom line.”

Ben is head of security ops and services at Cythera, with a leadership team comprised of industry veterans with backgrounds as highly successful entrepreneurs, Tier 1 telco or IT vendor providers.

Ben and the Cythera team are passionate advocates with a belief in the criticality of effective cyber security solutions for businesses of all sizes.

Read more in some of Ben’s recent blogs

Cythera Co-Founder and Director Craig Joyce shares why he stands for Cyber Security in Australia.

Craig Joyce has a strong reputation for his work in providing senior leaders in Australia with counsel on all matters relating to IT.

Craig has helped countless businesses thrive under varying conditions and across manufacturing, retail and technology sectors, also lending his focus to new businesses that need the right IT tools and advice to grow.

As one of the minds behind the highly regarded O2 Networks, Craig has spent his career taking on challenges in the IT industry and shedding light on the complex cyber security issues that businesses face every day in Australia and around the globe.

“The important thing with starting any business is understanding what it is you are setting out to achieve,” said Craig.

“We stand for cyber security and we are out there to protect our customers. That whole approach of thinking closely around what you would need to protect your own business and what type of services you would want to consume is a really good launching position into figuring out what you think you would need to appeal inside the market.”

Find out more on the Cythera Protection Platform

“We have spent a lot of time looking at the technologies and the cyber security landscape and the threats that are out there and we’ve tailored our solution set to meet those requirements. Also, at the same time we’ve really focused very much on ignoring what’s come before and thinking where things are going in the future so that we know our platform will stand the test of time.”

Two biggest threats to businesses in Australia

“The two biggest threats to your business are going to be attacks that are aimed towards your people and attacks that are aimed at the end point. It is important to have both of those at the forefront of your mind,” said Craig.

“How do you educate your users? How to you make sure their devices are secure? They are the most common forms of attack.”

“Last year, 75% of all attacks were aimed at individual users and behaviours of those users to launch those attacks.”

“Our whole business is based around being your eyes, so we will look at your security infrastructure, we will look at your business and we will identify threats and we will help you remediate any that may occur within your environment.”

“We are the one stop shop.”

Watch as Co-Founder Craig Joyce shares why he stands for Cyber Security in Australia.

Craig Joyce is Co-Founder and Director of Cythera, with a leadership team comprised of industry veterans with backgrounds as highly successful entrepreneurs, Tier 1 telco or IT vendor providers.

Craig and the Cythera team are passionate advocates with a belief in the criticality of effective cyber security solutions for businesses of all sizes.

Cythera understands the challenges local businesses face protecting their business from cyber threats and has built Cythera from the ground up to support businesses to meet these demands.

More on the Cythera leadership team.

Compromised business partners : How hackers catch you asleep at the wheel.

This week while on-boarding a new customer, before we could even start we needed to help them recover from a compromise they had received before coming to us.

A user had suffered a phishing attack and had their Office365 email credentials stolen. Email phishing is the act of sending emails purporting to be an entity (such as Google) or an individual (such as your CEO), often using a crafted email with graphics and text from legitimate emails included to fool users into entering login information or opening an attachment. The attacker can then use the stolen credentials to gain access to your organisation, or use malware the user clicks on to gain a control channel into your environment.

In this case, the malicious actor had utilised a common method to compromise a business; They had taken control of the email account of a trusted business partner, and had then sent our client an email with a Dropbox link purporting to contain a legitimate looking business proposal.

This method is highly successful because when we receive an email from a known or trusted user, we tend to bypass our usual scepticism and control when it comes to clicking links or opening files. In this case, our client actually replied to the email and asked if it was legitimate. He got a reply ‘Yes it is, I need you to respond to it urgently’. As the business partners email had been compromised, the hacker could reply themselves in an attempt to validate the email. The client then opened the file which prompted him to login to Office365 to access to file, and his credentials were then stolen.

So how can we better protect ourselves from these sorts of problems? Email filtering won’t always help here as the emails actually coming from a seemingly legitimate user. But secure DNS and web filtering (such as what we deliver with our DNSProtect and WebProtect portions of our protect platform), would have helped prevent the user from inputing their details into a phishing site by blocking the phishing page from displaying in the clients browser. Not reusing passwords across accounts is another good practice to limit your exposure to any compromise should it take place. Additionally if the Dropbox link had instead contained malware, ransomware or a remote access tool (commonly called a RAT to security operators), an endpoint protection agent such as MalwareProtect and EndpointProtect would keep you safe.

The changing face of IT security buying

Buying IT security can be a complicated process.

Today, there are literally thousands of security vendors who all claim to have the latest and most secure security product on the planet to help defend your businesses from cyber-attack. But which ones do you pick?

Businesses must work with technology partners, vendors and industry peers to make the best security technology decisions, but this takes time, money and plenty of people from all areas of your business.  To compound this problem businesses are confronted with countless industry terms, buzzwords and acronyms to make decision making even more complicated. Do you need a SIEM, EDR, MDR, EPP, NGAV, CASB, SOC, DLP or maybe even UBA?  What’s more, the security solutions can often be in search of a problem which may not exist in your business but because of slick, fear based selling tactics businesses can make poor security technology investments which don’t solve the most critical problems.

Businesses also face confusing information from technology partners and vendors who can claim they work in unison with other technology vendors under consideration. However, when you scratch the surface they don’t work in unison or can’t easily be integrated into a single cohesive solution.

Finally, businesses are now regularly seeking consumption-based procurement options for security technology. Options include per user pricing, monthly payment plans and annuity-based cloud licensing which avoids infrastructure obsolescence. Many of these options have been available for years with other IT solutions but for some reason security has lagged. As such, businesses are stuck with large, up-front capital investments which are infrastructure heavy and may struggle to defend against new and emerging threats for the duration of the designated investment period.

To help address these problems, the team from Cythera developed the Cythera Security Platform – Protection Bundles. The bundles utilise a combination of class-leading managed security technology to defend against common and advanced security threats. The bundles are cloud delivered, easy to set up and billed on a monthly basis, per user.  No longer do businesses need to complete complex, time consuming market assessments, technology testing and procurement processes. Cythera has already scoured the market for the best security technology, rigorously tested it in a production environment and developed an easy-to-consume, subscription based commercial model with low upfront costs.

Cythera has developed a platform which helps business save time, money and important resources while improving the security posture for the life of the subscription service.

For more information or pricing visit

How to securely remove MPLS from your network.

Businesses with multiple locations have been stringently handcuffed to costly, complex private networks such as MPLS for years. It’s been an unavoidable cost and it’s compounded if you operate in isolated areas throughout Australia.

 Even though MPLS is costly, it’s been extremely effective at securely transporting data around the world for decades. MPLS acts like a private toll road which ensures your information can travel securely from point A to B without crossing paths with anyone else’s information. On the downside, even though it’s a private road, MPLS can still get congested and there are speed limits in place to stop you going too fast. Businesses can increase the speed limit and add more lanes to the tollway but this simply pushes up the price. 

 Regardless, MPLS is fast becoming obsolescent. Many businesses are now utilising cloud applications like Office 365, Salesforce and 1000’s of other cloud delivered applications which can be accessed from any location using an internet connection. This has enabled employers to offer flexible working arrangements because employees can now access these applications from home or remote locations without an MPLS connection.

 There are security risks with this approach as hackers can get between users and unprotected internet connections with a well targeted attack. This is one of the reasons why businesses have been unwilling to completely remove MPLS or private networks when utilising cloud applications. 

Another reason is because the internet can’t provide guarantees around speed or availability. In other words, businesses are hesitant to push all corporate traffic including voice and video solely over an unmanaged internet connection.

 So where does this leave us? 

 Well, some businesses run a combination of networks including MPLS and Internet. Certain applications are delivered over the internet using VPN overlays, and others still use MPLS. This approach works, but it’s obviously tricky – especially when managing a sprawling application set and a conga line of security devices spanning data centres operated by your business and third parties. Business also need to establish various security policies for all the networks they operate.

 Cythera has a different approach which allows business to completely remove MPLS. It’s called Secure Network Fabric and utilises technology from Cato Networks. Secure Network Fabrics utilises intelligent SD-WAN controllers and a carrier grade backhaul network with points of presence across Australia and extending around the world to securely route application traffic. All you need is an internet connection. Secure Network Fabric includes a fully integrated, cloud delivered security stack including Next Generation Firewall (NGFW), Intrusion Prevention System (IPS) and detailed reporting to monitor performance and user behaviour. Secure Network Fabric is also optimised for voice and video and includes support for desktop and mobile users. 

 The Cythera Secure Network Fabric removes the need for an expensive, complicated MPLS networks whilst delivering enterprise-grade, unified security controls and granular network visibility.

 To find out more – visit

Learnings From The Trenches : Cyber Security Tips For Australian Businesses

We help a lot of Australian businesses out with security incidents, as well as recovering from hacks and breaches. Many of them can be attributed back to human error or poor security hygiene. I thought I would share some of my top tips to help you avoid a costly hack, or brand damaging breach.

Patch Patch Patch

This is an easy one. Operating system vendors don’t just release patches for new features, they’re also patching security vulnerabilities regularly. Keep desktops and laptops up to date and enable automatic updates wherever possible. Apply the same thinking to critical applications such as Microsoft Office (Vulnerabilities in Microsoft Office have risen 121 percent over the last 6 years ), to keep ahead of problems.

Enable Two Factor

Many successful cyber security incidents start with an account being stolen or ‘phished’. One way to help stop these attacks being escalated is to have a second factor of authentication beyond just your username and password. This means that even if an account is stolen, the attacker can have a difficult time accessing the second login which may be a token or application that runs on a users smartphone. Two factor can be enabled selectively such as when a user is outside your corporate network. Some 2fa vendors to consider are Authy and Okta .

Bake security into your culture and people

Cyber security is not just about technology and processes, it’s also about your people and the way they go about their day to day business. As a successful cyber attack can shut down your business or irrevocably damage your brand, It’s key that management and executive set a good example as this attitude then flows throughout the organisation. Ongoing cyber awareness training to make staff more conscious of potentially malicious behaviour will improve the cyber-hygiene of your business, with more mature organisations now also including cyber security training into staff onboarding.

Be Proactive

Accounts that are stolen or included in breaches often end up being sold on the dark web for use in other attacks. There are resources available for you to check if key staff accounts have been included in previous breaches. allows you to search for staff email accounts, and any that are discovered should have passwords reset and even enabling two factor authentication on.

Have a plan

There’s a common theme with many of the companies we assist with security incidents; They didn’t plan for one. They often have a health and safety plan, and even a terrorism plan! This doesn’t need to be war and peace, and can be a single pager on roles and responsibilities, as well as who to contact including any cyber security partners you work with to assist in responding to incidents. If you have any regulatory bodies or government agencies you liaise with make sure to include any reporting structures that may need to take place here. The Australian Office of the Information Commissioner has a good guide on data breach plans . Make sure you’re also familiar with the Notifiable Data Breach Scheme .

Engage a security partner

There’s lots of talk about the increasing skills shortage in cyber security. And let’s face it, cyber security is probably not part of your core business so you’re constantly going to be playing catch up with a rapidly changing landscape. By partnering with a cyber security specialist you’re also subscribing to the ongoing skills and herd intelligence to help you plan and protect your business and brand from being the next headline. Just make sure they’re a specialist and not someone who’s also trying to sell you phones systems and printers.

Australia’s emerging enterprises are facing the same security risks and suffering the same incidents the big end of town are, but with much less capability to respond and protect themselves from a rapidly changing space. By baking security into your businesses DNA, and partnering with strategic cyber security specialists, you’re setting yourself up for success.

EvilClippy and the rise of Office based malware.

Last month a cross-platform assistant for creating malicious MS Office documents, named EvilClippy was released.

It allows an attacker to hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools.

Attackers can now hide malicious code from anti-virus and macro analysis tools by leveraging undocumented features in the way macros are stored within an office file.

Macros are stored in Compound File Binary Format (CFBF) and EvilClippy uses a technique known as VBA Stomping to replace the compiled version of the macros with something malicious.

According to the creators of the tool it allows attackers to bypass all anti-virus solutions, however it’s worth noting that Deep Instinct’s VBA and Office deep learning models available since November last year prevent all threats produced using EvilClippy without requiring an update or cloud lookup. Anti-virus vendors cannot detect threats created with this tool statically and must update detection hash by hash (reactively) as samples are submitted by customers.

Certainly the name of the tool is a tongue in cheek play on the name of the old office97 assistant, Clippy, that proved universally unpopular with most users.

A full write up and download of the tool itself can be found on Outflank and GitHub.

Recent In the Wild Office/macros threats

Published below a list of hashes we have prevented at customer sites related to malicious office documents.

These include threats created using EvilClippy and word and excel droppers used in a number of campaigns, including, Emotet, Fareit, Lazarus, Lockergoga and Alcaul.

Again prevented statically with Deep Instinct’s November 2018 model.

Shift from Web based vulnerabilities to Office vulnerabilities

This data published by researchers from Kaspersky illustrates the pivot from browser based attacks to office doc attacks, which is an interesting trend.

FlawedAmmy Remote Access Trojan being dropped by Excel macros – Microsoft Security advise ‘DisableMacros’

This last week we are seeing another successful campaign that uses excel macros and digitally signed files to deliver a remote access trojan. Microsoft’s security team’s only advice remains to ‘disable macros’

Cythera’s managed Protection Bundles are designed from the ground up to help your business meet emerging threats such as these, and provide you with ongoing outcome based security.


Reporting A Cyber Incident

One common question we get asked by customers who have been on the receiving end of a cyber incident, is how to go about reporting the incident to authorities. Many of us are well aware of the avenues to take when we are the victim of common crimes like theft or criminal damage, but what’s less clear is how to go about reporting incidences of cyber-crime.  

Be it from phishing attacks that compromised user credentials to targeted ransomware attacks that sought to extort your business, reporting is an important part of the remediation cycle. Reporting allows authorities to document and report on the scale of cyber crime in Australia as well as provide you with assistance in investigation and potential later prosecution of attackers.

In the past there were a number of options available to report cyber crime. CERT and ACORN were the common ports of call, however in 2018 CERT was absorbed by the Australian Cyber Security Centre and, since the start of FY20, the Australian Cybercrime Online Reporting Network (ACORN) has been replaced by The Australian Cyber Security Centre’s Cyber Issue Reporting System.

To report a cybercrime today

Please report cyber crimes at the following URL:

Reports can be lodged on behalf of individuals or businesses operating in Australia (with a registered ABN) or government departments.

Note: If you have lodged an ACORN report in the past, this will not need to be resubmitted and will follow the previous path for investigation.

Why report cyber crime?

Reporting cyber crime is an important responsibility of Australian businesses and cyber professionals. The scale of cyber crime needs to be adequately reported upon and monitored to ensure that investments made by the government and its agencies are focused and concentrated on the Australian threat landscape.

Additionally, if customer or personal data is compromised during a cyber incident, you may have other obligations with reporting upon a breach as part of the OAIC’s Notifiable Data Breaches Scheme. This scheme applies to agencies and organisations that the Privacy Act requires to take steps to secure certain categories of personal information. This includes Australian Government agencies, businesses and not-for-profit organisations with an annual turnover of $3 million or more, credit reporting bodies, health service providers, and many more. 

At Cythera we have a strong understanding of the various doorways open to businesses to investigate, remediate and report on cyber incidents including your business’ responsibilities with respect to mandatory data breach notification.  

If you believe your business is (or has) been impacted by a cyber incident we can mobilise quickly, work on your behalf to contain risk and provide a surefooted pathway to restoring your cyber security posture. Contact us on 1300 CYTHERA (1300 298 437) to discuss how we can help today.

By using this website, you agree to our use of cookies. We use cookies to provide you with a great experience and to help our website run effectively. You can read our cookie policy here.