News & Thoughts
Unlike every other security podcast, we don’t get stuck down in the technical weeds. Our remit is to speak with experts around the globe at the strategic level – how security technology can improve the experience and risk optimisation for every organisation.
New Articles
Why You Should Care About the Optus Breach If You’re A Customer
By now, you’ve likely seen the news about Optus, Australia's second-largest telco, having suffered a serious data breach, and the exposing of the private information of their millions of current and historic users through a malicious cyber-attack. What might not be clear ... read more
Qualys Drives Continued Growth in Australia and New Zealand with New Appointments
Sydney, AUSTRALIA, 20 September 2022—Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions, has expanded ... read more
New Digital Trust Research Reveals Gaps, Benefits and Key Takeaways for Future Digital Transformations
Results: 95 percent say digital trust is important, but only 12 percent have a dedicated role. read more
Article Archive
Why SD-WAN Is Worth the Hype: Transform Your Network
Is the hype surrounding software-defined wide area networks (SD-WANs) worth it? SD-WAN allows IT engineers to centrally and intelligently manage or orchestrate wide-area networks using applications like SD-WAN controllers. As this fast up-and-coming technology continues to evolve, the best way to get the most of it is to understand its value and how it can help your organisation thrive. The public IT sector and wide-area networks (WANs) have undergone an immense transformation in recent years. In particular, the need to support remote workers and provide video conferencing, secure remote access, and cloud applications has grown. As a result, public sector IT teams have shifted gears away from traditional, often multi-protocol label switching (MPLS)-based WANs and began to switch focus towards more innovative solutions. In their place, agencies are increasingly exploring how ... READ MORE
MyCISO Launches in Style
Thursday, 18th August, I was the MC of the MyCISO Launch event hosted at the stunning ‘Shell House’ in Sydney, Australia. The team has been working on the development of the MyCISO product for a number of years, so the launch was a huge milestone for them. The launch opened with guest speaker, Jan Schreuder, Co-Founder of the Cyber Leadership Institute: a leadership development and training division for cyber resilience. Jan shared his insights on how security leaders can transform into strategic security executives. He was very forthright in his opinions on the frustrations leaders encounter, “Before every board meeting, I’m up until midnight, moving triangles around on Powerpoint slides.”. He highlighted just how performative and administrative much of the work cyber leadership executives deliver is in actuality. As we know, lots of ... READ MORE
Security Fatigue: How Public Agencies Can Counter this Silent Menace
Every one of us knows one person or colleague who has a Post-it® Note full of passwords stuck to their monitor. Pre-pandemic, this is a one-in-ten case of security malpractice. But with how rapidly organisations have adopted digital solutions for remote work in the past two years, I’m willing to bet remote workers have passwords written down everywhere from their laptops to their kitchen counter, creating a security nightmare for any IT team. This is just one anecdotal instance of the security fatigue rapidly sweeping across most organisations across the world. CyberArk reports over 67% of employees attempt to circumvent security policies and 82% reuse older passwords, among a litany of other security no-nos. Our own SolarWinds® IT Trends Report revealed an increase in apathy and complacency as organisations transition into a post-pandemic world with a false sense of ... READ MORE
What I’ve Learnt as an Entrepreneur
A few things I’ve learnt over the years of being an Entrepreneur. This changes for me all the time, our challenges become easier to tackle and what scares us varies. Ultimately, you learn so much, and I wanted to share what I’ve learnt so far. READ MORE
Privacy Has a Business Model Problem
Business growth should not come at the expense of customer privacy. Unfortunately, that’s not a belief that everybody holds, and the result is an environment in which data privacy breaches are increasing in regularity and severity. Whether it’s Facebook, Cambridge Analytica and The US Elections, or any of the nearly 1,000 incidents received by Office of Australian Information Commissioner (OAIC), the data of millions of Australians and billions globally has been breached - whether we know it or not. While privacy breaches rely on unscrupulous hackers or human error, they're enabled by a business model that thrives on the collection and manipulation of as much data as possible. Today, with so much of our personal and professional lives existing online, privacy doesn't pay; privacy-abuse does. Online consumers pay for products, services and subscriptions in one of three ways: 1) ... READ MORE
Virus & Malware Scanning Object Storage in OCI
If you’re like me, then working in IT means you also assume Tech Support duties for friends, family, and those distant relatives that only seem to call when they’ve got a problem. I just clicked on this link, and my computer is doing something weird. I think my PC has a virus, what do I do? When it’s just a single computer, the answer is simple, contain and validate the rouge software is removed, install an AV solution, change their passwords, enable MFA, and provide some education on what to look out for next time. But now imagine you’re an organisation building a new application, or are moving applications to the cloud. Are you simply performing a lift-and-shift or are you planning to make use of cloud native services? Where are you going to store your data, specifically user uploaded files? Object Storage was built specifically to solve the challenges of how to store ... READ MORE
Tenable Research Reveals “Do-It-Yourself” Ransomware Kits Have Created Thriving Cottage Industry of Cybercrime
The self-sustaining ransomware industry earned $692m from collective attacks in 2020 The shift to the subscription economy has created a new norm in the as-a-service world. And it’s not just Netflix and Spotify that have adopted this business model. New research from Tenable®, the Cyber Exposure company, found that one of the main reasons ransomware has prospered is due to the advent of ransomware-as-a-service (RaaS) which has catapulted ransomware from a fledgling threat into a force to be reckoned with. The service model has significantly lowered the barrier of entry, allowing cybercriminals who lack the technical skills to commoditise ransomware. In 2020 alone, ransomware groups reportedly earned $692 million from their collective attacks, a 380% increase over the previous six years combined ($144 million from 2013-2019). The success of RaaS has also attracted other players ... READ MORE
OCI User Access Review Made Easy
I’m sure we can all agree, adopting a cloud strategy is awesome. The opportunities and benefits it affords are many. However cloud governance is an ongoing problem that plagues security, compliance, and management teams, which cloud vendors like Oracle are continually trying to solve. If you’re reading this, you’ve probably been asked, or heard at least once: Who has access to what in our environment? Any Security / Compliance Manager The answer should be easy and simple. However the reality is likely lots of manual time & work, spreadsheets, and endless clicking in a cloud console. If you’re doing this manually then I agree, it’s time that you could be dedicating to more important tasks. The challenge in trying to answer these questions: What users exist and what groups do they belong to? What does my OCI tenancy compartment structure look like? What ... READ MORE
Media Alert: Scammers Hack Twitter Accounts to Steal Popular NFTs and Digital Currencies
According to recent research, published by Tenable’s Staff Research Engineer, Satnam Narang, scammers have once again dug deep into their bag of tricks to capitalise on the fervour in non-fungible tokens (NFT) and cryptocurrencies. Many are hijacking verified and unverified accounts on Twitter to impersonate popular NFT projects including Bored Ape Yacht Club (BAYC), Azukis, MoonBirds and OkayBears, to steal users’ digital assets by driving them to phishing sites. The success of some of these blue chip NFT projects has paved the way for broader adoption by promoting upcoming integrations with their own metaverses, giving scammers ample opportunity to capitalise on new or rumoured announcements in relation to these projects. These scams take place in a few different ways, according to the research. Scammers leverage Twitter mentions to capture attention Cryptocurrency ... READ MORE
Why Renewal of Your Privacy Practice is Critical
It is without doubt that the COVID-19 pandemic forced some of the most significant changes in society, business and workforce practices in the last century. With billions of consumers and workers driven online, businesses adapted and accelerated their digital strategies. As staff worked remotely and scammers capitalised on the explosion of e-commerce, so, too, were weaknesses in privacy strategies exposed. Following this time of great change and in a rapidly growing digital economy, the review and renewal of an organisation’s privacy program is critical. So, what are some of the ways an organisation can build and refresh for a more robust and adaptable privacy program? Step 1 – Implement a Privacy Program Review The first step towards renewal is a thorough review of an organisation’s current position. Such audits can include a privacy: Risk Assessment Impact ... READ MORE
Communication for Internal Teams On the Importance of Understanding Risk
If all communication was abolished, society would crumble. Fast. Yet one area that I have noticed in the security industry, which I believe needs a lot more attention - and often goes unmentioned - is how we communicate internally to our teams on the importance of understanding risk in the face of change. Through my work, I’ve lately had a huge volume of conversations with IT Security leaders across the globe, and the same discussion points keep appearing. Namely, that as an industry, we are driven by technology and the security that underpins that technology, but one area that seems to be almost entirely neglected is how we communicate technology changes and the subsequent right workflows within our businesses. It’s this gap that has really provided the genesis moment for shadow IT as employees duct-tape their workflows together in the face of limited appreciation of the ... READ MORE
The Collateral Damage of Carpet Bombing
HISTORY The attention of consumers has always been an arms race. Historically you needed the biggest papyrus on the wall in the forum, or TV spots, or billboards, or postal campaigns to reach consumers – a prohibitively costly exercise for most. This saw a concentration of high-value and (hopefully) well produced advertising. It was designed to not be objectionable (even if irrelevant), and though a broadcast, it was easy to behaviourally avoid on TV or cognitively ignore if traditional print. We all made peace with it and got on with our lives. CHANGE The early days of digital were not much of a departure with banner ads and the like just digital facsimiles of the analogue world. Then the ubiquity of email and spam saga that lead to ‘peak spam’ being 80% of email traffic saw filters come into play and legislation passed to relegate much of the deluge. With Google and ... READ MORE