Australians tend to be humble when it comes to announcing achievements to the world.
It’s our point of difference and what makes us so damn likeable. We’re sure of it.
Less time boasting and more time just getting the job done. That’s the Australian way.
When it comes to communicating how good Cythera is at helping Australian businesses stay ahead of cyber security threats, we know that it is one of those things that needs to be shouted from the rooftops.
The reason is, Cythera helps Australian businesses defend against cyber-attacks.
Co-Founders Craig Joyce and Euan Prentice are two of the minds behind the highly successful O2 Networks. They are the go-to experts for Australia’s leading IT businesses and have made a career out of doing what they enjoy.
When they set to work developing their next project to protect Australian businesses, they wanted to work with the best.
In steps Cythera Services Manager Ben Cuthbert.
Ben is that approachable guy who just gets it. In phone or in person, you know straightaway your business is in good hands.
When you’re starting a cyber security business from the ground up, getting him set the tone on how it needs to come together with his experience in security is the right move.
“Before coming to Cythera to kick off the business, I have been working for Silicon Valley based companies for the last 14 years,” said Ben. “F5 Networks, BlueCat Networks and my last stint was with Palo Alto Networks, helping customers at the larger end of town such as banks and government agencies deploy complex security architectures. To be able to take it to Australian businesses has been really exciting.”
Ben is responsible for building the security capabilities that Cythera delivers as well as running the security operations team.
“This is our people watching our customers environment, responding to alerts, responding to incidents and helping to roll technology out.”
“Part of our role is about educating customers and helping them on their journey to reduce their risk and protect their business.”
“Everything from traditional viruses, malware and ransomware has become really prolific. We see a lot of people who come into the office on a Monday and someone has downloaded something and suddenly no one can log into computers within the network.”
“You can imagine if you are a small or a medium business with 100 employees and no one can log into their machines and can’t service their clients or can’t take payments. You can imagine how quickly that would shatter your business.”
“We see a lot of phishing attacks where someone gets sent an email asking them to log into something like Office 365 or Dropbox. They get their credentials stolen,” said Ben.
“We’ve seen a lot of incidents lately where attackers have got access to invoices and they have edited the invoice and resent them to clients with different BSB and Account numbers. If you are a small or medium business that can really effect your bottom line.”
Ben is head of security ops and services at Cythera, with a leadership team comprised of industry veterans with backgrounds as highly successful entrepreneurs, Tier 1 telco or IT vendor providers.
Ben and the Cythera team are passionate advocates with a belief in the criticality of effective cyber security solutions for businesses of all sizes.
The risk to your business in a cyber attack isn’t limited to remediation activities or solely to brand damage. It’s now often linked to a loss of trust with trading partners (with knock on revenue impacts), a breakdown of corporate culture which can lead to staff attrition and a real likelihood that your business will become insolvent. In Part 1 of this article, I gave the example of a real Australian business, Landmark White. Today Landmark White are battling through the impacts of multiple IT data breaches within their property valuation business in late 2018 and 2019.
Common Drivers To a Bad Outcome
The biggest drivers we see in organisations that lead to cyber related incidents and IT data breaches are:
We’ve all heard the horror stories of social engineering or phishing emails that compromise the least IT literate members of your staff and leverage these to launch attacks against businesses. But cyber security is everyone’s responsibility, much in the same way physical security is the responsibility of all staff in a building. An active and ongoing cyber awareness program is critical in businesses of all shapes and sizes; it needs to be reinforced by (and from) the leadership in the organisation as being considered a high priority and it something everyone should be measured against.
Are you scanning your environment daily for vulnerabilities and are you on top of your patching and maintenance of applications, services and infrastructure? This is a crucial function within your business that isn’t just limited to penetration testing (though that is important) but about total lifecycle management and hygiene for all components in your IT stack, including third party providers if you use them.
Use frameworks like the ASD Essential 8 as a starting point to guide risk management activities, but don’t be afraid to cherry pick the best of NIST or CIS to get something that is right sized for your business too. These Frameworks should be seen as starting points, not shopping lists for compliance and risk needs that fit every business.
Many organisations collect logs and run a series of disparate systems to gain insights into their business’s IT function. In our time we have seen a litany of SIEM solutions growing dust in a corner, being ineffective at protecting businesses from delivering any insights let alone preventing an attack. The traditional SOC / SIEM approach is rapidly becoming overtaken by an integrated Managed Detection and Response (MDR) approach that couples SOC-as-a-Service and SIEM functionality with User and Entity Behaviour Analytics (UEBA), threat hunting and incident response capabilities as a turnkey outcome.
Can your organisation justify 24×7 “eyes on glass” to monitor your security environment and provide you the visibility that you need to detect threats in near real time? It’s often a collaborative approach with a managed service provider partner that makes the most financial sense for organisations.
I can’t tell you how many customers we still see that run legacy AV technologies and stateful inspection firewalls and think that they are protected from cyber threats. What worked well in 2001, isn’t fit for purpose today. Many attacks sail on through email or are enabled through legacy technologies like DNS; A dedicated attacker will use any and all tricks in their inventory to get past your defences.
Building a layered security approach with next generation technologies that interoperate nicely together is critical. Technologies like Deep Learning are providing unique mechanisms to block signatureless malware and solutions like EndPoint Detect & Response (EDR) are helping detect and stop attacks in their tracks through global scale intelligence sharing and endpoint integrated protection stacks. Cloud Access Security Brokerage (CASB) solutions let you gain visibility and an ability to enforce cloud data policy no matter where you store your data or manage your workloads. Look long and hard at your IT stack and leverage what is available today and don’t be afraid to turn off what you used yesterday.
If you think a cyber attack won’t happen to you, you may be right, but I’d wager it will only be a matter of time (if it hasn’t happened already). Our job isn’t to scare people into taking this stuff seriously, it is about helping prepare and protect our customers for the inevitable.
If you think you’re ready to start looking hard at your business and its readiness for a cyber attack, please reach out to us at Cythera. We love helping our customers protect themselves and their customers and we have solutions that fit businesses of all sizes. From our monthly subscription bundles, our professional services, to our turnkey Managed Detection & Response platform, we have a wide range of offerings to fit your business needs.
Let’s help you get started today.
We help a lot of Australian businesses out with security incidents, as well as recovering from hacks and breaches. Many of them can be attributed back to human error or poor security hygiene. I thought I would share some of my top tips to help you avoid a costly hack, or brand damaging breach.
This is an easy one. Operating system vendors don’t just release patches for new features, they’re also patching security vulnerabilities regularly. Keep desktops and laptops up to date and enable automatic updates wherever possible. Apply the same thinking to critical applications such as Microsoft Office (Vulnerabilities in Microsoft Office have risen 121 percent over the last 6 years ), to keep ahead of problems.
Many successful cyber security incidents start with an account being stolen or ‘phished’. One way to help stop these attacks being escalated is to have a second factor of authentication beyond just your username and password. This means that even if an account is stolen, the attacker can have a difficult time accessing the second login which may be a token or application that runs on a users smartphone. Two factor can be enabled selectively such as when a user is outside your corporate network. Some 2fa vendors to consider are Ping Identity https://www.pingidentity.com/ and Azure MFA https://azure.microsoft.com/en-au/services/active-directory/ .
Cyber security is not just about technology and processes, it’s also about your people and the way they go about their day to day business. As a successful cyber attack can shut down your business or irrevocably damage your brand, It’s key that management and executive set a good example as this attitude then flows throughout the organisation. Ongoing cyber awareness training to make staff more conscious of potentially malicious behaviour will improve the cyber-hygiene of your business, with more mature organisations now also including cyber security training into staff onboarding.
Accounts that are stolen or included in breaches often end up being sold on the dark web for use in other attacks. There are resources available for you to check if key staff accounts have been included in previous breaches. https://haveibeenpwned.com/ allows you to search for staff email accounts, and any that are discovered should have passwords reset and even enabling two factor authentication on.
There’s a common theme with many of the companies we assist with security incidents; They didn’t plan for one. They often have a health and safety plan, and even a terrorism plan! This doesn’t need to be war and peace, and can be a single pager on roles and responsibilities, as well as who to contact including any cyber security partners you work with to assist in responding to incidents. If you have any regulatory bodies or government agencies you liaise with make sure to include any reporting structures that may need to take place here. The Australian Office of the Information Commissioner has a good guide on data breach plans . Make sure you’re also familiar with the Notifiable Data Breach Scheme .
There’s lots of talk about the increasing skills shortage in cyber security. And let’s face it, cyber security is probably not part of your core business so you’re constantly going to be playing catch up with a rapidly changing landscape. By partnering with a cyber security specialist you’re also subscribing to the ongoing skills and herd intelligence to help you plan and protect your business and brand from being the next headline. Just make sure they’re a specialist and not someone who’s also trying to sell you phones systems and printers.
Australia’s emerging enterprises are facing the same security risks and suffering the same incidents the big end of town are, but with much less capability to respond and protect themselves from a rapidly changing space. By baking security into your businesses DNA, and partnering with strategic cyber security specialists, you’re setting yourself up for success.