Security Bulletins

What Australia’s New AI Plan Means

Fri, 12 Dec 2025 02:40:09 GMT

What Australia’s New AI Plan Means

What Australia’s New AI Plan Means

Australia has released its National AI Plan, a roadmap that explains how the country will use and manage artificial intelligence in the years ahead. The plan aims to help people and businesses benefit from AI while keeping safety, fairness and trust at the centre.

What the Plan Aims to Do

The government wants to support the safe adoption of AI across all parts of the economy. This includes building strong digital infrastructure, developing local skills, and attracting investment. The goal is to help Australia grow as a trusted leader in AI innovation.

Another aim is to make sure the benefits of AI reach everyone. This includes support for small businesses, regional communities, public services, and the wider workforce. Training, tools, and guidance will help people use AI in a safe and practical way.

The plan also focuses on protecting Australians from harm. New measures will support privacy, reduce risks, and improve AI safety. A national AI Safety Institute will be established in 2026 to help monitor and manage emerging risks as AI becomes more advanced.

What This Means for Businesses and Everyday Australians

This plan offers new opportunities for organisations across Australia. Small and medium businesses may find it easier to access support and guidance when exploring AI solutions. Public services such as healthcare and education may gain new tools that improve efficiency and accessibility.

People using or creating AI systems will also be encouraged to follow safe and ethical practices. Transparency, fairness, and responsible design will play an important role as AI becomes more common in daily life.

A Positive and Balanced Approach

The National AI Plan takes a balanced approach. Instead of restricting AI too early, the government is focusing on building skills, strengthening infrastructure, and creating flexible guidance that can evolve. This helps Australia use AI in a way that supports innovation while keeping people safe.

Australia is also positioning itself as a builder of AI, not only a user. The plan highlights the importance of creating AI that reflects Australian values such as fairness, inclusion and responsibility.

Build AI Safely with CyberUnlocked

If your organisation is exploring AI, it is important to understand how to use it safely and meet growing expectations in Australia. CyberUnlocked offers a dedicated AI Safety Service to help you assess risks, create responsible AI practices and ensure your systems remain secure as technology evolves.

React2Shell: What You Need To Know About This New Server-Side React Risk

Thu, 11 Dec 2025 22:44:16 GMT

React2Shell: What You Need To Know About This New Server-Side React Risk

A new security issue called React2Shell is getting a lot of attention because it puts many server-side React and Next.js setups at risk. If your organisation runs modern web applications, especially those built with React or Next.js, this is something you need to understand and act on quickly.

This blog explains:

What React2Shell is
Who is likely to be affected
What the risk is for your organisation
What actions both technical teams and business leaders should take.

What is React2Shell?

React2Shell is a critical vulnerability, the CVSS score 10 (maximum severity) that affects React Server Components, a way of running React code on the server to build web pages.

In simple terms, It lets an attacker send a specially crafted request to a vulnerable server, the server can be tricked into running the attacker’s code. This is called remote code execution (RCE), meaning the attacker may gain the same level of control as the application itself.

At that point, an attacker may be able to:

Steal or alter data
Add hidden backdoors
Use the server to move deeper into your environment
Disrupt services or plant ransomware

You do not need to know the low-level technical details, but you do need to treat this as a high risk vulnerability.

Who could be affected?

React2Shell matters if your organisation uses React on the server side. You should treat yourself as potentially exposed until proven otherwise if your applications:

Use Next.js with the App Router,
Use React Server Components,
Use Server Actions or similar server-side React features,
Perform server-side rendering of React pages based on user input.

This includes applications:

Hosted in the cloud (for example on Vercel, AWS, Azure, GCP),
Hosted on your own infrastructure,
Hosted by a third party on your behalf.

Even if your internal teams do not build with React, your third-party or software vendors might, which can still create risk to your information and services.

Why this matters for your organisation

React2Shell matters because it combines high risk, active exploitation, and clear governance expectations.

High risk : If exploited, an attacker may run their own code on your server. This can lead to data exposure, service disruption, or a foothold inside your wider environment.
Actively targeted: Scanning and exploitation attempts are already occurring. If your systems are exposed and unpatched, it is reasonable to assume they will be found quickly.
Governance and compliance: Critical vulnerabilities must be managed promptly under common security expectations, including ISO/IEC 27001, ASD Essential Eight, PCI DSS and similar frameworks. A slow response creates risk.

What should we do?

Both technical teams and non-technical leaders have a role in managing React2Shell effectively.

Technical Teams

1. Identify exposure

Inventory applications using React or Next.js.
Confirm which ones use server-side features such as React Server Components, Next.js App Router, Server Actions or server-side rendering.

2. Patch and update

Apply vendor-recommended patches to React and Next.js, prioritising internet-facing systems.
Update build and deployment pipelines so that vulnerable versions are not reintroduced.

3. Add temporary protections where needed

Tighten web application firewall (WAF) rules for server-side React endpoints.
Filter or block suspicious requests and, if necessary, temporarily disable high-risk features until patches are applied.

4. Review logs and monitoring

Examine logs for unusual or malformed requests, unexpected errors, or suspicious activity targeting server-side routes.
Escalate via incident response procedures if there are signs of attempted or successful exploitation.

Business Leaders

Senior leaders do not need to manage the technical detail but should ensure there is clear ownership and risk treatment. Helpful questions may include:

“Do we run any systems that use React on the server side, or Next.js with the App Router?”
“Have we checked whether our key software vendors and platforms are affected?”
“Can you provide a short summary of the systems reviewed, the findings, and the changes made?”
“How is this recorded in our risk register?”
“In the meantime, how will we detect suspicious activity, what would our response be?”

Final Thoughts

React2Shell is a critical vulnerability, but it is also manageable if you respond quickly and systematically:

Understand whether you are exposed,
Patch or update affected systems,
Add temporary protections where patching is delayed,
Review logs and monitoring for signs of misuse,
Make sure the work is documented as part of your normal security and risk processes.

For non-technical leaders, the key is not to learn every technical term, but to make sure someone in your organisation is accountable for this risk, has taken concrete action, and can explain it to you in clear language.

If you are unsure whether your organisation has been properly protected against React2Shell, ask for a short, written summary from your IT or cyber security team. That one action alone will often reveal whether this has been investigated, assessed and if needed the necessary treatment commenced.

Beyond the Keyboard: How AI Is Becoming an Active Player in Cybercrime

Mon, 24 Nov 2025 04:07:09 GMT

Beyond the Keyboard: How AI Is Becoming an Active Player in Cybercrime

Beyond the Keyboard: How AI Is Becoming an Active Player in Cybercrime

Artificial intelligence is rapidly transforming the digital world, and cybercriminals are adapting just as quickly. Attacks that once required highly skilled hackers can now be carried out by anyone with access to advanced AI tools. This shift has created a more dangerous threat environment and highlights the growing need for professional cyber security support.

How AI Is Changing Cybercrime

Experts have identified 3 major ways AI is reshaping cybercrime, each creating new risks and opportunities for stronger security.

AI systems now perform actual steps in attacks, such as identifying weaknesses, exploiting them and processing stolen data. This makes it essential for organisations to have advanced threat monitoring and comprehensive penetration testing to identify vulnerabilities before attackers do.
Cybercriminals are also using AI throughout their operations, including targeting victims, delivering malware and managing large-scale activities. This reinforces the need for services such as managed detection and response, behavioural analytics, improved cloud security and stronger incident response planning.
AI is enabling criminals to appear more skilled than they really are. People with little technical ability can now carry out high-level attacks with AI assistance. This underscores the importance of zero-trust strategies, identity management reviews and human-focused security training to help businesses defend against social engineering and impersonation attempts.

“Vibe Hacking” and AI-Controlled Attacks

One of the most concerning developments is “vibe hacking”, where AI becomes both the strategist and operator during an attack. In a real case, a criminal used AI tools to target multiple organisations, including government and healthcare. The AI handled tasks such as accessing networks, stealing credentials, selecting valuable data and even creating personalised ransom notes with realistic financial calculations.

This demonstrates how a single attacker, supported by AI, can operate like a full cybercrime team. It also highlights the importance of knowing your risks to help organisations prepare for and recover from these types of attacks.

No-Code Malware and Ransomware-as-a-Service

AI is now helping criminals with no programming skills create and sell advanced ransomware. In one example, a UK-based criminal developed ransomware packages with AI assistance and sold them online. The malware included strong encryption and evasion features designed to bypass security tools.

This shows how AI is lowering the barrier for creating sophisticated threats. Organisations increasingly need to address their key risks to stay ahead of these evolving threats.

AI-Assisted Fraud and Fake Technical Workers

AI is also boosting fraud schemes. Some fraud operators rely entirely on AI to pass technical interviews, write professional emails, debug code, and maintain the appearance of qualified engineers. AI is helping criminals run large-scale identity fraud, carding operations and generate scams with convincing, multilingual messages.

This creates a growing need for employee vetting support, insider threat monitoring, fraud prevention consultancy and ongoing security awareness training to help businesses defend against manipulated identities and AI-powered deception.

Why This Matters

AI is breaking the connection between skill level and attack complexity. A low-skilled individual can now achieve the same impact as a highly trained hacker simply by relying on AI.

How the Industry Is Responding

Security teams are developing stronger detection tools, integrating threat intelligence, and building systems that disrupt malicious activity before damage occurs. Organisations need modern cyber defence solutions and well-designed security architecture to stay protected.

Final Thoughts

AI brings many advantages, but in the wrong hands, it becomes a powerful tool for cybercrime. Understanding how criminals misuse AI helps businesses take the right precautions. Today, strong cyber security measures and the support of experienced professionals are more important than ever. For more, visit AI Safety

If your organisation wants to strengthen its defences or better understand how AI-driven threats may impact your environment,

get in touch with a trusted cyber security partner. A small step today can prevent far greater risks tomorrow.

CyberUnlocked Insights: Featured in TechPartner.News

Tue, 07 Oct 2025 01:42:09 GMT

CyberUnlocked Insights: Featured in TechPartner.News

CyberUnlocked founder Sarah McAvoy was recently featured in an article on techpartner.news titled, "The Compliance Dilemma for Technology Partners: Risk, Revenue, and Reputation."

The piece highlights the growing pressure on technology partners to become compliance experts. The article gets straight to the point about why "good enough" security just won't cut it anymore. Here is a simple summary of the key ideas from the feature.

Compliance is Now Just Part of the Job

For any technology partner, dealing with compliance isn't just something you do in the background. It is the main thing that determines whether clients trust you, whether you can go for big contracts, and how much value your business has over time.

The rules are changing fast. We have seen quick updates to laws like the Privacy Act, new requirements for essential security standards, and the increasing need to manage AI responsibly. The clear message is that clients and regulators expect better controls everywhere: in cloud services, in the supply chain, and when responding to problems. They want providers who can actively help them keep things compliant.

The Difficulty: Knowing Your Limits

For partners, compliance brings both a big opportunity and a real danger. Your clients naturally look to you for advice, but compliance is a highly specialised subject in its own right.

The most common headaches include:

Proving Everything: Clients need detailed evidence and clear paper trails, which can be difficult to collect and manage.
Widespread Risk: Important information is scattered across all your tools, from finance systems to cloud apps. Compliance needs a full, complete look at everything.
Tricky Pricing: It's hard to price compliance fairly. If you include it in standard fees, you cut your profits, but selling it separately means you need to be very confident in the value you offer.

You Don’t Have to Be a Lawyer and a Techie

As Sarah McAvoy stated in the article:

“Technology partners shouldn't feel they need to be compliance lawyers, auditors, and security architects all at once. Their value lies in keeping client environments running and secure. Our role is to plug the compliance gap, providing the frameworks, evidence models, and ongoing updates that partners can package into their own services.”

True client trust comes from following the right industry standards. This requires specialist knowledge that goes far beyond a basic security checklist.

The Way Forward for Opportunity

By working with compliance specialists, technology partners can solve these problems without burning out their internal teams. This approach is working well in places like the US and is quickly being adopted here in Australia. The benefits are clear and directly help your business:

New Money Streams: Compliance becomes a paid service, not something you throw in for free.
Winning Contracts: With the right certifications, your clients can bid for more, bigger contracts.
Strategic Conversations: Knowing compliance turns you from just a supplier into a vital strategic advisor for clients' leadership.

The Smarter Approach

The cleverest way forward isn't for partners to suddenly try and become compliance experts themselves. It's to bring in specialist knowledge where it's needed.

CyberUnlocked was created for this reason. By giving technology partners access to compliance consulting, testing, advice, and assurance, we help you grow from a trusted IT company into a strategic advisor. In today's competitive world, being compliant is the same thing as being competitive. It’s a partnership no provider can afford to ignore.

If you are looking to confidently expand your compliance services without overstretching your team, please do get in touch with us at CyberUnlocked to discuss how we can help your clients meet their requirements.

Penetration Testing Explained: A Guide for Australian Organisations

Thu, 04 Sep 2025 05:00:14 GMT

Penetration Testing Explained:

A Guide for Australian Organisations

Protecting your business online is much like securing your home. You may lock the doors and windows, but how can you be certain they will hold if someone tries to force them open? Penetration testing works in a similar way. It allows trusted experts to test your defences before a real attacker has the chance. By asking the right questions, you gain a clearer view of how strong your systems are and where improvements are needed.

Many organisations raise similar concerns when they first consider penetration testing. Questions about compliance, cost, frequency, and possible disruption often come up. Here are some of the most common questions & their answers.

1. How does penetration testing support compliance?

Depending on the compliance standard, penetration tests can fulfill different requirements and demonstrate adherence to security best practices. Below are examples of how penetration testing aligns with key regulatory and industry frameworks.

APRA CPS 234 and ISO 27001 : Both frameworks focus on governance and risk management. Penetration testing supports these by providing evidence that controls are not only in place but are also effective when tested. For ISO 27001, it demonstrates that risks are identified and managed as part of the information security system. For APRA CPS 234, it helps regulated entities show they are actively testing and strengthening controls to protect sensitive data.

ACSC Essential Eight : While the Essential Eight does not explicitly require penetration testing, testing can be useful in some cases to demonstrate how well controls are working in practice. It checks things like whether patches are applied properly, whether multi-factor authentication is protecting accounts, and whether attackers could still move through systems. This gives businesses real confidence that their defences match the framework’s goals.

PCI DSS : For any business that processes or stores cardholder data, penetration testing is a requirement. It verifies that firewalls, applications, and payment systems are secure, and that changes to these systems have not introduced weaknesses. This regular testing is vital to maintaining compliance and protecting customer payment information.

2. What Is the Real Business Value of Penetration Testing?

The business value of penetration testing goes well beyond spotting technical flaws. It helps organisations understand their level of risk and builds trust with customers, regulators, and partners.

A penetration test simulates how a criminal might attempt to break into systems or applications. Unlike automated scans, it shows how weaknesses could be combined to cause real damage, making it one of the most effective ways to test whether defences work under pressure. Key benefits include:

Reducing risk by finding and fixing weaknesses before they are exploited.
Supporting compliance with standards such as PCI DSS, APRA CPS 234, and ISO 27001.
Saving costs by preventing breaches that lead to fines, recovery costs, and reputational harm.
Building trust through independent testing that reassures clients and stakeholders.
Driving improvement by creating an ongoing cycle of testing and strengthening.

In simple terms, penetration testing is about more than technology. It protects reputation, meets obligations, and supports growth with confidence.

3. How Often Should Your Business Schedule Penetration Tests?

Penetration testing should be carried out at least once a year to keep defences up to date, but it is equally important to schedule tests after major changes such as launching a new website, moving to the cloud, or upgrading critical systems, as these can introduce new risks.

Businesses in higher-risk sectors like finance, healthcare, or government often test more frequently, sometimes every quarter, due to stricter requirements and the sensitivity of the data they manage. Regular testing is about more than compliance, as it helps reduce the risk of breaches, supports continuous improvement, and builds trust with customers, partners, and regulators.

4. How Much Do Penetration Tests Cost Small Businesses and Startups?

The cost of penetration testing for small businesses and startups varies depending on the size of the IT environment, the number of systems or applications in scope, and the depth of testing required, with basic tests often starting from a couple thousand Australian dollars and more complex assessments costing more. While it can feel like a significant expense, it is a proactive investment that often saves money in the long run by preventing data breaches, fines, and reputational harm.

CyberUnlocked offers flexible options, such as focusing on the most critical systems first, allowing smaller organisations to strengthen security in stages. For startups, penetration testing delivers peace of mind, supports compliance especially with online platforms, and helps build trust with customers and partners.

5. How Does Penetration Testing Support Business-Wide Risk Management?

Penetration testing is more than a technical check. It is a important part of business-wide risk management. By simulating real-world attacks, it provides practical evidence of where systems are strong and where they could fail, giving leaders clear insight into the potential business impact, from financial loss to reputational harm. This helps decision makers prioritise security investments, support compliance by proving that controls are tested and effective and encourages continuous improvement by tracking progress over time.

6. Can Penetration Testing Disrupt Your Business, and How to Avoid It?

Penetration testing is designed to be safe, and when carried out by experienced professionals it rarely disrupts operations.

At CyberUnlocked we agree on scope, timing, and methods prior to starting an engagement. We have worked with all kinds of networks including critical infrastructure, and ensure systems are protected and sensitive areas are tested with care. Further we can run tests outside peak hours if required for business purposes. Our penetration tests deliver valuable security insights without interrupting day-to-day business.

7. What Types of Penetration Tests Should Remote-Working Businesses Consider?

Remote-working or Working from Home (WFH) businesses face unique security risks due to heavy reliance on cloud platforms, and widespread remote access. Penetration testing can help by identifying weak points before attackers exploit them. External testing checks internet-facing systems such as websites and cloud platforms. Web application testing secures customer portals and applications that handle sensitive data. By combining the right mix of these tests, businesses can protect critical data, maintain customer trust, and reduce the chance of costly breaches. Learn more about penetration testing .

8. Does My Cyber Insurance Require Penetration Testing?

Whether your cyber insurance requires penetration testing depends on the policy and the insurer. Some insurers make it part of compliance, especially for businesses handling sensitive or financial data, while others view it as strong evidence that security risks are being managed.

Regular testing can also reduce premiums by showing that defences have been independently assessed and weaknesses addressed.

9. How to Choose Penetration Testers: Questions to Ask Before You Buy

Choosing the right penetration testers is crucial, as the quality of the test depends on their skills and approach. It helps to ask about their experience in your industry, to ensure they understand the risks you face. A good provider should be clear about scope and methodology, explaining which systems will be tested, how risks will be simulated, and how disruption will be avoided. Reporting is equally important. Results should highlight technical findings, business impact, and practical fixes in a way that both IT teams and decision makers can use. Finally, strong providers offer support after the test, helping you understand findings and prioritise remediation. Schedule a meeting with an expert to know more.

Final Thoughts

Penetration testing is more than a technical requirement. It is a practical way to strengthen security, meet compliance needs, and build lasting trust with customers, regulators, and other stakeholders. By asking the right questions and understanding how testing fits into your wider risk management strategy, your business can move forward with greater confidence and resilience.

At CyberUnlocked , we work with businesses of all sizes to design penetration testing programs that are clear, practical, and effective. Whether you need support for compliance, assurance for your board, or peace of mind for your customers, our team can help.

Call us today to discuss how penetration testing can support your organisation.

CyberUnlocked chair AI Governance Summit 2025

Mon, 11 Aug 2025 03:07:44 GMT

Building Trust in AI:

Reflections from the AI Governance Summit 2025

CyberUnlocked's Sarah McAvoy chaired the AI Governance Summit 2025 in Sydney, bringing together leaders from government, industry, and critical infrastructure to discuss how Australia can build a safe and trustworthy future with artificial intelligence (AI).

The conversations throughout the day highlighted one clear message: Governance is not about slowing down innovation, it is about making it safer and more sustainable.

Why Governance Matters

Too often, governance is seen as a set of rules that limit progress. At the summit, experts shared a different perspective. Governance acts like a seatbelt . It does not stop us from driving forward, but it protects us along the journey. For organisations, this means being able to adopt AI faster, with greater confidence, and with the trust of customers, partners, and the public.

A Day of Powerful Insight

The summit agenda was full of practical lessons and thought-provoking ideas.

Setting the foundations : Strategies for building strong AI governance frameworks. Rather than restricting innovation, these structures are designed to enable it , providing the guardrails organisations need to move quickly and safely.
Ethics and transparency : The importance of ethical and transparent AI, reminding us that reputational risk is AI risk. Accountability must be built in from the start, not bolted on later.
Preparing for the unexpected : Examined how to map and mitigate risks , prepare for failures, and embed governance before it becomes too late. This proactive approach ensures resilience even when systems do not behave as expected.
Data governance as a strength : How data governance can move beyond being a compliance burden. With the help of privacy controls, synthetic data (data created artificially for safe testing), and federated learning (training AI without sharing sensitive data), organisations can transform governance into a strategic advantage.

Looking Ahead

The summit showed that good governance is not a barrier. It is the foundation of progress. By setting clear guidelines and shared values, Australia can remain at the forefront of AI innovation while protecting people, businesses, and communities. We’re proud to see Sarah represent CyberUnlocked in such a pivotal discussion.

At CyberUnlocked, we believe that strong governance empowers organisations to innovate boldly, operate safely, and build long-term trust.

To learn more about how we support organisations in building safe and ethical AI, visit AI Governance

Sarah McAvoy Featured on Techpartner, “Waiting until an incident is in progress is too late"

Tue, 03 Jun 2025 03:44:06 GMT

New Ransomware Reporting Rules in Australia: Insights from Sarah McAvoy’s TechPartner.News Feature

CyberUnlocked founder Sarah McAvoy was recently featured in an article on techpartner.news , offering timely insights into Australia’s new ransomware reporting requirements. The article, “ Waiting until an incident is in progress is too late: MSPs urged to review ransomware response as new reporting rules commence ", addresses a critical shift in cyber security expectations.

As of May 30, 2025, the Cyber Security (Ransomware Payment Reporting) Rules 2025 are now in effect. These rules require certain entities, those with turnover exceeding $3 million or operating in critical infrastructure, to report ransomware payments within 72 hours. Sarah McAvoy emphasises the importance of planning ahead, stating: " Deciding whether you would pay a ransom isn’t a crisis decision; it’s a preparedness decision ."

This change is not only about legal compliance, it’s about strengthening cyber resilience. The initial phase, which prioritises education over enforcement, continues through December 31, 2025. Now is the time to clarify reporting obligations, assess whether your organisation qualifies as a reporting entity, and refine your incident response readiness.

We're excited to share that our founder, Sarah McAvoy, was featured in an article on techpartner.news, shedding light on new ransomware reporting rules in Australia. The article, "Waiting until an incident is in progress is too late”: MSPs urged to review ransomware response as new reporting rules commence, couldn't be more timely.

As of May 30, 2025, new Cyber Security (Ransomware Payment Reporting) Rules 2025 are in effect, making it mandatory for certain entities (those with a $3 million+ turnover and critical infrastructure) to report ransomware payments within 72 hours. Sarah McAvoy emphasises that preparedness is paramount. As she states, " Deciding whether you would pay a ransom isn’t a crisis decision; it’s a preparedness decision ".

This isn't just about compliance, it's about strong cyber security. The current phase, focusing on education rather than penalties, runs until December 31, 2025. It's crucial to understand your reporting obligations, assess your status as a reporting entity, and refine your incident response plans. Don't let an oversight become a crisis.

Read the full article on techpartner.news here .

Channel Meets Security Sydney 2025

Fri, 30 May 2025 04:50:20 GMT

CyberUnlocked at Channel Meets: Security, Sarah McAvoy Joins Compliance Panel

We’re pleased to share that our founder, Sarah McAvoy, recently took part in the Compliance panel at the Channel Meets: Security event in Sydney, hosted by techpartner.news. The event brought together technology leaders and channel partners for an evening of insightful discussions on cloud security, digital identity, and compliance.

As one of the Compliance panel, Sarah contributed her expertise on the growing importance of cyber security compliance frameworks in the Australian business landscape. The panel explored key standards, including ISO 27001 , the Essential Eight , APRA CPS 230/234, the Privacy Act, and the emerging SMB1001 , sparking valuable discussions on how businesses can navigate regulatory expectations.

Sarah emphasised that compliance is not a one-size-fits-all solution, noting that each organisation's starting point and path to maturity will differ. Her practical insights highlighted how businesses, particularly those in the channel, can adopt scalable approaches that build both trust and resilience.

The event featured panel sessions, roundtables, and fireside chats, offering a platform for open dialogue among IT professionals. Attendees shared real-world challenges and strategies, contributing to a rich exchange of ideas.

Reflecting on the night, Sarah said: “ Had a brilliant evening at the techpartner.news Channel Meets Security event, exploring the evolving world of cyber security and compliance. Great thought-provoking conversations around what tech partners are expecting when supporting their clients with cyber security .”

We’re proud to see Sarah represent CyberUnlocked in such a pivotal discussion.

Cyber Security Compliance: Everyone’s Starting Line is Different

Fri, 23 May 2025 03:20:32 GMT

Cyber Security Compliance: Everyone’s Starting Line is Different

Some organisations are training for the marathon. Think:

APRA CPS 234
ISO 27001
Information Security Manual (ISM)
SOCI Act
NIST Cyber Security Framework

These are complex, demanding and long-term compliance programs that require discipline and endurance.

Others are pacing themselves for a solid social distance run, just enough to meet Privacy Act obligations or pass a security health check from a client or vendor.

Wherever you are starting from, you are not alone. Cyber security compliance is a journey. Just like athletic training, it is not always about perfection. It is about progress.

The finish line is always shifting. As a timely reminder, Australia’s new ransomware payment reporting laws take effect 30 May 2025. Many businesses will need to reassess their legal obligations and incident response readiness. Compliance is no longer about ticking boxes. It is about being prepared.

At CyberUnlocked, I often step into the role of a Compliance Coach. It is not just about frameworks and documentation. It is about supporting businesses as they build capability. What many need most is:

Encouragement to keep going, even when it gets tough
Guidance that fits their maturity, industry and supply chain expectations
A sounding board to help balance ambition with business reality

Some organisations are starting with no or limited controls. Others are training to meet new regulatory obligations or align with client demands. No matter the starting point:

Small, consistent steps build maturity
Practical wins can be more effective than perfect frameworks
Sometimes you need to sprint when deadlines or risks demand it

There is a new standard worth watching. SMB1001 is designed for small and medium businesses. It:

Supports scalable security maturity and certification
Fills the gap or avoids the overkill of applying ASD’s Essential Eight to every context
Provides a practical pathway to train towards ISO 27001

An essential part of the compliance journey is understanding:

What residual risk your business can live with
Whether to accept, mitigate or transfer those risks through controls, cyber insurance or both
There is no such thing as perfect security. Defining an acceptable level of risk is key to building a strategy that works.

If you are on the compliance track or helping your clients along theirs, let’s chat . Sometimes, having a coach in your corner makes all the difference.

Why SMB1001:2025 Is a Game Changer for SMBs

Wed, 14 May 2025 10:31:45 GMT

Why SMB1001:2025 Is a Game Changer for SMBs

The newly launched SMB1001:2025 standard is transforming the way small and medium-sized businesses (SMBs) approach cyber security. Developed by Dynamic Standards International, this multi-tiered certification is tailored to the unique needs and resource constraints of SMBs, offering a scalable, affordable framework for improving cyber resilience.

With 5 progressive levels, SMB1001 allows organisations to start where they are and build up their cyber security maturity over time. From Level 1’s foundational controls like firewalls and antivirus protection, to Level 5’s advanced governance and incident response capabilities, each tier provides practical, clearly defined steps.

For SMBs, this means no more “all-or-nothing” choices between basic security measures or enterprise-grade frameworks like ISO/IEC 27001. SMB1001 bridges the gap, giving businesses a structured pathway to prove and improve their cyber security posture, a critical asset in today’s procurement landscape.

This is where a cyber security consultant adds real value. At CyberUnlocked, we help assess your current cyber security practices, align them to the appropriate SMB1001 tier, and guide you through readiness, documentation and self-attestation or third-party certification, depending on the level.

From selecting the right tier to implementing technical safeguards, policies and employee training, we translate complex requirements into actionable, cost-effective solutions. We also help service providers leverage SMB1001 as a scalable offering for their clients, making it easier to support and certify cyber security maturity.

In a world of evolving threats, SMB1001:2025 offers clarity and assurance. Let a trusted cyber consultant help you unlock its full potential.

Sarah McAvoy at Intergy Consulting for crucial cyber security posture and mitigate risks of cyber-attack

Tue, 25 Feb 2025 02:34:34 GMT

Sarah McAvoy at Intergy Consulting for crucial cyber security posture and mitigate risks of cyber-attack

In the second part of our interview with Intergy Consulting, our founder, Sarah McAvoy from CyberUnlocked, explained the most critical cyber security measures that businesses can take today to enhance their security posture and mitigate risks of cyber-attack.

Watch the full video to gain expert insights on how to protect your organisation from modern cyber security challenges!

Genea Cyber Attack: Key Lessons and Essential Cyber Security Strategies for Healthcare

Mon, 24 Feb 2025 09:28:01 GMT

Genea Cyber Attack: Key Lessons and Essential Cyber Security Strategies for Healthcare

On February 14, Genea, a prominent Australian IVF provider, experienced a significant cyber attack that compromised sensitive patient information. The breach potentially exposed data such as names, contact details, Medicare card numbers, private health insurance information, medical histories, medication prescriptions, and doctors notes. While financial data appeared unaffected, the incident underscores the critical need for robust cyber security measures in healthcare organisations.

Key Learnings from the Genea Cyber Attack

1. Immediate Detection and Response

Prompt identification of suspicious activity is vital. Genea detected unusual network behaviour on 14 February 2025, leading to immediate containment efforts, including taking systems offline to prevent further unauthorised access.

2. Comprehensive Data Protection

The breach highlighted vulnerabilities in protecting sensitive patient data. Healthcare organisations must implement stringent data encryption, regular security audits, and access controls to safeguard personal information.

3. Effective Communication Strategies

Post-incident, Genea faced criticism for inadequate communication, with patients reporting difficulties in reaching the clinic and accessing critical treatment information. Transparent and timely communication is essential to maintain trust and manage patient concerns during such crises.

4. Collaboration with Cyber security Experts

Engaging specialised cyber security firms can enhance an organisations ability to respond to and mitigate attacks.

Proactive Measures to Prevent Cyber Attacks:

Regular System Updates and Patches : Ensure all software and systems are up-to-date to protect against known vulnerabilities.

Employee Training: Educate staff about cyber security best practices, including recognising phishing attempts and the importance of strong passwords.

Advanced Threat Detection Systems: Implement intrusion detection and prevention systems to monitor and analyse network traffic for signs of malicious activity.

Data Encryption: Encrypt sensitive data both in transit and at rest to protect it from unauthorised access.

Regular Backups : Maintain secure, offsite backups of critical data to ensure recovery in case of an attack.

The Genea incident serves as a stark reminder of the evolving cyber threats facing the healthcare sector. By adopting comprehensive cyber security strategies and fostering a culture of vigilance, organisations can better protect themselves and their patients from future attacks.

Understanding the Australian Threat Landscape with Sarah McAvoy & Intergy Consulting

Mon, 17 Feb 2025 03:18:51 GMT

Understanding the Australian Threat Landscape with Sarah McAvoy & Intergy Consulting

Recently, our Founder, Sarah McAvoy had the pleasure of sitting down with our partner Intergy Consulting to have a discussion on the convergence of cyber security and software development.

In this clip, Sarah details the current threat landscape for Australian businesses and provides valuable insights on how new cyber security threats can be addressed in order to meet stakeholder expectations via a balanced strategy.

Watch the full video to gain expert insights on how to protect your organisation from modern cyber security challenges!

Introduction of the Cyber Security Bill 2024

Fri, 25 Oct 2024 02:29:43 GMT

Introduction of the Cyber Security Bill 2024

Australia's New Cyber Security Bill: Essential Protections Every Business Needs to Know

The Australian government is stepping up its efforts to safeguard the nation's digital landscape with the introduction of the Cyber Security Bill 2024. This bill is poised to strengthen cyber security measures across various sectors, directly impacting businesses, manufacturers, and consumers. In this blog, we'll break down the key aspects of the bill and explore how it could reshape Australia's cyber security framework.

Mandatory Security Standards for Smart Devices

One of the core components of the Cyber Security Bill 2024 is the introduction of mandatory security standards for "relevant connectable products." These are smart devices that can directly or indirectly connect to the internet, such as smartphones, smart TVs, and even IoT-enabled appliances like refrigerators.

Key takeaways:

Manufacturers must comply with strict security standards, ensuring that devices produced in Australia and overseas meet the new regulations.
Non-compliant devices will be banned from being sold in Australia, with penalties for manufacturers and suppliers who fail to meet these standards.
A compliance statement must accompany each product, informing consumers that the device adheres to the security benchmarks.

The government will have the authority to audit and verify compliance , creating a more secure environment for Australian consumers using connected devices.

Mandatory Ransomware Reporting Obligations

The bill also addresses the rising threat of ransomware, a form of cyber attack where malicious actors encrypt company data and demand a ransom for its release. Under the new legislation, certain businesses will be subject to mandatory ransomware reporting.

Key aspects:

Businesses that meet a specified turnover threshold or are responsible for critical infrastructure will be required to report ransomware payments within 72 hours .
These reports must detail the attack, ransom demands, and any communications with the attackers.
The bill ensures strong protections for the information provided, safeguarding sensitive data while allowing the government to better understand ransomware trends and respond accordingly.

This requirement is expected to provide Australian authorities with valuable data, helping them develop strategies to reduce ransomware incidents and assist businesses in preventing future attacks.

Coordinating Significant Cyber Security Incidents

The N ational Cyber Security Coordinator will take on a crucial role in leading government responses to significant cyber security incidents . These incidents could include threats that jeopardise Australia's national security, economic stability, or critical infrastructure.

Key elements:

Impacted entities are encouraged to voluntarily share information with the National Cyber Security Coordinator to enable a rapid, coordinated response.
The focus is on minimising the impact of these incidents through collaboration between the government and private sectors.

Cyber Incident Review Board: Ensuring Accountability

The bill also establishes a Cyber Incident Review Board , tasked with reviewing certain cyber security incidents and recommending preventive measures for the future.

Key details:

The Board will have the authority to request information from both private and public entities involved in cyber incidents.
It can issue compulsory notices requiring the production of relevant documents, with penalties for those who do not comply.

These reviews aim to pinpoint vulnerabilities and improve Australia's resilience to cyber attacks.

Enforcement and Penalties

To ensure compliance with the new regulations, the Cyber Security Bill 2024 introduces a range of enforcement mechanisms:

The government can issue compliance, stop, and recall notices to manufacturers and suppliers that do not meet the security standards for smart devices.
Civil penalties will be imposed for violations, including failure to comply with reporting requirements or refusing to provide documents to the Cyber Incident Review Board.

These penalties are designed to encourage adherence to the bill's provisions, ensuring businesses take cyber security seriously.

The Broader Impact of the Cyber Security Bill 2024

The Cyber Security Bill 2024 is set to have far-reaching implications across multiple industries. By focusing on securing smart devices, enforcing ransomware reporting, and improving incident response coordination, the bill represents a comprehensive approach to strengthening Australia’s cyber security posture.

Manufacturers will need to prioritise cyber security from the design phase to ensure their products meet the new standards.
Businesses must be prepared to meet ransomware reporting obligations and participate in coordinated responses to significant incidents.
The bill's enforcement mechanisms will hold all entities accountable, fostering a culture of compliance and proactive cyber security.

As the bill moves through the legislative process, it’s important for stakeholders to stay informed and engaged, ensuring they are ready to adapt to the new requirements.

Conclusion

The Cyber Security Bill 2024 marks a significant shift in Australia's approach to cyber security. By introducing mandatory security standards for smart devices, strengthening ransomware reporting, and improving incident coordination, the bill is designed to protect Australians from the growing threat of cyber attacks.

For businesses, staying compliant with these new laws will be critical, and early preparation is key. The bill's focus on accountability, enforcement, and collaboration underscores the government's commitment to creating a more secure digital environment.

As the legislation progresses, it's essential to monitor its development and understand the implications for your business or industry. Proactive engagement will ensure compliance and help bolster Australia's overall cyber security defences.

Need help?

At CyberUnlocked we specialise in Governance, Risk and Compliance (GRC), contact us if you need any clarifications on your cyber security obligations.

Cyber Security is Everyone's Business - Cyber Security Awareness Month 2024

Fri, 04 Oct 2024 03:51:48 GMT

Cyber security Awareness Month 2024: Cyber Security Is Everyone’s Business

Cyber Security Is Everyone’s Business

As we step into October, recognised as Cyber Security Awareness Month, it's the perfect time to prioritise safeguarding yourself against online threats. With the constant evolution of the digital world, cyber criminals are continually adapting their methods to exploit new vulnerabilities. This year’s theme, “Cyber security is everyone’s business” highlights the importance of safeguarding our digital lives, whether it’s your personal data, work systems, or everyday online activities.

In 2024, the message is clear: everyone has a role to play in ensuring a safer internet. Whether you’re a business owner, an employee, or just someone who uses the internet daily, taking a few simple steps can make a big difference in keeping you secure from cyber threats.

Here are the 4 practical steps that you can take to minimise the risk of a security breach:

1. Use Strong and Unique Passwords

The importance of using strong, unique passwords or even better using passphrases cannot be overstated. One of the most common mistakes is reusing passwords across multiple accounts. Studies show that 86% of breached passwords are duplicates of previously compromised ones.

To create a strong password, use a combination of uppercase and lowercase letters, numbers, and symbols. For added security, consider using a password manager. This tool can generate and store complex passwords for each of your accounts, requiring you to only need to remember one master password.

2. Enable Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) adds an extra layer of security to your accounts. Even if someone manages to get hold of your password, they won’t be able to access your account without the second verification method, such as a code sent to your phone or email. Enabling MFA is one of the simplest ways to add an additional layer of protection for yourself from cyber threats. By demanding two forms of identity from the following three categories, MFA improves security.

Something you are aware of, like a password or PIN
Something you own, such a security key or mobile device
Something that you are (like facial or fingerprint recognition)

By ensuring that a single stolen password is insufficient for hackers to obtain access, this layered method greatly strengthens security.

3. Beware of Phishing Scams

Phishing scams continue to be one of the most common ways cyber criminals trick people into giving away personal information or downloading malicious software. These scams often come in the form of emails or messages pretending to be from legitimate sources, like your bank or a popular retailer.

Always double-check the sender's email address and never click on suspicious links. If something seems off or too good to be true, it probably is. When in doubt, visit the website directly or even better call the sender’s organisation rather than clicking on any email links.

4. Keep Software and Devices Updated

Outdated software and devices are a prime target for hackers. Regular updates often contain patches for security vulnerabilities, so keeping your operating system, apps, and devices up to date is essential. Set your devices to update automatically whenever possible, so you don’t miss important security fixes.

Take Action This October

By following these simple tips — using strong passwords, enabling MFA, staying alert to phishing scams, and keeping your software updated — you can help secure your digital world.

Remember, it doesn’t take much to make a big difference in your cyber security. Stay safe and be smart online!

If you're unsure about implementing any cyber security measure or simply need help getting started, CyberUnlocked can assist in enhancing your security strategy, ensuring you’re not vulnerable to unnecessary risks.

Are You Prepared for the Privacy Act Amendments?

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Tue, 09 Jul 2024 10:27:06 GMT

Are You Prepared for the Privacy Act Amendments?

Let’s rewind in time to October 25, 2022, when Medibank reported to the OAIC a significant data breach involving Medibank and its subsidiary ahm. This was later revealed to have affected 9.7 million current and past customers. And we all know how the story ended with many Australian’s personal information disclosed on the dark web.

The Breach and Its Aftermath

According to Australian Privacy Principle (APP) 11.1, organisations are required to take reasonable steps to protect personal information against misuse, interference, and loss, as well as unauthorised access, modification, or disclosure. Following the breach, the OAIC launched an investigation into Medibank's data security practices to determine whether these measures were sufficient.

The OAIC's investigation could lead to substantial penalties if Medibank is found to have violated section 13G of the Privacy Act, which addresses significant or repeated privacy interferences. Legal proceedings have already commenced, with the OAIC alleging that Medibank:

Failed to take adequate steps to protect the personal information it held, considering the size, resources, and nature of the data.
Exposed millions of Australians to risks such as emotional distress, identity theft, extortion, and financial crime by allowing their data to be accessed on the dark web.
Committed a significant breach of privacy under section 13G.

Potential Fines and Legal Ramifications

The court could impose severe penalties on Medibank, with fines reaching up to AU$2.22 million per affected individual. The total theoretical maximum could be AU$21.5 trillion, although this is highly unlikely.

Amendments to the Privacy Act in December 2022 significantly increased the maximum fines, which can now be:

Up to AU$50 million, or
Three times the benefit gained from the breach, or
30% of Medibank's annual revenue (AU$7.1 billion in 2022).

Ethical and Legal Duties in Data Protection

The Privacy Commissioner has underscored that organisations have both ethical and legal responsibilities to safeguard personal information. This case should prompt Australian businesses to enhance their digital defences in response to an evolving cyber threat landscape. While the Privacy Act does not explicitly impose an ethical duty, the Commissioner's comments signal a shift towards integrating ethical considerations into regulatory expectations.

Preparing for Privacy Act Amendments

The Australian government is expected to introduce further amendments to the Privacy Act in August, likely including a "fair and reasonable" standard for data collection and protection. This move suggests that the OAIC may enforce these ethical requirements more rigorously.

Steps for Australian Businesses

In light of these developments, Australian businesses should take proactive steps to ensure compliance and strengthen their data protection measures. Recommended actions include:

Conducting a Data Governance Audit: Review and enhance data use cases, consent processes, and privacy documentation.
Systems Audit and Upgrade: Update systems and procedures to support the operational impact of the proposed privacy regulations.
Enhancing Data Governance: Improve data retention and destruction practices, cyber incident response strategies, and privacy documentation.
Performing Privacy Impact Assessments: Implement formal assessments for high-risk use cases from a privacy perspective.

Not sure where to start?

The Medibank data breach highlights the critical importance of robust data security and the increasing scrutiny from regulators. With significant changes to the Privacy Act on the horizon, businesses must prioritise both legal compliance and ethical data handling practices to protect their clients and avoid severe penalties.

If you’d like to chat about how you can work towards getting prepared for new privacy regulations, contact us on 1300 901 835 or www.cyberunlocked.com .

How LockBit's Attack on OracleCMS Unfolds a Cautionary Tale

Tue, 30 Apr 2024 03:28:00 GMT

Major Ransomware attack on a Australian Call Centre!

How LockBit's Attack on OracleCMS Unfolds a Cautionary Tale

On April 4th, the well-known ransomware group, LockBit, launched a stealthy cyber-attack on OracleCMS, a prominent Australian call centre operator. By April 12th, details of the attack were publicly revealed on LockBit's own leak site—a chilling showcase of the group's reach and impact.

OracleCMS, which operates contact centres across Australia, found itself in a dire situation when LockBit released over 60 terabytes of compressed data. This colossal breach included sensitive billing and financial documents, as well as a treasure trove of client information. The data, regrettably, featured extensive details from local councils, aged-care facilities, law firms, and even religious organisations like the Queensland chapter of the Philadelphia Church of God.

Among the leaked documents were on-call mobile numbers, extensive Excel spreadsheets, and details as minute as the location and meter IDs of every parking meter in the City of Sydney. More alarmingly, there were records of phone calls made to aged-care providers reporting serious issues such as diseases and instances of domestic abuse. While it appeared that no personally identifiable information was directly exposed, the breach still posed significant privacy risks.

What Does This Mean for You?

If you're concerned about the possibility of falling victim to a similar cyber-attack, here are some actionable tips to safeguard your data:

Stay Informed: Awareness is your first line of defence. Keep up-to-date with the latest cybersecurity trends and threats.
Use Strong, Unique Passwords: Ensure that your passwords are robust and unique across different services. Consider using a password manager to keep track of them.
Enable Two-Factor Authentication (2FA): Adding an extra layer of security can significantly reduce the risk of unauthorized access.
Regularly Update Software: Keep your operating system, antivirus software, and applications up-to-date to protect against known vulnerabilities.
Back Up Your Data: Regular backups can be a lifesaver in case of data loss or a ransomware attack. Ensure these backups are secure and not connected to your main network.
Educate Your Team: If you run a business, make sure your employees are trained to recognize phishing attempts and other common cyber threats.

What If You're Caught in a Ransomware Attack?

If you find yourself in the grip of a ransomware attack, here’s what you can do:

Do Not Pay the Ransom: Paying the ransom does not guarantee that you'll get your data back. It also encourages the perpetrators to continue their criminal activities.
Disconnect from the Network: As soon as you detect a breach, disconnect affected devices from the internet to prevent further spread.
Notify Authorities: Contact the Australian Cyber Security Centre (ACSC) through the web site https://www.cyber.gov.au/report-and-recover/report, or call the Hotline on 1300 CYBER1 (1300 292 371).
Consult Cybersecurity Professionals: Consider hiring experts who can help recover your data and secure your systems from future attacks.
Communicate Transparently: If client data is involved, inform them about the breach responsibly and transparently, explaining what steps you are taking to address the issue.

The attack on OracleCMS serves as a potent reminder of the ever-present cyber threats in our interconnected world. By taking proactive steps and preparing for potential cyber incidents, businesses can better protect themselves and their sensitive data.

The Invisible Threat: Why You Need Cyber Supply Chain Risk Management?

Mon, 22 Apr 2024 02:58:35 GMT

Cyber Supply Chain Risk Management

The Invisible Threat: Why You Need Cyber Supply Chain Risk Management?

In today's interconnected world, businesses operate within a complex ecosystem. They rely on a vast network of suppliers, vendors and partners to deliver products and services. While this interconnectedness fosters efficiency and growth, it also introduces a hidden danger: Cyber Supply Chain Risk.

Cyber Supply Chain Risk: threats sneak in through weak supplier links. Like a chain, one weak spot breaks the whole thing. Even strong defences can't stop an attack on a vulnerable vendor, putting your data and business at risk.

Why Should You Care About Cyber Supply Chain Risk?

Data Breaches : Attackers could exploit vulnerabilities in your supplier's systems to gain access to sensitive information about your customers, employees or intellectual property.
Disruptions : A cyber attack on a key supplier could disrupt your operations, leading to delays, lost revenue and reputational damage.
Financial Losses : Business disruptions and data breaches can have significant financial repercussions, including fines, legal costs and customer churn.
Erosion of Trust : A cyber attack within your supply chain can damage your reputation and erode customer trust in your ability to protect their data.

High-profile cyber attacks have highlighted the very real dangers posed by supply chain vulnerabilities. For instance, the SolarWinds attack of 2020 saw attackers compromise a software vendor, allowing them to infiltrate the systems of multiple government agencies and private companies. This incident serves as a stark reminder that no organisation is immune to cyber supply chain risk.

Fortunately, there are steps you can take to identify, assess and mitigate cyber supply chain risks. Here are some key strategies to consider:

Mapping Your Supply Chain : The first step is to gain a clear understanding of your entire supply chain. Includes identifying all vendors, partners and third-party service providers who have access to your systems or data.
Vendor Risk Assessments : Once you have mapped your supply chain, conduct thorough risk assessments for your key vendors. Evaluate their cyber security posture, including their security controls, incident response plans and data security practices. Tools like questionnaires and penetration testing can be helpful in this process.
Contractual Clauses: Include strong cyber security clauses in your contracts with vendors. These clauses should outline expectations regarding data security, incident reporting and cooperation in the event of a cyber attack.
Security Awareness Training : Implement security awareness training programs for your employees to empower them to identify and report suspicious activity within the supply chain.
Continuous Monitoring: Cyber threats are constantly evolving, so continuous monitoring is crucial. Regularly assess your supply chain vulnerabilities and update your mitigation strategies accordingly.
Collaboration: Cyber security is a shared responsibility. Collaborate with your vendors and partners to share best practices and jointly address cyber supply chain risks.

Benefits of a Robust Cyber Supply Chain Risk Management Strategy:

Enhanced Security Posture : By mitigating vulnerabilities within your supply chain, you strengthen your overall security posture and make it more difficult for attackers to gain access to your systems.
Improved Business Continuity : A strong cyber supply chain risk management strategy can help to ensure the continued operation of your business even in the event of a cyber attack on a vendor.
Increased Customer Trust: Demonstrating a commitment to cyber supply chain security can build trust with your customers, knowing their data is protected throughout the entire value chain.
Compliance with Regulations: Many industries have regulations that require organisations to manage cyber supply chain risks. A robust strategy can help ensure compliance with these regulations.

Not sure where to start?

Cyber supply chain risk is a growing threat in today's digital landscape. However, by taking proactive measures and adopting a risk-based approach, organisations can identify and mitigate these threats. Taking steps to secure your supply chain can seem daunting, but it's a necessary investment in the long run. Here at CyberUnlocked , we understand the complexities of cyber security and can help your business develop comprehensive Cyber Supply Chain Risk Management strategies.

Our team of experts can assist you with:

Supply Chain Mapping and Risk Assessments
Developing Vendor Security Policies
Security Awareness Training for Your Employees
Implementation of Security Controls
Incident Response Planning and Simulations

Don't wait for a cyber attack to expose the vulnerabilities in your supply chain. Take a proactive approach and contact CyberUnlocked now.

Get in touch for a free consultation!

Is your hotel room as safe as you think?

Mon, 01 Apr 2024 22:00:00 GMT

The Key to Your Privacy: How Secure Is Your Hotel Room, Really?

Imagine checking into a luxurious hotel after a long flight, weary but relieved to finally rest in a space you assume is secure and private. Your key card unlocks the door to not just a room, but a temporary sanctuary. Now, imagine discovering that this very sanctuary could be easily compromised, not by a physical break-in, but through a digital loophole in the lock system itself. This scenario isn't purely hypothetical. It's a real concern, heightened by recent vulnerabilities found in digital lock systems used by millions of hotels worldwide, specifically those manufactured by Dormakaba and Onity.

Researchers Carroll and Wouters exploited Swiss company Dormakaba's encryption and the MIFARE Classic RFID system to easily unlock Saflok keycard locks. Their method involves acquiring a hotel keycard, using a $300 RFID device to clone two keycards, which can then unlock doors by manipulating lock data. This vulnerability affects Saflok locks on 3 million doors across 13,000 properties worldwide, posing a major security risk to the hospitality industry.

The discovery of such vulnerabilities brings to light a crucial question about the security of our hotel stays. How did it happen? In many cases, these digital lock systems, designed to offer convenience and enhanced security through key cards or mobile access, were found to have software flaws. These flaws could potentially allow hackers to gain unauthorised access to rooms, posing a direct threat to guest privacy and safety. The impact of this revelation is not just a momentary panic but a profound concern for guests about their privacy and security, questioning the trust we place in the seemingly secure environments of reputable hotels.

For hotel owners and operators, the implications go beyond the immediate need to patch these vulnerabilities. The revelation of such security flaws can shake the confidence of guests, leading to a direct impact on bookings and, by extension, hotel revenues and long-term profitability. In a world where news travels faster than ever, the reputation of a hotel can be tarnished overnight, turning what was once a destination of choice into a case study in the importance of cyber security vigilance.

This story isn't unique to the hotel industry. It serves as a powerful reminder of the pervasive impact that cyber security vulnerabilities can have across all sectors. The digital transformation has ushered in an era where security breaches can have far-reaching consequences, affecting not just immediate operations but also the long-term trust and loyalty of customers. In the digital age, a business's commitment to cyber security is not just about protecting data—it's about safeguarding the very foundation of customer trust and the integrity of the brand.

How CyberUnlocked Can Help

With our deep expertise in cyber security, we excel in identifying software flaws, assessing risk, and implementing robust cyber security measures to protect your business against the evolving threat landscape. Our proactive approach includes comprehensive vulnerability assessments, ensuring that potential software flaws are identified and rectified before they can be exploited.

Dormakaba, the company behind the Saflok-brand door locks, is offering a fix for the identified vulnerabilities, but it may take months or even years to reach some hotels. By partnering with CyberUnlocked, you gain a dedicated ally in securing your digital assets, protecting your customer relationships, and ensuring the longevity of your brand's reputation. In the world of cyber security, being prepared is the key to your privacy and success.

Essential Cyber Security Tips for Charities and Not-for-Profits

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Sun, 17 Mar 2024 08:57:32 GMT

Essential Cyber Security Tips for Charities and Not-for-Profits

The Rising Threat Landscape

In an era increasingly defined by cyber threats, the Australian Signals Directorate (ASD) is actively encouraging charities and not-for-profit organisations across Australia to assess and enhance their cyber security measures. Given the upward trend in both the frequency and cost of cyber attacks on Australian entities, it's clear that cyber security must be a paramount consideration for organisations of all sizes within the sector. These organisations, often constrained by limited resources, are finding themselves particularly vulnerable to cyber incidents.

The Cost of Cyber Incidents

The consequences of such incidents are multifaceted, encompassing the loss of sensitive and invaluable data, interruptions to services, unauthorised modifications to systems, and damage to reputation. Furthermore, recovery from these incidents can be a protracted and challenging process.

A Roadmap to Enhanced Cyber Security

To aid not-for-profits (NFP) in fortifying their defences, the ASD has create a page dedicated to NFP resources. This link offers specialised advice for charities and not-for-profits, alongside a Cyber Security Checklist tailored to NFPs needs. This checklist is designed to guide organisations through the process of improving their cyber security stance and hygiene practices effectively.

Take Action Today

We strongly encourage all Australian charities and not-for-profit organisations to utilise these vital resources. By doing so, you'll not only safeguard your operations but also contribute to the national effort to secure Australia’s digital landscape.

Need more information? Contact us for further details and to commence your journey towards enhanced cyber security.

Social Engineering Masterstroke: What is deepfake?

Mon, 04 Mar 2024 10:24:33 GMT

The Art of Deception : Spotlight on Deepfake and Its Social Engineering Masterstroke

Protecting Your Business from Deepfake Dangers: Strategies and Insights

Imagine you're engaged in a video conference with your company's CFO, and within moments, you're swindled out of a staggering $39 million. This isn't a scene from a high-tech heist movie; it's the chilling reality of modern-day social engineering, powered by deepfake video technology.

In a shocking incident in London, a finance professional was conned into transferring $39 million to fraudsters during a "deepfake" video call. The scammers deployed artificial intelligence to mimic the appearances and voices of his colleagues, including his UK-based Chief Financial Officer. The Hong Kong authorities, who brought this case to light, revealed that the scam was orchestrated using AI to create eerily accurate digital replicas of the victim's coworkers. The fraud is among the largest of its kind, leveraging deepfake technology to deceive.

This groundbreaking scam involved multiple fake personas in a single video call, a first of its kind, according to Hong Kong police. "For the first time, we're seeing a scam where every participant in a video conference is a fabrication," remarked acting Senior Superintendent Baron Chan Shun-ching. The finance worker initiated 15 transactions to five different bank accounts before doubts set in, prompted by a suspicious email purportedly from his CFO.

The Intricacies of Deepfake Technology

Deepfake technology uses advanced AI to generate highly convincing fake videos or audio clips, showcasing individuals doing or saying things they never actually did. Recent advancements in AI have significantly improved the realism of deepfakes, making it a potent tool for impersonators and scammers. This technology can clone a person's voice with just a few seconds of their voice clip, paving the way for unprecedented phishing attacks.

Safeguarding Your Business Against Deepfakes

The recent $39 million scam is a stark reminder of the potent threat deepfake technology poses to businesses. But how can you shield your enterprise from such sophisticated attacks?

Maintain a Comprehensive Cyber Security Strategy: Maintaining a robust cyber security strategy is crucial. This plan should encompass not only the technological but also risk assessment, incident response, and recovery procedures specific to your business.

Fortify Your Cyber Security Defences: Enhance your cyber security solutions to prevent unauthorised access to critical data and systems.

Cultivate Awareness and Training: Educate your workforce on the dangers posed by deepfakes. Provide comprehensive training on identifying and responding to potential deepfakes to prevent manipulation.

Discover how to effectively train your team and bolster your cyber security measures at CyberUnlocked .

As deepfake technology continues to evolve, staying ahead of these threats becomes paramount. By implementing sophisticated AI detection tools, strengthening your cyber security, and educating your team, you can protect your business from financial and reputational harm. The era of deepfakes demands vigilance and proactive defence strategies to navigate the complexities of digital deception.

CyberUnlocked setting new standards in cyber security on Ticker News

Thu, 19 Oct 2023 11:02:39 GMT

CyberUnlocked setting new standards in cyber security on Ticker New s

Sarah McAvoy, Managing Director and Founder of CyberUnlocked was recently interviewed by Mike Loder from Ticker News to delve into some essential tips this Cyber Security Awareness Month.

Sarah discusses the key takeaways from the 2023 Australian Cyber Conference and how they align with CyberUnlocked’s mission to provide top-notch cyber security solutions.

With October being Cyber Awareness Month, Sarah who is an ACSC cyber awareness champion also imparts essential tips for businesses looking to bolster their online protection in an increasingly digital world.

Sarah McAvoy and CyberUnlocked Win 2023 Australian Women's Small Business Champion Award

Mon, 09 Oct 2023 09:23:56 GMT

Sarah McAvoy and CyberUnlocked Win 2023 Australian Women's Small Business Champion Award

In all professions, it's crucial to acknowledge and celebrate outstanding achievements that inspire and drive progress. On the 23rd of September, the 2023 Australian Women's Small Business Champion Awards did this by honouring the nation's most influential and inspiring women in small business.

The event was hosted by noted journalist and broadcaster, Deborah Knight with the Gala Event held at the newly-built Western Sydney Conference Centre. The Gala brought together nearly 1000 guests from across the business spectrum.

The Information Technology Champion category was won by Sarah McAvoy, the founder of CyberUnlocked , in recognition of her contributions to the information technology sector.

What set Sarah apart in the eyes of the judging panel was not just her commitment to clients but also her significant contributions to development and mentoring initiatives.

Sarah McAvoy's achievement is a testament to her pioneering spirit and her dedication to breaking barriers in the cyber security sector. Her win aligns with the broader theme of the Australian Women's Small Business Champion Awards, which spotlights the growing number of successful female-led small businesses across diverse industries.

From environmentalists and Indigenous business leaders to women working in agriculture, IT, retail, finance, and more, the awards program is possibly the most diverse in the country, highlighting the accomplishments of women from various sectors.

It's heartening to see the rapid rise in successful female-led small businesses. More than one-third of the 3.3 million businesses operating in Australia are run by women, and this number is steadily on the rise.

Sarah McAvoy's win at the 2023 Australian Women's Small Business Champion Awards is a tribute to her commitment to her clients, her ground-breaking work in the cyber security industry and her unwavering commitment to driving positive change in her community.

Join our founder Sarah McAvoy at the CBD Sydney Chamber facilitating a Small Business Cyber Security Panel Discussion

Wed, 04 Oct 2023 05:13:56 GMT

Join our founder Sarah McAvoy at the CBD Sydney Chamber facilitating a Small Business Cyber Security Panel Discussion

Join the CBD Sydney Chamber for a panel discussion, Q&A and networking on cyber security.

This facilitated panel discussion is different. It explores more than what to watch out for. The panel will feature businesses which have experience dealing with hacks. What you’ll hear provides the motivation and knowledge on how to be more prepared than ever before.

Hear from an expert on experiences of businesses that have been victims of cyber-attacks. An Optus partner business will talk and take questions on its well-publicised experience and the implications this may hold for SMEs.

Q&A facilitated by Sarah McAvoy of CyberUnlocked who is also a 2023 Cyber Security Champion for this October’s Cyber Security Month with a panel of experts across:

Cyber insurance – is your business really covered
Cyber threats – is your network, small or large, truly protected
Cyber training – your people are your best defence, training opportunities discussed
Cyber documentation & liabilities – legally, where do you stand if your information is hacked

And the impact on Cyber threats on your team's mental health – the constant need to be on alert creates anxiety among some team members.

This event is proudly funded by the NSW Government.

5 Must-Dos During Cyber Security Awareness Month

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Mon, 02 Oct 2023 05:31:50 GMT

Once every seven minutes. That’s how often the Australian Annual Cyber Threat Report states that a cyber crime is reported.

October is Cyber Security Awareness Month in Australia. As part of our commitment to make Australia a more secure place to connect and do business online, we have partnered with the Australian Cyber Security Centre (ACSC) as a Cyber Champion.

And that starts with providing clear, simple, actionable tips to fortify your business against cyber threats.

The following might seem like a lot to cover. But chances are that you are already doing a lot of this to some extent. What we’re sharing here are minimum practices that all organisations big or small in Australia must implement to have a minimum level of cyber maturity.

The idea is not to measure yourself on a ‘pass / fail’ basis. It’s more about embedding a continuous improvement mindset in your organisation when it comes to cyber security. A list like this provides a jumping off point for internal conversations about cyber security.

Let’s dive in.

1. Update The Software On All Devices Regularly

Regular device updates are like routine check-ups for your business's digital health. Here's why they matter:

Patch Vulnerabilities: Updates often contain patches for security vulnerabilities. Neglecting updates leaves your systems exposed to potential threats.
Improved Performance: Updates can enhance device performance and compatibility with newer software and applications.
Stay Ahead of Threats: Cyber criminals are constantly evolving their tactics. Regular updates help your business stay one step ahead in the cyber security game.

2. Multi Factor Authentication (MFA) Matters

This is a very simple proposition. You need more than one layer of security.

Multiple forms of verification: MFA requires users to provide two or more forms of verification to be provided before access is granted to a system. This typically includes something you know (password) and something you have (e.g., a mobile app or SMS code).
MFA Benefits: It significantly reduces the risk of unwanted access, even if one layer of security like a password is compromised. It’s also becoming easier to implement. More and more online services and platforms offer MFA options.

Practical tip: schedule time for yourself and your team to review existing software, including all those cloud applications, to enable MFA on any that are missing it.

3. Back It Up

Loss of data seems like a tomorrow problem. But loss of contracts, invoices or even contact numbers can be devastating for businesses. Getting it back can be costly and time consuming. Backup solutions are your insurance policy against every type of data loss.

Regular backups: Schedule backups of your critical data to a secure location. There are ways to automate this so it happens without the need for ‘manual’ intervention.
Ransomware insurance: ransomware attacks work because the attacker can prevent access to your vital information. Having a backup reduces their leverage over you.
Test restores: Periodically test your backups to ensure they are working correctly and can be restored when needed.

Make a document that lists all of your business-critical data – the kind you and your team use every day and week. Then confirm there is a recurring schedule to backup and test each source of data.

4. Use Passphrases and Password Managers

Passwords are simple security tools. But they can be made to be more effective.

Passphrases: Create strong, easy-to-remember phrases by combining random words that have some meaning for you into phrases. They can be nonsense to anyone but you. For extra points, substitute characters for letters (e.g. ‘$’ for ‘S’ and ‘4’ for ‘H’). It might be your last holiday destination coupled with your sporting team (e.g. $un$hineCoastRoosters42).
Password managers: Use a trusted password manager to generate, store, and autofill complex passwords for your accounts. These create password complexity without requiring extra mental power to remember complex passwords and phrases.
Unique passwords: Don’t be tempted! Don’t duplicate passwords across multiple accounts.
Size matters: A password less than 11 characters is no longer considered secure, a bot could crack it in minutes. Keep your passwords long and strong.

5. Upskill Your Team

Your cyber security is only as strong as its weakest link. There are practical ways to bring everyone to the same, high level.

Training: Provide cyber security training to your staff, teaching them to recognise and report threats.
Cyber plans and policies: Develop clear plans and policies on keeping your business secure. Your employees need to know their role in protecting you and your clients. Keep an updated incident response plan outlining steps to take in the event of a cyber incident.
Stay informed: Work with a trusted partner to monitor the latest cybersecurity trends and threats that could affect your industry. This approach lets you focus on running your core business.

Not sure where to start?

If you’d like to talk with a local, Sydney based cyber security expert with deep experience working with Australian businesses and organisations on practical cyber security matters we would love to chat. We can assess where you currently stand, and provide clear, practical options for improving your current security settings to guard against potential threats and disruptions.

Beware of Scammers This Tax Time - Essential Cyber Security Tips

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Wed, 19 Jul 2023 06:04:35 GMT

As we start to file our taxes for the last financial year, it's important to remember that while it's tax time for us, it's prime scamming season for cyber criminals.

Warnings from ACMA

The Australian Communications and Media Authority (ACMA) is warning consumers to be particularly vigilant for tax-themed scam emails, SMS, and calls over the coming months. Cyber attackers are set to exploit Australians submitting tax returns or awaiting assessment outcomes.

Common tactics of cyber criminals during tax time

According to ACMA, the most common tactics include:

Robo-calls or calls from individuals impersonating Australian Tax Office (ATO) officials or other government departments demanding urgent payment of a tax debt or requesting personal information to process a tax refund.
Emails or SMS messages pretending to be from MyGov, which include links to provide financial information to receive non-existent refunds.

How to protect your business? Safety starts with awareness

Your business is your fortress. Guard it with smart strategies that leave scammers second-guessing.

Here are some simple steps to protect your business:

Don't trust the contact information provided by callers or in emails and SMS.
Never share your personal information or make payments to unknown callers over the phone.
Cyber security isn't just about tech. It's about people too. Train employees to resist clicking on links in emails or SMS. These could be phishing scams designed to steal personal details.
Build a cyber safe culture in your business. Simple steps like using strong passwords, disabling unused accounts, and limiting access rights only to those who need it can be small steps that go a long way in protecting you and your business.

Remember, the ATO will never threaten you with arrest, demand immediate payment, or cancel or suspend your Tax File Number. If in doubt, contact the ATO directly at 1800 008 540 to verify the authenticity of a call or message.

Not sure where to start?

Scammers target everyone. I encourage you to learn how to identify scams and discuss these strategies with friends and family. Protect yourself and your loved ones.

If you suspect your identity has been compromised or you've fallen victim to a scam, contact your bank immediately and call IDCARE at 1800 595 160. Report suspicious activities to Scamwatch .

Need help in safeguarding your digital presence? Connect with us at CyberUnlocked . We work with Australian businesses to build a secure digital world, one step at a time.

New Tool Exploits Microsoft Teams - How to Defend Your Business?

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Fri, 07 Jul 2023 05:10:31 GMT

In today's interconnected world, collaboration platforms like Microsoft Teams have become vital for remote work and team communication. However, a recent security issue has surfaced, exposing a vulnerability that could compromise your business using this popular tool. Let's delve into the problem, understand its implications, and explore potential solutions.

New Microsoft Teams Bug

A member of the U.S. Navy's red team has developed a tool called TeamsPhisher, shared on GitHub, that capitalises on an unresolved security flaw within Microsoft Teams. This vulnerability allows an attacker to bypass file-sending restrictions and deliver malware from an external account to users within an organisation.

The exploit stems from a client-side protection loophole that enables external users to be mistaken for internal users. By altering the ID in a POST request, attackers can deceive Microsoft Teams and circumvent its file-sending restrictions. This significant security flaw demands immediate attention and action from any organisation using Microsoft Teams.

Safeguarding Your Business

While awaiting Microsoft's resolution of the issue, it is crucial to take proactive steps to protect your business. Consider the following strategies:

1. Disable communications with external tenants

If not necessary, it's recommended to disable communication with external tenants altogether. By restricting interactions to trusted internal parties, you can mitigate the risk of exploitation.

2. Create an allow-list of trusted domains

Implementing an allow-list that specifies trusted domains can further reduce the chances of falling victim to this exploit. Limiting interactions to authorised sources ensures a more secure environment.

3. Promote cyber security awareness

Educate your teams about the risks associated with social engineering and phishing attacks. Encourage them to exercise caution when clicking on links, opening unknown files, or accepting file transfers. A well-informed workforce is your first line of defence.

Not sure where to start?

If you find yourself unsure about the appropriate actions to take or need guidance on bolstering your organisation's cyber security practices, don't hesitate to reach out to the experts at CyberUnlocked . Our team of experienced professionals is dedicated to helping organisations navigate the complex realm of cyber security and develop tailored solutions to mitigate risks effectively.

Remember, in the face of evolving cyber threats, proactive measures and continuous vigilance are paramount to safeguarding your business’ digital landscape. Stay informed, stay protected.

How Can I Reduce My Cyber Liability Insurance Premiums?

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Wed, 28 Jun 2023 04:05:12 GMT

Cost inflation is real, and painful to the bottom line of businesses everywhere. Businesses get caught between their own rising costs on one side, and the risk of unhappy customers on the receiving end of price increases to cover those costs on the other side. It’s a frustrating situation.

And insurance is one of those costs of doing business. Building, contents, liability, directors’ and indemnity insurance have all recorded price rises in recent times. Cyber liability insurance is not immune either. In fact, for many organisations the risk of Cyber Events and insurance costs now out-way the risk of terrorism.

Are there any actions I can take to lower the cost of those premium payments?

Yes, there are tangible, proactive ways to lower the cost of your cyber insurance premiums. It involves doing the digital security equivalent of putting locks on the doors and security screens on the windows of your home. These actions lower your exposure to risk and your insurers lower your assessed risk profile. And since insurance premiums are priced on risk that means that any action you take to lower your risk may lower your premium.

If you don’t know your exposure to risk, then you are more than likely absorbing risk unwittingly. Something your insurer certainly won’t be doing.

Some exposure examples might be;

Do you comply with your relevant PCI DSS obligations?
Do you comply with The Privacy Act 1988 (Privacy Act)?
Do you have a Data Protection / Privacy policy?
Do you have firewalls protecting your own and customer/client data?
Do you protect all Personally Identifiable Information (PII) and other sensitive data through encryption?
Do you outsource the handling of any Personally Identifiable Information?
Do you use up-to-date antivirus and malware protection software? Is this updated on a weekly or monthly basis?
Are all business-critical systems and data information assets backed up and stored at another location?
Has an independent party completed an audit of your systems and data security?
If your IT network failed, how serious would this impact your business?
Are your data security policies and procedures communicated to all employees, including annual security awareness training?

What can you do then?

1. Implement strong cyber security policies and procedures

An effective cyber security approach doesn’t rest on a single action or activity but on a strong framework. In practice, that means having policies and procedures that covers each relevant aspect of the digital security of your business. This is highly tailored to each business and industry. For example, a company that provides services to a defence contractor or a health organisation will have more complex requirements than a local volunteer organisation. Understanding what types of policies and procedures an organisation like yours should have is key, and something that an experienced consultant can assist with. Remember, your IT system are always at risk through multiple sources of access as well as personnel, both internally and externally.

2. Design an effective incident response plan

An incident response plan is the business version of a fire drill and evacuation. A hypothetical network failure or data breach is created and then you and your team can sit down to plan what your responses would be to loss of access to systems, a breach of customer data or a ransom request. Planning a response can also help to identify preventative and mitigating actions such as backing up business-critical data with a third-party provider. Unless you have Plan B in place, it is highly likely that any recovery post-event will cost you far more than prevention. Some businesses just do not survive.

3. Implement cyber security awareness training for staff

The data shows a very clear fact: most data breaches and network compromises happen as a result of staff accidentally clicking a link, downloading software or giving information that allows malicious actors access to a business system. But to flip that on its head, it also means that you and your staff can also be the strongest first line of defence. A way to demonstrate this for the purposes of lowering an insurance quote is to have a regular program of cyber security awareness training and testing for staff, with sign offs and updated modules as threats evolve. People risk is the common factor.

4. Keep software and operating systems updated

You likely run your business on a number of different operating systems. Sales people and technicians working in the field might make use of the Apple family of products and have iPads and iPhones for tracking work orders and appointments. Your office might be more heavily reliant on Microsoft software products like Word, Excel and SharePoint.

But no matter what choices you have made for your products, there is one constant: keeping software updated. Hackers are adept at finding weaknesses in operating systems and programs. Luckily, the companies that provide this critical business infrastructure are proactive and good at identifying these weaknesses and ‘patching’ them. But you need to have a regular program of updating your software and installing the updates that flow through. Some insurers are now denying claims for losses emanating through legacy or software which is not up to date or supported.

5. Follow a regular penetration testing schedule

Penetration testing lets businesses find weak points in their defences and address them with better controls. But a business and its systems aren’t ‘fixed’ – they evolve over time. That means that scheduled, regular testing is the best option if you are seeking to demonstrate a diligent approach to your cyber security to an insurance provider.

Not sure where to start?

If you’ve received your annual cyber insurance premium, or you’ve looked into the cost but are wondering whether it’s a fair quote, CyberUnlocked can help.

We partner with insurance brokers and risk managers who and can help explain the landscape for cyber security insurance as it applies to your business and industry, and help you understand if there are things that you can do to lower the cost of insuring your business against potentially damaging cyber threats.

Unfortunately, cyber insurance is relatively new. Law both in Australia and overseas is constantly behind IT services and products being provided. With new insurers wanting to get a slice of the action, a risk environment where losses are growing exponentially and policy wordings that are almost impossible to compare, it is an area for expert advice.

Insurance does not change risk – it either pays or does not.

We can help you change your risk profile. Good security and risk mitigation must be a deliberate and considered exercise. The benefits are the reduced likelihood and seriousness of cybers events. The bonus is a reduced dependence on insurance and lower annual premiums cost.

9 Essential Questions to Safeguard Your Business When Adopting Generative AI

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Mon, 12 Jun 2023 04:25:46 GMT

If you’ve been in business for a while, you might remember ‘servers’. If you don’t, then think of a digital filing cabinet. A server was a physical machine that provided the back-office service of storing the digital data of a business. And like a filing cabinet, a place for it had to be found on the premises.

This ‘on-premises’ server is more or less extinct for most small and medium sized businesses these days. What happened? The cloud happened. The cloud meant that large companies (Microsoft, Google, Amazon Web Services) built gigantic server farms. And then they leased the storage space to other companies. And that spawned a new generation of business tools like Xero, MYOB and QuickBooks Online.

But when the cloud came out, there were huge concerns amongst business owners and managers about data. Would it be safe? Would it be secure? Who would be liable in the event of data loss if the data wasn’t stored ‘on premises’?

This wasn’t the first time these concerns had come up. The arrival of the internet had brought similar worries and doubts.

And now generative AI is causing the same sorts of questions to be asked.

This article is about giving you an overview of these applications, then go through potential pitfalls of these tools and how you can manage the risk / reward trade-off effectively to gain the benefits of this new tool without taking unnecessary risks with your business.

What is Generative AI?

Generative AI, also known as generative artificial intelligence, is a technology that focuses on creating new content. After a lengthy period of ‘training’ on vast data sets, the AI models can begin to generate original and creative outputs, such as images, music, text, or even videos. The best of these are basically indistinguishable from human-created content.

What Are Some Examples Of How It Can Be Used?

For business managers and owners, all of that might seem interesting, but a little abstract. So here are just three examples of how generative AI can be used within the four walls of a business in almost any industry:

In-House Marketing
Customer Service
Emails composition or automatic replies based on previous examples

Practical Cyber Security Considerations

As cyber security experts, we have spent a lot of time thinking about, and talking to clients about how to evaluate these tools for security. We’ve narrowed down the main three ‘headline’ points.

A. Evaluate Data Privacy and Security

Technology can often move faster than regulation (think of Uber versus decades old taxi rules). But even though Generative AI is available for use, it doesn’t mean it has been ‘approved’ by any regulator or industry-specific body.

And because these tools can apply in industries as diverse as bulk shipping to jewellery retailing, we’re unlikely to get a uniform set of regulation. So, what we can advise is that key decision makers ask themselves the following questions when evaluating the characteristics of a potential tool:

1. Do I understand if the tool complies with the data protection laws my business has to comply with? How is data that I input into the tool treated? Is it confidential? Or is it able to be used for other applications (such as further training the model).

2. Do I understand whether the data I input into the tool is:

Stored, and, if ‘yes’,
How is it encrypted?

3. Am I permitted under the terms of service and contracts I have signed with clients and suppliers to input data that could identify them into a third-party tool like this one? Do I require further informed consent to do so?

B. Assess Transparency and Fairness

In the same vein, here are some key questions to assist you in evaluating the transparency and fairness of any ‘outputs’ provided by a generative AI tool:

4. Have I tested the ‘outputs’ of the tool using ‘test’ questions where I am confident of the answers to check its accuracy and fairness according to my parameters?

5. Do I understand the potential for hidden or implicit bias to exist in these tools (given they are early stage and still in development)?

6. Am I comfortable with being held accountable for decisions / outputs provided by an AI model if queried by my clients and employees (e.g. if an AI tool is used to screen job applications for an open role for suitability)?

C. Check Reliability and Performance

And here are some key questions regarding reliability and performance of generative AI tools:

7. Do I have a backup in place if this tool becomes unavailable, or will key business functions suffer if it is ever unavailable?

8. How much reliance will [insert job function here] have if we introduce [insert generative AI application here] into their business-as-usual work processes? What percentage of the job will require the use of this tool?

9. Do we have criteria in place to measure the reliability and performance of the tool we are proposing to adopt. If not, what might those criteria be, and when will they be reviewed?

Key Takeaway

Generative AI tools like ChatGPT reached 100 million users faster than other milestone technologies like the internet or mobile phone. Chances are they are here to stay. But for businesses to adopt them effectively, care needs to be taken, especially with the data privacy and cyber security aspects. CyberUnlocked can partner with your business so that you can capture the benefits without compromising the security of your data or that of your customers and suppliers.

Are You Taking Advantage of the Business Deductions for Cyber Security?

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Fri, 02 Jun 2023 10:37:28 GMT

The clock is ticking as Australian lawmakers rush to enact the Technology Boost and the Skills and Training Boost - two ground-breaking policies that offer significant tax deductions to small businesses investing in digital upgrades and staff upskilling. If you are a small business operating in Australia, especially in the cyber security sector, this is a golden opportunity you don’t want to miss.

Announced in March 2022, the Technology Boost and Skills and Training Boost policies present small businesses with the chance to claim an additional 20% tax deduction on eligible digital upgrades and staff training courses. This bonus deduction applies to up to $100,000 in spending, meaning that small to medium-sized enterprises (SMEs) could potentially shave off up to $20,000 from their tax bill.

This is particularly exciting news for the cyber security landscape. As cyber threats continue to evolve, businesses must stay ahead of the curve. Investing in technology and training is paramount. The Technology Boost allows you to bolster your cyber security measures, while the Skills and Training Boost can be an essential tool in arming your team with the knowledge and skills to protect and defend against cyber threats.

The eligible spending period for the Technology Boost is from 7.30pm on March 29, 2022, to June 30, 2023. As for the Skills and Training Boost, spending is covered up to June 30, 2024.

But there's a catch! The boosts are not law just yet. The legislation necessary to enact both boosts is presently awaiting approval in the Senate. Both the Coalition, which proposed the measures in the 2022-2023 budget, and the Labor government have shown support. However, time is running short for the boosts to be legislated before the end of the financial year.

What should you do to ensure you don't miss out on these deductions?

The Australian Tax Office (ATO) has made it clear that small businesses cannot claim these bonus deductions until they become law. However, they have provided some guidance for eager businesses. If you’re planning to claim the technology investment or skills and training boost, you can opt to delay submitting your 2023 tax return until the law is enacted. Alternatively, you could submit your tax return and claim the ordinary deduction for the technology investment or skills and training expenses.

In summary, the Technology Boost and Skills and Training Boost represent a substantial incentive for small businesses, especially in the cyber security field, to invest in digital upgrades and employee training. With the legislation still pending, it is imperative to keep a close eye on developments and be prepared to act accordingly.

This is an invitation to forge ahead, and to not only protect your business but also contribute to fortifying Australia's cyber landscape. Grab this opportunity and pave the way to a safer and more resilient digital future.

This advise shared in this blog is general in nature, please consult the ATO web site for up to date information.

Why Regular Vulnerability Scanning and Penetration Testing is Crucial for Your Business

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Wed, 24 May 2023 10:55:43 GMT

You're the owner of a thriving small business that has been steadily growing its online presence. You’ve put some work into your website, and it’s becoming a valuable source of new customer inquiries. You’ve also set up a booking form where potential clients get in touch and provide you some details so that you can quote jobs for them in a quick, efficient manner.

Customers are responding and entrusting you with their personal information. Everything seems to be going smoothly until one day, a hacker finds a weakness in your digital defences. It’s the digital equivalent to a concealed trapdoor: you didn’t know it existed, let alone how to defend it. Suddenly, your customers' data is compromised, your reputation is tarnished, and your business is left scrambling to recover.

This scenario, or one very similar to it, has been a reality that many Australian businesses have recently faced. According to the Australian Cyber Security Centre (ACSC) Annual Cyber Threat Report, released in June 2022, a cybercrime is reported every 7 minutes on average. Alongside the high-profile breaches of ASX200 companies, there are dozens of lower-profile but just as disruptive attacks on businesses and livelihoods.

As cyber threats continue to evolve and grow more sophisticated, it's imperative for small and medium-sized businesses to take proactive measures to protect their digital assets and safeguard their customers' trust.

This blog will detail some of the measures that any business can, and should, take to respond to this reality.

What is Vulnerability Scanning?

Vulnerability scanning is a proactive approach to identifying security weaknesses in your business's digital infrastructure. To continue the analogy from the introduction, it involves searching for that hidden trapdoor that left you vulnerable, with the assistance of a qualified builder and architect who know what they’re looking for.

In the cyber security realm, it involves using specialised software tools to scan and analyse your systems, networks, and applications for potential vulnerabilities that could be exploited by cyber criminals. The scanning process aims to uncover things like security holes and outdated software versions. These can represent a point of weakness that could leave your business exposed.

One of the key benefits of vulnerability scanning is its ability to classify the identified security holes based on their severity and potential impact. This classification helps rank the vulnerabilities that require immediate attention. This is a practical approach. Businesses can allocate their resources effectively to address the most significant risks first, reducing the likelihood of successful cyberattacks. A skilled cyber security expert can rank the vulnerabilities effectively, and explain the risk attached to each one, leaving you to make a business decision that fits with your other priorities.

It's worth noting that there are different types of vulnerability scanners available, each designed to target specific areas of your digital infrastructure. These include:

network-based scanners,
host-based scanners,
web application scanners,
database scanners, and,
wireless scanners

Penetration Testing

Penetration testing is also sometimes known as ‘ethical hacking’. It’s akin to employing a reformed criminal and thief to plan a robbery, but where the employer is the owner of the location that is being ‘robbed’. The ‘ethical’ thief plans and then simulates a ‘real world’ robbery to test the strength of the defences of the business and its response times.

It’s a systematic and controlled approach to assessing the security of a business's digital infrastructure. It differs from vulnerability scanning. Vulnerability scanning focuses on identifying vulnerabilities, penetration testing takes it a step further by simulating real-world attacks to exploit those vulnerabilities and assess the effectiveness of existing security measures. The ultimate goal of penetration testing, from a business perspective, is to identify and address weaknesses before malicious actors can exploit them.

There are different types of penetration testing, including black-box, white-box, and, grey-box testing.

The Benefits of Regular Vulnerability Scanning and Penetration Testing

The two approaches above work in tandem with one another. They work in harmony to provide a comprehensive assessment of the cyber security protection within your business. Vulnerability scanning helps identify potential weaknesses, misconfigurations, and outdated software versions, while penetration testing validates and verifies these vulnerabilities through real-world simulations.

This can help your business be proactive, rather than reactive after a threat has already manifested itself. There are practical advantages to this. Addressing vulnerabilities before they are exploited significantly lowers the risk of data breaches, financial losses, and reputational damage.

In addition, regular vulnerability scanning and penetration testing aid in maintaining compliance with industry standards and regulations that are required to do business in different jurisdictions. These include frameworks such as GDPR, HIPAA, and PCI-DSS.

Key Takeaway

Ultimately, the combination of vulnerability scanning and penetration testing provides a comprehensive security assessment that helps businesses stay resilient in the face of evolving cyber threats.

A skilled and experienced cyber security team can perform these assessments, and then explain the results to you in a practical, actionable way, including ranking the potential weaknesses and providing advice, but leaving the ultimate decision about next steps entirely to you. CyberUnlocked has years of industry experience and has worked with dozens of businesses to do this kind of prevention work. If you feel as though we may be able to help with your needs, we look forward to speaking with you.

ISO 27001 vs SOC 2: Which Certification is Right for Your Organisation?

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Tue, 16 May 2023 19:55:59 GMT

Certifications, such as ISO and SOC2, provide independent verification of your businesses adherence to rigorous standards and best practices in areas like information security, data privacy, and operational excellence. They can be a powerful tool that can help you show to potential clients and partners that you have a demons trated commitment to these crucial factors.

In this blog, we will explore the significance and benefits of certification for small and medium-sized businesses and look specifically at ISO 27001 and SOC 2 compliance.

What Are The Benefits?

E xternal audits, such as ISO 27001 or SOC 2 assessments, offer numerous advantages for businesses.

First and foremost, they provide an independent and objective evaluation of your cyber security measures. It’s like getting a fresh set of eyes to assess your security practices to spot the things that you might not be able to see from your vantage point.
Second, you get subject matter experts. Your expertise is in running your business. These audits bring in experts who focus on information security.
Third, having an external certification or audit report can establish confidence in your clients, partners, and stakeholders, showing them that you take data protection seriously. It also shows that you have proactively taken the necessary steps to safeguard their sensitive information.

What is SOC 2?

Data breaches and cyber threats are now an ever-present part of the business landscape. Maintaining a strong security posture is becoming more important. And being able to signal that this has been done to a high standard is also crucial.

This is where SOC 2 comes into play. SOC 2, which stands for Service Organization Control 2, is a widely recognised certification that validates a businesses commitment to protecting customer data and maintaining stringent security and privacy controls. Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 sets a comprehensive framework for assessing the cyber security of a business.

What are the Key Requirements of SOC 2?

To obtain SOC 2 certification, businesses must undergo a thorough audit conducted by an independent third-party assessor who assesses compliance with certain requirements. A summary of these is:

Security : This requirement focuses on the implementation of robust security controls to protect against unauthorised access and system vulnerabilities. It involves measures such as access controls, incident response, and ongoing monitoring of security systems.
Availability : The availability requirement ensures that systems and services are accessible and reliable, with minimal downtime or disruptions.
Processing Integrity : This requirement ensures the accuracy, completeness, and timeliness of data processing.
Confidentiality : Confidentiality requirements focus on protecting sensitive information from unauthorised disclosure.
Privacy : The privacy requirement emphasises the protection of personally identifiable information in accordance with the applicable privacy laws of the jurisdictions where your business operates.

Who Can Audit for SOC 2?

SOC 2 audits must be conducted by independent Certified Public Accountant (CPA) firms or qualified audit professionals who possess the necessary expertise and knowledge. These audit firms or professionals should have a deep understanding of the SOC 2 framework and the industry-specific requirements applicable to the business being audited.

What is ISO 27001?

ISO 27001 is a widely recognised international standard for information security, and the management of information and sensitive data. It was last updated comprehensively in 2022, but has existed for decades. Major updates occur to bring the concepts and frameworks into line with the most recent developments in the business landscape, for example the advent of cloud computing and the rise of off-premises data storage in the last decade.

What are the Key Requirements of ISO 27001 Certification?

ISO 27001 is a large, comprehensive framework. It consists of concise clauses along with an extensive annex that outlines 14 security domains and 114 controls. Some of the key clauses are about:

Understanding the business context and engaging stakeholders
Demonstrating leadership and securing top-level support for information security
Planning the implementation of an Information Security Management System (ISMS), including conducting risk assessments and implementing risk treatment measures
Providing necessary support for the ISMS implementation
Making the ISMS operational within the business
Regularly reviewing the performance of the system
Establishing a framework for corrective actions and continuous improvement

Who Can Audit for ISO 27001?

Similar to SOC 2 compliance audits, ISO 27001 audits can only be conduced by approved auditors. In this instance, these auditors must be approved by an Accredited Certification Body. These auditors must be both competent (and certified as such) and independent.

ISO 27001 can involve two stages of external audit to get the certification and then two other types of audit to maintain the certification. The first type of audit is a surveillance audit. This ensures ongoing compliance with the standards, and are a little like a regular car service. The second type of follow-on audit is a re-certification audit, which as the name suggests, is about maintaining the results of a previous audit before the certification lapses.

How Do I Choose the Right Standard?

With the help of a local expert. Cyber Unlocked can help you. We have years of experience working with Australian small businesses and medium sized enterprises who operate locally and offshore. We are certified ISO Lead Auditors and experts in the various frameworks with deep experiences in a range of different industries. That means we can tailor our advice to suit you, and save you wasted time and unnecessary effort. We look forward to speaking with you soon.

What Changed In The 2022 update of ISO27001 and ISO27002?

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Wed, 03 May 2023 09:51:42 GMT

The ISO standards provide a set of guidelines and requirements that can be trusted across the business world. Putting together these standards is a huge body of work that involves a consensus-based approach that draws together the work of dozens of interested parties from a range of backgrounds.

The standards are regularly reviewed by these parties. And where changes need to be made to reflect changes in the real world, they are made so that the standards remain relevant to businesses and their customers.

The ISO27001 and ISO27002 standards have seen some recent updates, and this article will go through the most relevant ones and explain how they benefit those businesses that adopt them.

What Has Changed?

The ISO 27001 and ISO 27002 standard last underwent a major update in 2022. This update replaced large parts of the previous standard which was released in 2013, and periodically refined with more minor updates. According to ISO, the updated document is ‘to be used as a reference for determining and implementing controls for information security risk treatment’ and is designed to be flexible enough to adapt to industry and business-specific uses.

The document also includes a number of important updates. These changes include the addition of new controls and clarifications to existing controls to reflect changing technologies and security threats. Here is a summary of the major changes:

The previous standard was grouped into 14 subdomains. The 2022 update contains just four major themes instead. These are: organisational controls, people controls, physical controls and technological controls.
The number of security controls have been reduced from 114 to 93. This is the result of merging similar controls from the previous document. From a practical point of view, for businesses seeking the certification, these refinements make the process of complying with the framework more streamlined.
Some examples of specific cyber security controls introduced include standalone controls to deal with threat intelligence, information security for the use of cloud services, ICT readiness for business continuity and information deletion. We’ve highlighted these examples because we believe that they are the most specific to the type of reader who will be reading this article, and the type of business that they work in.
The last major point we were most interested in when the update came out was the introduction of some major attributes that had not been previously included. They include core cyber security concepts that will be relevant to almost all organisations as more of our business and communication is conducted online.

Why Should Businesses Adopt These Changes?

Businesses that adopt these changes are able to demonstrate through practical actions how they are keeping pace with the evolving business environment. In 2000, few businesses had websites. In 2010, social media was dominated by ‘personal’ use cases, with businesses largely on the sideline. Each year brings about small changes in the best practices and norms of any business. But over longer time periods, these changes accumulate. It can be hard to determine which changes are long-lasting and which are simply fads.

But long-established and highly respected standards like those published by the ISO are a reliable reference point for businesses and managers to rely on.

How do ISO 27002 and ISO 27001 Work Together?

ISO 27002 and ISO 27001 are related standards, but they serve different purposes.

ISO 27001 is a standard for information security management systems (ISMS). It provides a framework for businesses to manage and protect their information assets by establishing and implementing policies, procedures, and controls based on risk management. ISO 27001 is designed to help organisations maintain the confidentiality, integrity, and availability of their information.

ISO 27002 is a code of practice for information security management. It provides guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. ISO 27002 offers a comprehensive set of controls and best practices for information security, which can be used to support the implementation of an ISMS in accordance with ISO 27001.

In practice, the two standards are complementary and often used together. If used in conjunction, they can help an organisation to develop a more robust information security program.

How Can An ISO27001 or ISO27002 Implementation Run More Smoothly?

While there is no playbook that can apply in every scenario, the following principles can be adapted to the specific needs of your business in any ISO implementation.

Assign roles and responsibilities: Clearly define the roles and responsibilities of individuals involved in the implementation process. This includes, at a minimum, a project manager to co-ordinate the implementation.
Conduct a risk assessment: Conducting a risk assessment is essential to determine the potential threats and vulnerabilities that they may face in changing pre-existing processes to put in place the new standard.
Develop policies and procedures: Develop specific policies, procedures and a robust information security management system (ISMS).
Rollout: Conduct regular employee training and awareness programs to ensure that employees are aware of any changes to existing ways of doing things and address those concerns.
Monitor, review improve: Regular monitoring and review of the implementation process is essential to ensure that the standard is being effectively implemented and that any issues are identified and addressed in a timely manner.

Key Takeaway

The ISO standards are internationally recognised and rigorous. As a result, they can confer additional trust and relationship benefits to your business. If you’d like to talk about how you can work towards implementing ISO in your business, CyberUnlocked can help. We are certified ISO Lead Auditors with extensive experience in ISO 27001 and ISO 27002 readiness and implementation of ISMS in preparation for ISO certifications.

Still Using Norton or McAfee? Here's Why You Need to Upgrade Your Cyber Security

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Mon, 24 Apr 2023 06:46:54 GMT

Brand names matter. If your first car was a slightly busted up Toyota sedan or a compact but zippy Mazda, chances are that somewhere down the line, you’ll gravitate back to those brands when upgrading.

It’s exactly the same with cyber security. Running a business is complex and constantly changing. So when our renewals come up, our brains seek to simplify the noise of the dozens of options at our fingertips. And they do this by leading us towards options that we are familiar with already.

Norton and McAfee are well-known brand names in the cyber security space. But this article is going to take you through why relying on those old, familiar names might leave your businesses vulnerable today.

A Rapidly Changing Tactical Landscape

In 1939, Europe was preparing for War. France and Germany shared a huge land border, and were going to be on opposing sides. But France had spent the past decade preparing. It had prepared a vast interconnected array of forts and defences, reinforced with barbed wire, bunkers, heavy artillery and machine guns. And they all pointed in one direction: Germany. The French had taken the lessons of the previous war and prepared well.

But they were the wrong lessons, from the wrong time. When World War 2 broke out, France fell to the invading Germans stunningly quickly. How did the attackers overcome the entrenched defences? They didn’t.

Three new technologies rendered those defences redundant: planes, tanks and mechanised infantry. The Germans used surprise and speed. And they simply went around the outdated defences that had been prepared.

So, why are we talking about this? It’s to demonstrate a little fact: technological changes drive big changes to how effective certain kinds of defences are.

Norton and McAfee rose to prominence in a different era of the internet. The sophistication of online hacking attempts, organisations, and threat vectors have evolved a very long way since that time. And it is arguable that those two providers have not fully evolved with them.

The Limitations of The Legacy Providers

Traditional anti-virus software is designed to first detect and then block known threats such as viruses and malware that can disrupt the operations of your business. Unfortunately, the effectiveness of these solutions has declined as cyber criminals have become more sophisticated in their attacks. Those antivirus measures can be thought of as well-known ‘fixed’ defences. The downside of fixed defences that have existed for many years is that potential attackers have a long time to plan how to work around those defences. It’s why many cyber threats today are specifically designed to bypass traditional anti-virus software, making it easier for attackers to gain access to your systems undetected.

The Importance of ‘Next Generation’ Threat Detection

If you were trying to defend the airspace of a nation today, the World War 2 era Spitfires and Hurricanes made famous in many movies and TV shows wouldn’t be up to the job. The 3rd and 4th generation planes that are available today are orders of magnitude more sophisticated and would run rings around those earlier models.

That example helps illustrate why ‘next generation’ endpoint detection and response are crucial for your small business. The technologies used are far superior to traditional anti-virus software like Norton and McAfee.

For example, today's solutions use artificial intelligence and machine learning algorithms to analyse vast troves of data and detect threats that traditional anti-virus software would miss.

Responding in Real Time

The flow-on effect of that continual learning and adaptation process of modern cyber defences is that it allows your defences and your organisation to respond in real-time, rather than having to wait to find out that your systems have been breached.

This is particularly important when you have an intruder that spends significant time inside your systems undetected. This time can be used to harvest sensitive data, better understand your defences and to plant malware inside your systems that is harder to eradicate. All of those things lend weight to the demands the hacker would make down the track, as they have more material with which to hit you with.

Transitioning to A More Effective Solution

We’re not hear to disparage Norton or McAfee, or to make anyone who is using their products within their business feel like they have done the wrong thing. But the fact is that there are more complete, more effective solutions out there that are more appropriate to today’s cyber environment.

If you’d like to talk about securing your digital assets and transitioning to one of these options, CyberUnlocked can help. We are experienced in cyber audits and implementation, and can guide your business through the change so that you emerge with upgraded cyber defences.

How Cyber Security Assessments Can Save Your Business From a Data Breach

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Fri, 14 Apr 2023 10:50:00 GMT

Running a business is much like driving a car. There are the daily tasks that demand immediate attention, such as keeping your eyes on the road and navigating unexpected obstacles. It's the "in-the-moment" management that we prioritise, much like checking emails, handling customer inquiries, and managing day-to-day operations.

But there's also the "longer-range" aspect of business management, similar to maintaining a car. It involves tasks that may not need attention as frequently but are essential for the long-term health and sustainability of the business. Just as rotating tires, preventative maintenance, and regular servicing are critical for a car's performance, assessing and maintaining a business's cyber security is crucial for protecting sensitive data and mitigating potential cyber threats.

Similar to a car that hasn't been serviced is more likely to break down, a business that hasn't been assessed for cyber security risks is more likely to suffer a data breach. In this article, we'll explore how cyber security assessments can help your business identify and address vulnerabilities before they lead to a breach, and ultimately save you from costly and damaging consequences.

Avoiding Accidents

As you might have seen first-hand from reading the news in recent months, a data breach can have severe consequences for businesses, ranging from financial losses to reputational damage. For smaller and medium sized business, in the worst cases, a business may even be forced to shut down.

Financial losses can quickly mount up from having to pay legal fees, fines, and compensation to affected parties. Those costs can escalate over time as the consequences of any breach become better understood and litigation is filed.

The cost of restoring the damage to IT systems and infrastructure can also be significant. The damage to reputation can be long-lasting and may result in a loss of trust from customers and partners. This can impact a business's ability to secure new customers or partners in the future, as well as cause a decline in revenue at the same time as costs are increasing.

Preventative Maintenance

That’s why at CyberUnlocked we compare the idea of having regular cyber security checks as similar to a ‘service’ and preventative maintenance check for your business. Some of the benefits that our clients see from this approach include:

Identifying vulnerabilities: Cyber security assessments can help identify vulnerabilities in a business's IT infrastructure, software applications, and network. This allows businesses to act and fix these vulnerabilities before they can be exploited by attackers.
Compliance requirements: Depending on the industry and regulatory requirements, businesses may be required to have regular cyber security assessments as part of their compliance obligations.
Risk mitigation: Regular cyber security assessments can help businesses identify and mitigate risks associated with data breaches.
Improved security awareness: Cyber security assessments can help improve the security awareness of employees and stakeholders, which can lead to a more security-conscious culture within the business.
Prevention, not cure: Early detection of security vulnerabilities and risks can prevent costly data breaches from occurring in the first place.

Conducting a Cyber Security Assessment: Step by Step

While the needs of each business will vary depending on the industry they operate in and their size, the following is an outline for a framework that can be applied when conducting your cyber security assessment.

Define scope and objectives: Determine what assets and systems will be assessed and the objectives of the assessment.
Identify and evaluate threats, vulnerabilities, and security controls: Identify potential threats and vulnerabilities that could compromise the confidentiality, integrity, and access to the assets and systems that you use to run your business. Evaluate the effectiveness of the current security controls that you have in place and determine if there are any gaps.
Analyse and prioritize risks: Determine risk levels and develop recommendations based on the level of risk they address and the resources required to implement them.
Develop and implement an action plan: Create a plan with timelines and responsibilities, and execute the recommendations.
Monitor and maintain: Regularly review and test the security controls to ensure they remain effective and to identify any new threats or vulnerabilities that may have emerged.

It's important to note that the specific steps involved in a cyber security assessment can vary depending on the organization's size, industry, and specific needs. It's recommended to work with a qualified cyber security professional to conduct an assessment tailored to your business.

Ready to Book in For A Service?

If you are interested in knowing more about what’s involved in conducting this crucial preventative maintenance for your cyber security so that you can keep your business ‘on the road’ and in great working order, we would love to speak with you about your needs.

At CyberUnlocked we are experienced, friendly cyber security professionals with a track record of partnering with businesses of all sizes to provide practical, actionable security advice.

What Does ChatGPT Mean for the Future of Cyber Security?

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Tue, 04 Apr 2023 23:12:33 GMT

Every time a new technology emerges people can be relied on to do a few things. Marvel at the exciting new applications. Get excited about what it could mean for them and how it could benefit them. And, without fail, worry about how ‘bad actors’ could exploit it for their own gain.

The recent emergence of ChatGPT and other AI tools is no different.

This article provides an overview of what ChatGPT is, and how its rapid rise and adoption might affect the future of cyber security.

So, What is ChatGPT?

ChatGPT is a tool created by a company from the United States called ‘OpenAI’. In the name ‘AI’ stands for ‘artificial intelligence’.

ChatGPT is what’s called a large language model. It uses deep learning to generate human-like responses to text-based prompts. It has been trained on enormous tracts of data from the internet and can generate responses that are often difficult to distinguish from those of a human.

The key thing that makes ChatGPT different to existing tools is its ability to absorb new information and improve its performance over time. In a word its ability to ‘learn’. All AI and machine learning models are computer programs that can learn from data and improve their performance over time without being explicitly programmed. They use statistical techniques to recognise patterns and make predictions based on those patterns. ChatGPT is just one example, however, one that has become popular because the service is available to anyone via the OpenAI website.

Are cyber criminals using ChatGPT?

Reports indicate that cyber criminals are already leveraging ChatGPT's impeccable spelling and grammar to craft phishing emails with increased sophistication. Europol recently released an advisory report identifying potential problems stemming from the rise of AI chatbots, including fraud, social engineering, disinformation, and cybercrime. The ability of AI systems to guide criminals through contextual questions makes it easier for malicious actors to understand and execute various types of criminal activities.

How could ChatGPT improve cyber security?

Because it is a language model, ChatGPT isn’t a cyber security tool in a direct sense. However, AI and machine learning technologies are being increasingly used in cyber security to help detect and respond to threats. These technologies can analyse large amounts of data and identify patterns that might not be visible to humans. They learn to recognise patterns of behaviour that are indicative of attacks and can identify new and emerging threats that may not have been seen before because of the limitations of the experience of the team or person responding to a new threat.

Drawbacks and Pitfalls

Any new tool comes with potential downsides and risks to be mitigated. It’s no different for ChatGPT and its application to cyber security. Some of these include:

False positives and false negatives: AI models can sometimes produce false positives (flagging something as a threat when it isn't) or false negatives (failing to detect a threat that is present). This can lead to wasted resources on false alarms. The more serious consequence is when a false negative results in a system overlooking a real threat.
Bias in training data: models like ChatGPT rely on large amounts of training data to learn and make predictions. If this data is biased or incomplete, it can lead to biased or inaccurate predictions. For example, if a cyber security model is trained on data that is predominantly from a particular geographical region, it may not perform well when applied to assess threats to a business that is operating in a different location.
Adversarial attacks: Defence and attacking tools evolve together. As attackers learn to use techniques such as data poisoning or adversarial examples to trick AI models into making incorrect predictions, the effectiveness of AI-generated defensive options may shift. This can potentially render the model less useful, and require updates and patches to maintain performance.

The Best Practice Approach

As a business owner or executive, it might not surprise you to learn that the best practice approach to using this new tool is like any other: integrate it with existing approaches and test and learn as time goes on to ensure that you are getting the outcomes you need.

CyberUnlocked is at the forefront of providing advice to Australian businesses about their cyber security and is proactive about assessing new tools and approaches that can save our clients time and money so that they can continue to run their operations with an effective cyber security defence system running in the background. If you’d like to talk about your specific needs, we’d love to have a conversation about how we can help you.

The Business Owner’s Guide to Ransomware: To Pay or Not to Pay?

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Thu, 23 Mar 2023 09:22:45 GMT

No one ever wants to be in a position where they have to pay a ransom. But the data and high profile examples from Australia in the last 12 months clearly show that businesses of all sizes are being targeted by cyber criminals.

When this happens, valuable data can be stolen or business systems encrypted with users locked out. In both instances the hacker might offer a simple solution: pay this ransom to me and I will delete your sensitive data from my possession or unlock your systems.

The question is, should you pay? That’s what this article is here to cover.

The dilemma for businesses

Businesses that fall victim to ransomware attacks face a difficult decision: pay the ransom and hope the attacker follows through on their promise to provide the decryption key, or refuse to pay. Refusing to pay can have serious consequences.

If you permanently lost access to all, or even half of your data including your contacts, bank details, invoices and records of payments, what would that do to you? This dilemma is compounded by the fact that there is huge uncertainty when any payment is made. It’s typically made in cryptocurrency or a cash transfer offshore. So no guarantee that paying the ransom will actually result in the safe return of the encrypted data, and it may even encourage further attacks in the future.

The “for” case – why should you pay a ransom?

Some arguments in favour of paying the ransom include:

Recovering critical data: Paying the ransom may be the only way to regain access to important data or systems that are necessary for the functioning of the business. This is a basic cost-benefit analysis: is the cost to you of not paying greater than the cost of paying the ransom?
Avoiding negative consequences: Ransomware attacks can result in significant financial and reputational damage to a business, or to the business' customers. Paying the ransom may be seen as a way to avoid or mitigate these negative consequences.
Faster recovery: In some cases, paying the ransom may result in a faster and more complete recovery of data and systems than attempting to restore from backups or other means.

Some high-profile examples of companies that paid ransoms include:

Colonial Pipeline: In May 2021, the US pipeline operator paid a ransom of USD 4.4 million to the DarkSide ransomware gang after a cyberattack shut down its operations.
JBS Foods: In June 2021, the Brazilian meatpacking company paid a USD 11 million ransom to the REvil ransomware group after it was hit by a cyberattack.
University of California San Francisco (UCSF): In June 2020, UCSF paid a ransom of USD 1.14 million after a ransomware attack on its medical school servers.

It's important to note, however, that there are also strong arguments against paying the ransom, which we will explore in the next question.

The “against” case – why should you not pay a ransom?

Similarly, there are compelling arguments against paying any ransom. These can be divided into concerns that affect the individual business and those that might have wider consequences too.

Individual concerns

No guarantee of recovery: As we noted above there is no guarantee that paying the ransom will result in the decryption of your data. In fact, some victims have reported paying the ransom and still not receiving the decryption key or having their data restored. Or in an even more frustrating scenario, the initial payment has just triggered a new ransom demand, or only a part decryption.
Damage to reputation: Paying the ransom can damage an organisation's reputation, as it may be seen as a sign of weakness or lack of preparedness. Customers and partners may lose trust in the organisation's ability to protect their data and may be hesitant to continue doing business with them.
Cost: Paying the ransom can be expensive, especially for small and medium-sized businesses that may not have the financial resources to pay large sums of money. Even if the ransom is paid, the cost of restoring systems and data can be significant.

Broader concerns

Funding criminal activities: Paying the ransom supports criminal activities and may encourage further attacks. It is possible that the ransom paid to the attacker may be used to finance other illegal activities such as organised crime, people smuggling and money laundering.
Legal and ethical concerns: Paying a ransom may violate laws, regulations, or the ethical standards expected of your business.
Supporting the development of more advanced ransomware: If you think of ransomware and hacking as an ‘industry’ then paying a ransom may incentivise attackers to develop more advanced ransomware, since the ‘profit pool’ from their criminal activity grows with every ransom payment.

Some high-profile examples where ransoms were not paid include:

Optus: Optus experienced a major cyber attack in September 2022, where sensitive customer data was accessed by hackers. Optus did not pay the ransom and it is believed that the attack was aimed at extracting data for other fraudulent activities.
Medibank: In October 2022, Medibank confirmed that all of its 9.7 million customers’ data had been stolen by cyber attackers, including dates of birth, phone numbers, email addresses, and health claims. Medibank refused to pay the ransom demands, following which the cyber criminals published the full 5GB dataset online.

Does Australia have any legislation covering ransomware payments?

Despite the Australian government's recommendation against paying ransoms to cyber criminals like those who targeted Optus and Medibank, many companies choose to ignore this advice and pay up. Notably, as of March 2023, there are no laws prohibiting this practice, leaving businesses to weigh the risks and benefits of paying a ransom.

While there is no clear data in Australia covering ransomware payments, a report by cyber security firm Kaspersky reveals that an alarming 80% of businesses worldwide that suffered from ransomware attacks, ended up complying with the demands. What's even more concerning is that almost 90% of businesses that have already been targeted would pay the ransom again.

How an incident response plan can help

An incident response plan is a pre-planned blueprint for what you will do as a business in the event of a ransomware attack. It’s meant to be a comprehensive plan that outlines how to respond to a range of scenarios. The value of this approach is that it provides a structured approach to dealing with the situation. And perhaps most importantly, it is prepared before any such event takes place, so that decision making is not influenced by heightened emotions like fear, anger and frustration.

An incident response plan should include a clear process for assessing the situation and deciding on whether to pay the ransom or not. It should also include steps for isolating and containing the infection to prevent further damage, identifying the extent of the attack, and restoring systems and data. To comply with local rules and regulations, it should also include relevant organisations and contact details for the agencies (government and industry) that need to be notified when an event like this occurs.

Key takeaways

If you’d like to discuss your current levels of cyber defence, your options if you get hacked, as well as your reporting responsibilities or want some help putting an incident response plan in place, CyberUnlocked can help. We are experienced, local and provide tailored solutions based on your size, industry and needs.

5 Ways Hackers Are Exploiting Our Mental Shortcuts

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Fri, 17 Mar 2023 22:44:33 GMT

Every person reading this will be different from the next person in some way. Age, sex and cultural background are some easy ways to segment us. Or if we look to professional characteristics, the industry we operate in, the type of customer we serve or our organisational size might differentiate us.

But we’re all human. And that common thread means we share a lot of the same mental shortcuts and biases. And that shared trait is what effective hackers seek to exploit.

That’s why this blog will look at 5 of those shortcuts. Because once we know what those ‘angles of attack’ look like, we can cut them off.

What are mental shortcuts?

Mental shortcuts, (also called ‘heuristics’), are mental tools that we all use. They allow us to make decisions quickly and efficiently based on limited information. Behavioural biases are patterns of behaviour that we engage in without thinking that can influence decision-making. Often, these are reflexive and of no real consequences (whether we stir our tea clockwise or counter-clockwise or which shoe we put on first). But sometimes, these automatic patterns and shortcuts can lead to suboptimal choices

Mental shortcut one: habit

This is possibly the most common and easily identified shortcut. Habits can be beneficial in terms of improving efficiency and productivity, but they can also pose a risk to cyber security if they are not appropriately managed.

For example, an employee who habitually uses weak or repeated passwords for convenience may compromise the security of their accounts and the business as a whole. A habit of clicking on links or opening attachments can lead to malware infections and other cyber threats.

Mental shortcut two: halo effect

The halo effect is a shortcut that can impact cyber security by co-opting our beliefs regarding trust and reliability. It occurs when an individual's positive qualities in one area influence judgments about their abilities or attributes in other areas, even when there is no direct correlation between the two.

For cyber security the halo effect can lead employees to assume that certain websites or individuals are trustworthy based on their positive reputation or authority. For example, an employee may assume that an email claiming to be from a trusted source is legitimate simply because of the source's reputation, even if the content of the email raises red flags. This can occur if the trusted sender has themselves been hacked, and emails sent using their mailing address or if a ‘lookalike’ account has been set up to mimic a trusted sender.

Mental shortcut three: recency effect

The recency effect is a mental shortcut that means that we give more weight to the most recent information received. This can impact cyber security by causing individuals to focus too heavily on the most recent cyber threats, instead of taking a comprehensive approach to security.

For example, if a company experiences a recent phishing attack, employees may become hyper-focused on avoiding similar attacks in the future. However, this may lead them to overlook other potential threats such as having vulnerable systems or insider threats.

Mental shortcut four: authority bias

Authority bias is a mental shortcut similar to the halo effect. For example, an attacker may use social engineering techniques to impersonate a high-level executive or IT specialist in an email. Once that initial relationship is established, a hacker may escalate the conversation by asking an employee to provide sensitive information or download malware that is typically disguised as a legitimate request such as a request from an IT specialist to download a software patch or update. The employee may comply due to the perceived authority of the sender, even if the request violates security protocols.

Mental shortcut five: optimism bias

Another bias is the "optimism bias", which is the tendency to overestimate the likelihood of positive outcomes and underestimate the likelihood of negative ones. This can lead employees to take risks or overlook potential security threats because they assume that everything will turn out okay in the end.

Key takeaways

This might seem like a daunting list of threats to protect against, but the truth is that it is completely possible to train employees to spot, report and defend against any of these biases. Explicit instructions, examples and simulations as part of a broader security awareness training program can achieve this goal.

If you’d like a comprehensive assessment of your current security protocols and training materials or are interested in initiating cyber security training for your employees, CyberUnlocked has the experience, skills and track record with businesses like yours to help with those needs.

Why SPF is Not Enough to Protect Your Domain

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Sun, 12 Mar 2023 20:52:48 GMT

You might already know that ‘SPF’ means protection, but chances are that you’re thinking of sun protection and sunscreen! The term SPF is also highly relevant to you and your digital communications, and how you can protect them.

Before getting into SPF, we have to understand email authentication. Email authentication is a set of protocols and standards that are used by service providers to verify the identity of the sender of an email. There are three key protocols here:

Sender Policy Framework (SPF): acts like an envelope that identifies which servers are allowed to send emails on behalf of your domain.
DomainKeys Identified Mail (DKIM): adds a digital signature to the email to verify that it came from a trusted source and that its contents have not been tampered with.
Domain-based Message Authentication, Reporting and Conformance (DMARC): provides a confirmation service to ensure that the email arrived at its intended destination unaltered.

In this article we deep dive in to SPF, DKIM and DMARC as it relates to your cyber security, emails and communications.

Why is email authentication important?

As with most things related to cyber security, prevention is cheaper and simpler than a cure. And implementing email authentication is important for businesses like yours because it helps to prevent email fraud and phishing attacks before they can even get in a position to threaten your systems and data.

By verifying the identity of the sender, email authentication can help to ensure that emails are not tampered with, and can help to prevent malicious emails from reaching company inboxes in the first place.

In addition to preventing fraud and phishing attacks, implementing email authentication can also help to ensure your outbound emails land in the inboxes of the intended recipients. This occurs because by establishing a trusted identity, businesses can improve their email reputation and reduce the likelihood that their emails will be marked as spam or blocked by email filters.

What is SPF and how does it work?

As we touched on earlier, Sender Policy Framework (SPF) is an email authentication protocol. It means that email recipients can verify that the sender of an email is authorised to send messages on behalf of a particular domain. SPF works by allowing domain owners to publish a list of IP addresses that are authorised to send emails on behalf of their domain.

It’s somewhat similar to being able to see the phone number of an incoming call on your phone. If it’s a local area code at the beginning, you are more likely to accept the call. However, if the numbers indicate that the call is coming from Romania or Peru (and you don’t have family or friends there!) you might not pick up. SPF does this filtering process for email automatically, only allowing trusted IP addresses associated with certain domains through.

If the IP address is authorised, the email is delivered as usual. If the IP address is not authorised, the email may be marked as spam or rejected altogether. As a result, SPF is an effective way to prevent email fraud and phishing attacks, as it makes it more difficult for attackers to spoof the sender of an email.

What are the limitations of SPF?

SPF is a useful tool for authenticating emails and reducing spam and phishing but it does have some limitations that businesses should be aware of.

The first limitation of SPF is that it only checks the envelope sender and not the message contents. This means that SPF cannot verify the authenticity of the message itself or the message headers, such as the From or Reply-To fields. As a result, SPF alone may not be enough to protect against all types of email fraud and phishing attacks.

A second limitation of SPF is that it can be bypassed by attackers who use email spoofing techniques. This involves digitally ‘forging’ the ‘From’ or ‘Reply-To’ fields of an email. In these cases, the attacker may use a legitimate domain that has published an SPF record, but the email is still fraudulent because it was not sent by an authorised sender. SPF alone cannot prevent these types of attacks. To address these weak spots, an additional email authentication tool like DKIM needs to be used.

What is DKIM and what are the benefits of DKIM?

DKIM, which stands for Domain Keys Identified Mail, is an email authentication protocol that helps to verify the authenticity of an email message. It works by allowing the receiver to check that the message was sent by a trusted sender and that the message contents have not been tampered with during transmission.

DKIM works by adding a digital signature to the header of the email message using a private key that is owned and controlled by the domain owner. The email server of the recipient then accesses a second ‘key’ so that it can verify the embedded digital signature and authenticate the message.

When an email message arrives at the recipient's mail server, the server uses the second key to verify the signature in the email header. If the signature is valid, this indicates that the email was not tampered with during transmission and that it was sent by a trusted sender.

Benefits to implementing DKIM include:

Improved Reputation: Implementing DKIM can also help businesses improve their email reputation, which can have a positive impact on email deliverability and response rates.
Increased Deliverability: DKIM can help improve email deliverability by ensuring that emails are not flagged as spam or rejected by receiving mail servers. Because DKIM provides a digital signature that verifies the authenticity of the email, receiving mail servers are more likely to trust the message and allow it to be delivered to the recipient's inbox.
Reduced Phishing: DKIM can help reduce the risk of phishing attacks by helping to prevent cyber criminals from spoofing email addresses and impersonating legitimate senders, which is a common tactic used in phishing attacks.

Many layers of protection

If it’s a really cold day and you’re going to be spending time outdoors, you’re unlikely to just grab a jumper. You’ll probably want to get a decent base layer (thermals), thick socks and even a beanie to go with that jumper. Multiple layers of complementary tools help to give a broader level of protection. It’s the same with these email protection tools.

DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol that is designed to give domain owners control over how their email messages are handled by receiving mail servers.

Like those cold weather layers, DMARC builds on top of SPF and DKIM to provide an additional layer of protection against email-based attacks such as phishing and email spoofing.

Key takeaways

We all use email every day, but not many of us think too hard about the layers of protection that are embedded into that system. And because we don’t think about them, it’s all too easy to have sub-optimal (or totally missing) settings that make us more susceptible to attack from malicious hackers and criminals.

If you’d like a comprehensive assessment of your email security protocols or any other part of your digital infrastructure, CyberUnlocked has the experience and track record with businesses like yours to help with those needs.

The Importance of Women in Cyber Security: International Women’s Day 2023

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Mon, 06 Mar 2023 23:25:27 GMT

As we celebrate International Women's Day, it is important to acknowledge that the field of cyber security, like most information technology fields, could still benefit from more women in key roles.

As a business owner in the field, a cyber security professional and a woman, I've got some first-hand experience of the imbalances in the sector more broadly. Women are underrepresented and this is an imbalance that can and should be corrected. Why? Because it has tangible benefits. Having diverse perspectives is critical in the cyber security industry as it helps organisations to identify and mitigate different types of risks.

Countless academic and research studies have proven a key fact beyond doubt: diverse teams perform better.

In this blog, I'll explore the importance of increasing the representation of women in the cyber security industry and the benefits that come with having a diverse workforce.

The Current State of Gender Diversity in Cyber Security

Historically, the IT industry has been a male-dominated field, and this trend has carried over to the cyber security industry as well. Statistics from the United States suggest that women only make up 26% of the IT workforce. As cyber security goes hand in hand, it’s reasonable to assume those numbers are very similar in our field.

There are several factors that have contributed to this disparity, including a lack of female role models, subtle gender biases in hiring and promotion practices, and policies and programs that could be tailored better to attract talented women.

And when it comes to the cyber security industry specifically, women face several challenges. These include a lack of access to peer mentorship and networking opportunities because of the fact that they are likely to be a minority in any organisation they join. The cyber security industry has a reputation for being a male-dominated profession, which can also be a factor that discourages participation from some women who are interested in pursuing a career in the field.

Another factor is the perception that technical roles require advanced degrees in math, computer science or engineering, which are degrees that have traditionally been male-dominated. This perception can discourage women from pursuing technical careers, even if they have the necessary skills and aptitude.

However, there is evidence that these perceptions are changing in the younger generation. 46% of advanced math test takers at the high school level in 2021 were girls. The number was lower when it came to computer science, at 30%, but that figure has trended up in recent years.

But here's a secret you don't need to be great at maths or do computer science to work in cyber security! Cyber security roles are vast, and individuals with non-technical backgrounds can and do transition into cyber security. Security awareness programs need an understanding of organisational culture and soft skills. These skills are often superior in female employees. What's more mitigating cyber risk is a large aspect of security practices, previous experience with governance, risk, psychology or legal is invaluable in understanding a hacker's rationale and defending against cyber incidents.

The Benefits of Women in Cyber Security

Increasing the representation of women in the cyber security industry has several benefits for organisations. Here are some that I’ve observed:

Diverse perspectives: Women bring different experiences and perspectives to the table, which can lead to more innovative solutions to complex problems. This can help to identify and mitigate different types of risks, improving overall cyber security.
Improved problem-solving skills: Dozens of studies have shown empirically that diverse teams tend to be better at problem-solving than homogenous teams. Why does this occur though? It’s theorised that individuals with different backgrounds and experiences can approach problems from different angles, leading to more creative and effective solutions as those perspectives combine.
Enhanced innovation: Similarly, when teams are diverse, they are more likely to come up with innovative ideas to tackle current challenges and even anticipate future threats, which is crucial to cyber security.
Improved company culture: By promoting diversity in the workforce, organisations can create a more positive and welcoming work environment. This can lead to higher employee satisfaction and retention rates, as well as improved brand reputation. In turn, this can help attract high performers and positive contributors to company culture, which begins a positive feedback loop.

The Solutions: Attracting More Talented Women to the Field

I’ve always preferred a solutions-focused mindset. So, from my experience, and from talking to many others in the field, here are some of my thoughts on how to improve the number of talented women who choose cyber security as a career:

Mentorship programs: continue establishing mentorship programs that pair women in cyber security with more experienced professionals in the field. I'm honoured to be a mentor for the AWSN's Women in Security Mentoring Program, the program is in partnership with the Australian Signals Directorate (ASD).
Networking opportunities: cyber security firms, universities, TAFEs, and peak bodies can host networking events that bring together women in cyber security to connect, share best practices, and build relationships.
STEM programs: the more girls that enrol in STEM programs at school the better. We need to start young and make sure girls are empowered to learn more about science, technology, engineering, and maths. Females can change the world.
Traineeship programs: you are never too old to change your career. Traineeship programs are designed to bring existing knowledge and are looking to retrain in security. We need to encourage more women to join us and businesses to sponsor these programs.
Inclusive hiring and promotion practices: businesses should work to eliminate any explicit and implicit gender biases in their hiring and promotions. One bias that needs to stop now relates to women leaving the workforce to start families, that woman is now an expert multitasker; move on. Also, a practical way to vet candidates without incurring any additional cost is by using blinded resume reviews so that candidates are assessed solely on their merits.

Key Takeaways

I firmly believe that by attracting and retaining more women to the fast-growing and exciting field of cyber security, businesses of all kinds will benefit from diverse perspectives, innovative solutions, and improved problem-solving skills.

By continuing to invest in mentorship programs, networking opportunities, STEM programs, traineeship programs, and inclusive hiring and promotion practices we can help to ensure that women who choose a career in this exciting and growing field have the support and resources they need to succeed in cyber security.

If you are interested in hearing more on women in cyber security, please get in contact and ask for Sarah.

What are the Cyber Security Requirements for my Industry?

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Tue, 28 Feb 2023 08:39:01 GMT

In our previous blog we covered how privacy and data security are governed in Australia and some of the expected upcoming changes.

The Privacy Act is intended to be a legislation that ‘covers the field’ in terms of being applicable to a broad range of organisations and businesses. But in certain industries, more specific regulations and rules may apply. The enforcement of these more specific rules is the responsibility of other regulators, which work alongside the Office of the Australian Information Commissioner (OAIC).

In this blog post we list some of the other Australian cyber security requirements and regulations that are industry specific.

Australian Prudential Regulation Authority's (APRA) Prudential Standard CPS 234

APRA CPS 234 is a standard designed to improve the cyber resilience of APRA-monitored organisations and their response to security breaches. The standard applies to banks, credit unions, life and general insurers, building societies, health insurers, and superannuation entities, which APRA oversees, and requires them to take necessary measures to defend against cyber attacks and other information security incidents.

One of the key objectives of CPS 234 is to reduce the likelihood of security incidents occurring, and the standard emphasises the importance of third-party risk management. All regulated entities have been expected to meet these requirements since July 2019.

Payment Card Industry Data Security Standard (PCI DSS)

The Payment Card Industry Data Security Standard (PCI DSS) is a set of rules that applies to any company that handles credit card information. If you sell products or services to customers and allow them to pay via credit card, then the standard applies to you.

The purpose of PCI DSS is to have a standardised set of rules that govern how customer credit card information should be processed, stored and transmitted. These are designed to reduce credit card fraud. The framework was created in 2004, and it is managed by the PCI Security Standards Council.

Australian Energy Sector Cyber Security Framework (AESCSF)

Energy security and safety have been in the news more in recent years. In response, the AESCSF is a cyber security framework developed specifically for the energy sector in Australia. It provides guidance for organisations operating in the energy sector on how to identify and manage cyber security risks, and to improve their overall cyber security. It applies to industry participants in the electricity and gas sectors that operate in:

generation,
transmission,
distribution,
retail sale,
production, and,
transportation

Defence Industry Security Program (DISP)

The Defence Industry Security Program (DISP) is a security vetting program that supports Australian businesses to meet their security obligations when working on Defence projects, contracts and tenders. Managed by the Defence Industry Security Office, DISP provides security requirements for Defence contracts, access to Defence security advice and support services, helps manage security risks, and provides confidence to Defence and other government entities when procuring goods and services from industry members.

Security of Critical Infrastructure Act 2018

The Security of Critical Infrastructure Act 2018 came into force in July 2018 and was designed to manage the national security risks to Australia’s critical infrastructure. The Act applies to infrastructure assets in the electricity, water, gas and ports sectors. Recently, this legislation has been updated as part of the Security Legislation Amendment (Critical Infrastructure Protection) Act 2022.

The purpose of these recent reforms was to add extra strength to previous frameworks to managing the risks to critical infrastructure. The reforms mainly apply to the responsible entity for critical infrastructure assets. These assets are declared as ‘Systems of National Significance’ by the legislation and are those assets that are essential to the economic stability, national security and social stability of the country.

The Act shifts the responsibility of identifying, preventing and mitigating material risks to those critical assets, to the extent that those actions are reasonably practicable. Consistent with cyber security best practices, there is also regular risk management reviews and updates required, which must be documented in the form of an annual report.

Not every piece of important infrastructure will be a system of national significance as defined in the Act. For most businesses, the primary relevance of this Act will be to be aware that contracting as a service provider with the administrators of such assets might come with additional scrutiny and reporting requirements so that those operators can satisfy their legal obligations.

Key Takeaways

This might be the first time you are hearing of these laws and regulations, so don’t worry if it seems like an overwhelming amount of detail. The law in this space is rapidly evolving to keep up with the changes in our digital world.

To better understand which of these laws apply to your business, and more importantly, to find out what you might need to do to comply with them, feel free to contact CyberUnlocked for timely, up to date advice specific to your business and industry.

How is data privacy governed in Australia?

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Wed, 22 Feb 2023 10:21:41 GMT

Cyber security is important to all businesses. When done correctly, it can mount effective defences to the theft of valuable data, which in turn can protect a business and its people against negative financial, reputational and emotional effects.

But cyber security is increasingly transitioning from being an important but unregulated space, to being a legally mandated requirement. This article is designed to give an overview of how privacy and data security are governed in Australia and some of the expected upcoming changes, so you can understand what your obligations are and where the law is developing.

How is data privacy governed in Australia?

In Australia, data privacy is primarily governed by the Privacy Act 1988, which regulates the handling of personal information by organisations and individuals.

The date in the title of the Act shows that the first version of it pre-dated basically all widespread digital communication and data storage. But amendments have been made through the years in an attempt to make the legislation and its principles more relevant to today’s environment.

Who does the Privacy Act apply to?

The Privacy Act applies to all businesses with revenues over $3million and all Commonwealth government agencies, and covers a wide range of activities including the collection, use, storage and disclosure of personal information.

What are some key features of the Privacy Act?

The Privacy Act includes 13 National Privacy Principles (NPPs) that set out specific obligations for organisations (including businesses) handling personal information. The NPPs cover issues such as the collection of personal information, the use and disclosure of personal information, data security, and the ability of individuals to access and correct their personal information.

What is the enforcement body for the Privacy Act?

Just as the Australian Taxation Office is responsible for administering the Tax Acts, the Office of the Australian Information Commissioner (OAIC) is responsible for enforcing the Privacy Act and providing guidance to users on their obligations under the Privacy Act. The OAIC is also responsible for investigating complaints of breaches of the Privacy Act. It also has the power to take enforcement action, including imposing fines, against organisations that breach the principles of the Privacy Act.

Have there been any big changes in recent years?

The law typically is much slower moving than technology. So despite the widespread use of digital databases and the strong adoption of ecommerce in Australia in the last two decades, it was only in 2018 that a significant law change occurred.

Since February 2018, the Privacy Act has been amended by the Privacy Amendment (Notifiable Data Breaches) Act 2017, which introduced the Notifiable Data Breaches (NDB) scheme. The NDB scheme requires entities covered by the Privacy Act to notify individuals and the OAIC of eligible data breaches. This amendment has increased the importance of data privacy and security for businesses in Australia by imposing a ‘positive obligation to disclose’ on organisations.

A further change occurred in 2022. Data breach fines were increased to either:

• $50 million (for a business, increased from $2.2 million)

• 30% of adjusted quarterly turnover of the company that failed to protect the data, or,

• A penalty based on ‘data monetisation’ by the organisation that is three times the value of the benefit obtained by the misuse of the information.

If you’d like to understand your obligations as a business owner under the Privacy Act and other Australian regulations, or want to be proactive and get your cyber security audited to begin the new year, CyberUnlocked has the experience to assist you get the answers you need.

Does Using Cloud Applications Increase Your Cyber Security Risk?

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Wed, 15 Feb 2023 09:27:02 GMT

Even if you’re not 100% certain how to explain cloud applications, it is likely that you already use them extensively in your business. This blog explains what they are, and how you can protect against any threats that arise from using these incredibly popular business-building applications.

What are cloud applications?

Cloud applications are also known as cloud software or Software-as-a-Service (SaaS) applications, or sometimes just ‘apps’. They are hosted on the internet and not housed ‘physically’ anywhere on your premises. That means that the services are delivered over the internet. Instead of installing software on your own computer or servers, you access the software through a web browser or mobile app. The cloud provider is responsible for maintaining the infrastructure, ensuring availability, and providing technical support.

Some examples of cloud apps widely used by businesses are Microsoft 365 for productivity, HubSpot for marketing and Xero for accounting.

In addition to the well-known apps, it is also becoming popular for companies to develop their own SaaS applications to provide customers with easy access to the company’s software products.

What are the security and privacy concerns of using cloud applications?

The benefits of using cloud-hosted applications are clear. They have slick, modern interfaces, with simple onboarding for new users. Updates are delivered ‘over the air’ via the cloud and require a simple ‘click to accept’ with minimal downtime. And for apps that require payment, pricing is often on a per user basis, which lets the costs rise and fall in line with your usage of these applications, unlike in years gone by when expensive fixed annual licence fees were the norm.

But there are some security and privacy concerns to be aware of. The key ones include:

Data security and privacy: Storing data in the cloud means that the data is stored on servers that are maintained by the cloud provider. This can raise concerns about the security of the data and who has access to it. For a variety of reasons, businesses often need to be sure that the data is protected and that access is strictly limited.
Vendor lock-in: Once a business has started using a cloud application, it can be difficult to switch to a different provider or move the data back in-house. This is known as ‘switching costs’ and is often used by dominant suppliers to raise prices, because they know that the complexity of switching is too great for many to accept.
Reliance on the provider: Because the cloud provider is responsible for maintaining the infrastructure and ensuring availability, to some extent, a business ‘outsources’ the responsibility for maintaining strong data controls and security over the data. This requires a high level of trust in the credentials and people of the service provider organisation.

How does using cloud application security protect my business?

Cloud application security refers to the measures and controls that are put in place to protect data and systems when using cloud-based applications. Some examples of the shape this can take include technical controls such as encryption, access controls, and firewalls. There may also be a set of policies and procedures that govern the use of cloud applications, including checklists of things to check before a particular application is chosen and implemented.

The end goal of cloud application security is to ensure that sensitive data is protected from unauthorised access and that the applications are protected from security threats that can affect operations such as hacking and data breaches.

For businesses, implementing effective cloud application security measures is essential to ensure that sensitive data is protected and that their operations are not disrupted. This may include reviewing contracts with cloud providers, implementing security controls, and regularly monitoring the use of cloud applications to ensure that they are secure and that best practices are being followed. A regular process of reviewing the reviews of cloud applications, even after they have been adopted, can be a proactive way to stay aware of the strengths and weaknesses of your providers.

Who can I contact to audit and improve the security of my cloud applications?

If you are interested in understanding the health of your current cyber security setup, or are concerned that you don’t know enough about it, or just unsure whether you are complying with the relevant requirements for your type of business, a cyber security specialist can help you to audit and understand your systems. CyberUnlocked is a trusted partner of Australian businesses, and our friendly, experienced team is ready to help with your questions.

The 7 Red Flags of a Phishing Email

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Fri, 03 Feb 2023 09:34:41 GMT

We all know that cyber security threats are out there and that we need to be alert for them. But that general advice doesn’t give businesses the practical tips they need to spot attempts to get valuable data and information from employees.

That’s why this blog has seven specific flags you can circulate to all your staff to help them spot phishing attempts.

1. The ‘sender’ line

Most attempts at social engineering rely on using something familiar to lower your defences or build trust. The ‘sender’ line is a good place to start when screening for attempts to steal data. Of course, it would be too simplistic to say ‘never open an email from an unknown sender.’ Ideally, that would be true. But many of us work in jobs where we interact with prospects, potential partners and suppliers who we might not have spoken to before, or who might have taken over from a trusted contact.

That’s why looking closely at the organisation name is a good second line of defence. If you work in a business that regularly receives inbound emails from unknown senders, then examining the second half of any sender address is useful.

Tiny typos in the senders name (e.g. Micorsoft Support) and hyphens or underscores in the name can sometimes give away malicious senders.

2. The ‘to’ line

The other thing worth a close look is who else the communication went to. If there are a lot of other recipients, or the recipients are all strangers to you it could simply be a sloppy attempt at a cold email. But it’s also a decent giveaway of a lazy phishing attempt where the sender has failed to use the ‘BCC’ field to mask other recipients. Another dead giveaway is if the other recipients have similar names or initials to one another, which indicates a hacker simply copy pasted the email addresses from a database.

3. Hyperlinks

We are all conditioned to click on hyperlinks in news stories and social media posts. Phishing attempts take advantage of this split-second reaction to embed malicious links inside emails. Whenever you’re reading an email with a hyperlink start practising ‘the pause’. Hovering your cursor over a hyperlink will reveal where it will take you if you click. Chances are it will be a website that’s designed to install malicious software or to harvest your data by posing as a copy of a reputable website like that of a bank or social media site.

4. Check the date

This is a little less reliable as an indicator of phishing if you often receive emails from contacts in other time zones or have an industry where working odd hours is common. However, for more typical 9-5 jobs and industries an email sent at 2:43 in the morning might indicate that it came from a less than trustworthy source.

5. Check the subject line

If the subject line doesn’t fully match the content of the email, or contains multiple abbreviations like “FW” or “FYI” don’t rush to open it.

6. Be very wary of attachments

Attachments are a huge red flag of phishing emails. Most people are rightly suspicious of attachments from unknown senders. But more sophisticated phishing attempts will compromise a trusted contacts email which lowers the barrier to opening a file with malicious contents.

If in any doubt, follow your cyber security protocols before opening an attachment.

7. Pay close attention to the content

This is where those spelling and grammar lessons from school really pay their dividends. Subtle errors in expression, spelling and grammar can all signal a phishing email.

More obvious attempts to play on emotions are also worth looking out for. This type of social engineering might play to our curiosity (click this link or open this attachment to see something surprising / interesting), our base emotions (“this is scandalous” / “you won’t believe this”) or fear (e.g. by saying there is a compromising or embarrassing photo attached that you need to verify).

Feel free to copy paste the link to this article or the text of it into an email to educate your staff about phishing emails. If you’d like to take the next step and level up your cyber security protocols and even run a (completely secure) phishing simulation contact CyberUnlocked to learn how we can help.

3 tips for Businesses on Data Privacy Day

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Thu, 26 Jan 2023 06:09:46 GMT

What is data privacy day?

Data privacy day is an international effort aimed at boosting the knowledge of the importance of privacy and data. This year, it’s on January 28.

The day is a good prompt as the business year gets into full swing to set aside some time to examine how your data security procedures are currently set up. It’s also the time to ask yourself some honest questions about how secure your business, employee and customer data is, and if it needs some improvement.

Why is data privacy important to businesses?

We all know that data privacy is important to businesses of all sizes. But from our years of working with Australian small and medium sized businesses, we think we’ve pinpointed the most tangible reasons this is the case:

1. Legal Compliance

Legal Compliance - Australia is fairly advanced in terms of the laws and government bodies in place that are there to make sure that businesses protect personal data and inform individuals of how their data is being used. Failure to comply with these laws can result in hefty fines and damage to a company's reputation.
Risk Management - Businesses collect and store large amounts of sensitive data, such as the financial information of customers and copies of personal identification documentation. If this data falls into the wrong hands it can cause significant financial losses.
Competitive Advantage - In today's digital age, businesses that prioritise data privacy are more likely to attract and retain customers who value their privacy. This is especially the case when customer data protection is top of mind for many Australians when choosing their service providers.
Employee Trust - A company's employees expect their employer to protect their personal data. If a company fails to do this, it can lead to loss of trust and morale among employees, and affect future recruiting and retention efforts.
Brand Reputation - Data breaches and mishandling of personal data can lead to significant damage to a company's reputation. It takes a long time and significant effort to win back the trust that is lost when this happens.

What are 3 practical tips for businesses to improve their data privacy?

1. Implementing robust data security measures

This includes implementing technical and organisational measures to protect personal data from unauthorised access, alteration, disclosure or destruction. This can include measures such as encryption, firewalls, intrusion detection systems and regular security audits.

2. Conducting regular risk assessments and audits

It's important for businesses to regularly audit the risks to personal data and take appropriate measures to mitigate those risks. Data Privacy Day is a good annual prompt to do this. Actions you can take include identifying the types of personal data being collected, how the data is being used, who has access to the data, and the potential risks to the data.

3. Providing employee training and education

Ensuring that employees are aware of the company's data privacy policy, procedures and security practices and have the knowledge and skills to implement them. This includes providing training on data protection, privacy, and security and regular reminders of good security practices such as password management, and phishing awareness.

If you’d like to understand your obligations as a business owner under the Privacy Act and other Australian regulations, or want to be proactive and get your cyber security audited to begin the new year, or would like help with implementing a robust employee training program, CyberUnlocked has the experience to assist you get the answers you need.

Do I really need a password manager?

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Fri, 20 Jan 2023 06:23:24 GMT

If you run a small business in Australia, there is no way you could have escaped the numerous hacking events affecting high profile businesses in recent times. It probably won’t be the last time it happens either.

But while it doesn’t grab the headlines in the same way as co-ordinated hacking attempts on the largest companies, the fact is that simple password breaches account for the lion’s share of data breaches.

For you, that means lost time, effort and productivity. All of which costs you money and increases your stress.

While there is no magic bullet to protect against data breaches, good password policies go a long way. And password managers are one of those tools that can help you and your employees reduce this risk, especially if you have multiple unconnected systems and multiple passwords you all need to remember.

What is a password manager?

One of the most important steps you can take to protect your digital assets is to use a strong and unique password for each of your accounts. But remembering all of these passwords can be difficult. And we all have more accounts and passwords than we can effectively can keep track of.

This is where a password manager comes in.

A password manager is a tool that helps you generate, store, and manage all of your passwords in one secure place. These tools use encryption to protect your passwords, and often include features like two-factor authentication to add an extra layer of security.

How do password managers work?

To use a password manager,

You first create a master password that you use to access the password manager.
Next, you can add all of your other passwords to the manager.
Finally, when you need to log in to one of your accounts, you simply open the password manager and copy the password from it.

Is it safe to store all passwords in one place?

You might have spotted the common question with password managers: isn’t having all of these valuable passwords in one spot asking for trouble?

Having a single point of access is arguably vulnerable. But password managers add extra layers of security to a practice that many employees already use which involves putting all of their passwords in one place. This might be on a physical record like a post-it or page in a diary. Or it might be in the ‘notes’ section of their phone or in an email in their ‘drafts’ folder.

Not having a tool like a password manager can also lead to employees using the same password across multiple platforms to minimise the hassle and stress of trying to recall multiple passwords.

Can password managers be hacked?

The short answer is yes. But this is why it's important to use a password manager that offers robust security features.

Most reputable password managers use encryption to protect your passwords, which means that even if someone were to gain access to the password manager, they would not be able to read your passwords without the encryption key. Additionally, many password managers also include two-factor authentication, which requires an additional form of verification (such as a fingerprint or a code sent to your phone) before you can access your passwords.

What key features should I look for when choosing a password manager for my business?

When choosing a password manager for your business, there are several key features you should look for to ensure it meets your needs and provides adequate security for your company's data:

Strong Encryption - Make sure the password manager uses industry-standard encryption algorithms to protect your passwords.
Two-Factor Authentication or 2FA - This adds an extra layer of security by requiring an additional form of verification (such as a fingerprint or a code sent to your phone) before you can access your passwords.
Automatic Backup - In case of data loss, this feature would backup the passwords to a secure location.
Password Sharing - If your business has multiple employees who need access to different accounts, this feature allows you to share passwords securely within your team.
Auditing and Reports - This feature allows you to track password usage, detect suspicious activity, and identify vulnerabilities.
Mobile Support - If your employees need to access their passwords while on the go, it is useful to choose a password manager has mobile apps for both iOS and Android devices.

So, should my employees use a password manager?

If your staff have a lot of accounts and find it difficult to remember all of your passwords, then yes, a password manager is a valuable tool to help you stay secure online.

If you’re not sure about the best option for your business, or about your digital defences in general, then a cyber security audit can be a valuable exercise. CyberUnlocked are specialists in working with Australian businesses to build up their cyber security and put in place defences against the headaches that can come from data breaches so you can stay focussed on your business.

Does my business need a SIEM?

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Thu, 12 Jan 2023 21:43:50 GMT

What is a SIEM?

SIEM stands for Security Information and Event Management and is pronounced ‘Sim’ (like how you would say ‘SIM’ card). The process refers to real-time monitoring of IT security events as they happen and can combine that capability with rapid analysis of those events.

The process side of SIEM refers to actions like tracking and logging security data. This data can be used to explain and analyse suspicious activity after a breach (or suspected breach) has occurred. It can also be used to provide to regulators and third-party security consultants for audit and compliance actions.

Why Do Businesses Need a SIEM?

SIEM is based on a very simple maxim: prevention is better than cure! Just like a fire alarm detects smoke before it can develop into a fire, a strong SIEM system allows potential threats to be detected and neutralised before they can disrupt a business's ‘real world’ operations.

And aligned with the ‘prevention rather than cure’ mentality, a strong SIEM system can also work like a good Doctor. By this, we mean that it can detect a vulnerability before the threat to the health of a business actually emerges, and allow the organisation to put in place mitigation strategies.

How Do SIEM Tools Work?

To run with the example given earlier, SIEM tools work a lot like medical professionals. They collect data and are 24x7 monitored by a Security Operations Centre (SOC) which continuously checks the ‘internal workings’ of an organisation. That can mean logging data about the processes that run behind the scenes on servers and user devices and any public and internal applications used.

That data is then analysed as it comes in, and compared to previous data sets. Rules are set up to help security teams define, and then detect threats. Those threat identification rules then generate alerts.

So, the process is similar to your GP ordering a series of blood tests over time, and then regularly monitoring the results and comparing them to known markers of potential health issues like high cholesterol. Those markers are compared against known ‘healthy’ ranges. A management plan or intervention might be required if a marker is outside a healthy range.

What is the Future of SIEM?

An interesting development of SIEM might be seen in the emergence of Security Orchestration, Automation and Response (SOAR) technology. This extension of SIEM principles is about coordinating security tasks and increasing levels of automation in the ‘respond and execute’ phase.

If a SOAR system is comprehensive it should be able to manage threats and weak spots, respond to security incidents and automate security operations.

The key difference between SIEM and SOAR is the ‘response’ phase. SIEM will alert security analysts of possible issues, but SOAR extends beyond that with the response phase, which can include an automated response to defined or identified threats.

In that way, SOAR is a more proactive system somewhat akin to your bank automatically suspending the use of your credit card if it detects it being used internationally in a situation where you haven’t advised them you’ll be overseas.

Does My Organisation Need A SIEM or SOAR Technology?

If you hold data on your customers and partners, do business online or have significant amounts of business intelligence held on computer systems then the answer is probably ‘yes’. It’s helpful to frame the problem by thinking of how inconvenient and time consuming it would be to get your day to day life back in order if you lost your phone. Our phones contain our contact lists, calendars, photos, apps and their saved passwords. Replacing and restoring access to all of that would be a long, tedious process.

Now scale that level of frustration, disruption and time lost to the full repository of information and intelligence you hold in your business's systems. Cyber security is a rapidly progressing space, because cybercriminals are getting ever more sophisticated, as recent events have shown us.

Preventing that headache in the first place, rather than having to deal with the aftermath, is what having SIEM or SOAR technology in place is all about.

How Do I Get Started?

Daunted? That’s understandable. But you don’t have to be. An experienced, reliable cyber security company like CyberUnlocked partners with businesses to help them understand the level of protection they need, and then gives them the information to choose what would suit their needs the best. If that’s something you’d like to explore or have any questions, we are ready to assist. If your staff have a lot of accounts and find it difficult to remember all of your passwords, then yes, a password manager is a valuable tool to help you stay secure online.

NIST vs Essential 8 vs ISO Compliance: Which Cyber Security Standard is Right for Your Business?

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Fri, 06 Jan 2023 09:16:14 GMT

Compliance standards for cyber security are new territory for many Australian businesses. To help demystify what can be a confusing space, we’ve taken the time to look at three different standards, what benefits they offer and how they might be used by different sized businesses.

ISO27001

ISO 27001 is related to the CIA of information. In this context, CIA refers to an organisation maintaining the Confidentiality, Integrity, and Availability of information that it holds.

ISO 27001 is the recognised global standard for putting in place an Information Security Management System (ISMS) that applies to a whole organisation and the totality of its processes. It’s also a reasonably practical framework because it begins with how to build a strong ISMS, then moves logically to the next steps of implementation and maintenance once the system is in place.

The framework is made up of 14 subdomains that can be grouped into six areas:

Company security policy
Asset management
Physical and environmental security
Access control
Incident management
Regulatory compliance

Essential 8

More often than not, when those who don’t specialise in cyber security think about it, they imagine that implementing a strong cyber defence will mean that there is zero chance that they will suffer a cyber breach. But that’s not the reality. It’s becoming better accepted that cyber security is a lot like physical security: it acts a strong deterrent and mitigates risk, but it isn’t a total guarantee.

That’s why meeting what is recognised as a ‘minimum baseline’ level of protection is important. And Essential 8 is a grouping of mitigation strategies that raises your baseline level of defence and acts like a locked door and dog would in the physical world: it makes your deterrence stronger.

The Essential 8 is published and maintained by the Australian Cyber Security Centre (ACSC), the Australian Government’s lead agency for cyber security.

NIST

The National Institute of Standards and Technology (NIST) is a US Government agency that has been set up to help US businesses and other government agencies lift their standards. The NIST Cybersecurity Framework brings together a range of highly researched and ‘real world tested’ strategies and plans under one umbrella.

The NIST framework is helpful for organisations that are pursuing other certifications from external standards agencies because it puts in place the procedures and processes that a business needs to provide evidence for. These include an audit of the data you hold, the risk assessments you currently have for that data, your current and proposed security controls and ongoing monitoring processes.

What do these standards have in common?

These cyber security standards all have one thing in common: they require organisations to conduct a thorough in-house review of what digital information they currently gather, hold and store, and how they handle, protect and delete it.

Despite the internet, email and ecommerce being part of the business landscape for decades now, many businesses have never sat down and considered these factors.

Engaging with any one of these standards requires that process to begin, and that alone is a valuable feature of any of them.

Where do these standards differ?

The standards differ in some important ways. To begin with, both the NIST Cybersecurity Framework and the Essential 8 are guidance frameworks. They do not come with an external certification. Organisations are free to use the resources published by the NIST and the ACSC as they see fit, but those bodies do not provide validation of those actions. In addition, The NIST framework is prepared for a US audience, which might mean that some of the features in it are less applicable to Australian businesses that do not provide any products or services to international clients.

On the other hand the ISO27001 certification is a global certification that provides an external accreditation. It can be quoted by a business in its dealings if they achieve compliance with those standards after an external audit by an accredited reviewer.

Which should I choose?

Like many business processes, that really depends on the specific features of your organisation. It helps to think of the Essential 8 as a strong starting point and minimum baseline of things to consider. The ISO27001 confers the benefits of a rigorous examination, and can help you stand out from competitors in your field, especially if doing business in a sector where sensitive information is held (e.g. defence, government services, healthcare).

If you are unsure about the best place to start or have questions about any of the standards we’ve outlined here and how they might apply to your business, CyberUnlocked can provide professional, tailored advice from an expert source.

What You Need To Know About The Recent Medibank Cyber Attack

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Fri, 28 Oct 2022 04:14:55 GMT

Last month, Medibank was the victim of a cyber attack that resulted in the personal information of approximately 4 million customers being exposed. Medibank confirmed criminals accessed and took sensitive customer data including healthcare claims information. The breach also affected former customers, with Medibank confirming laws requiring the company to keep data for seven years.

This breach is particularly concerning because it comes just weeks after the Optus cyber attack, in which the personal information of more than 2 million customers was exposed.

The cause of the cyber attack

The cause of the Medibank cyber attack is still under investigation, but it is believed that the criminals used sophisticated methods to gain access to Medibank's systems. On 12 October 2022, Medibank discovered unusual activity on its network. However, it was not until a week later when Medibank received messages from the hacker that included a sample of records for 100 policies that the company realised that the hacker had gained access to its systems obtaining the personal information of customers.

It is reported that the attack was started through the theft of the credentials of a person with high-level access within the company, which was then sold on a Russian cybercriminal forum. These credentials were used to gain access to Medibank's servers where the hacker had free reign for over a week, undetected. The personal information that was accessed includes names, contact details, date of birth, gender and Medicare details.

What Can Businesses Learn from the Medibank Cyber Attack?

Medibank’s head of technology and operations, John Goodall, said that the company had deployed monitoring tools on its network and those tools suggest that the hacker is no longer in the company’s systems.

The Medibank cyber attack serves as a reminder of the importance of proactively monitoring your network for suspicious activity. One of the best ways to monitor your network for risks is by performing regular or continuous vulnerability scans. These scans can help you identify potential vulnerabilities in your systems so that you can take steps to fix them before they're exploited.

How do I Protect Against Such Cyber Attacks?

As a business owner, it's important to be aware of the cyber risks that your business may face. To protect your business, you need to be proactive in testing your cyber risk. Here is how you can do that.

1. Identify Your Assets

The first step in testing your cyber risk is to identify your assets. What information and systems does your business rely on? This includes things like customer data, financial information, and proprietary information. Once you've identified your assets, you need to determine how valuable they are to your business. This will help you prioritise which assets are most at risk in the event of a cyber attack.

2. Understand Your Threats

The next step is to understand the threats that exist and how they could impact your business. There are many different types of cyber attacks, so it's important to familiarise yourself with the most common ones. This includes things like malware, phishing, and Denial of Service (DoS) attacks. Once you understand the threats that exist, you can start to develop a plan to protect your assets.

3. Develop and Implement a Plan

Once you've identified your assets and understood the threats, you need to develop a plan to protect them. Implementing security controls, developing incident response plans, and creating security policies and procedures are all essential to keeping your business safe. These can help to deter potential attackers and limit the damage that can be done if an attack does occur. It's important to make sure that all employees are aware of these policies and procedures and know how to follow them.

By taking these steps, you can reduce the likelihood of a successful cyber attack and minimise the impact if one does occur.

Need to know more?

If you have any questions or would like to learn more about how we can help you with your cyber security needs, please contact CyberUnlocked . We are always happy to chat about ways to keep your business secure from cyber attacks.

5 Essentials About Cyber Security Awareness Training

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Fri, 21 Oct 2022 09:51:54 GMT

Cyber security awareness training. It is not a calendar reminder that is likely to excite your employees. But here is a statistic that is likely to make any business owner reflect: over 33% of data breaches were the result of human error.

That means that one in three hacks, malware attacks and breaches could have been prevented if a single human had made a different decision.

The rest of this blog is about:

The effectiveness of cyber security awareness training,
The benefits it confers, and,
How to implement awareness training to make it work for your business

1. What is cyber security awareness training?

Cyber security awareness training is an umbrella term. It refers to any training program, package or module that helps to educate employees of a business about cyber security risks with the aim of preventing data breaches and successful attacks from occurring via prevention. It can also incorporate ‘post event’ response training in the event that a breach does occur.

2. Does cyber security awareness training work? And how effective is it?

In a word, yes. Hackers and scammers figured out a long time ago that it was easier to get past a human than to bypass sophisticated cyber security algorithms. Put in a blunt way, our people are the weak link in cyber security because they can be tricked, confused, blackmailed or bullied. And all of those negative tactics rely on one thing: a lack of knowledge on the part of the person subject to those efforts.

In that way, security training awareness is a little like the red and yellow flags used at beaches. For those who grew up in Australia, red and yellow flags mean ‘safe to swim’ and lifeguards. But for those from overseas, they may not have any meaning at all. That’s why tourist information stresses the importance of swimming between the flags, and the dangers of not doing so.

Cyber security awareness training turns employees from the ‘unaware tourists’ in the example into informed decision makers. With the new information they learn, they are in a much stronger position to assess potential threats and make better decisions.

3. What should cyber security awareness training include?

At a minimum, cyber security awareness training needs to get employees comfortable with the language of cyber threats. Phishing, malware, trojans and worms are all likely to be unfamiliar terms, but if an employee can understand what a threat is, they are more likely to be able to spot it and respond appropriately before it does any damage.

Case studies that walk people through what is a plausible real-world scenario can also help employees both understand and recall those threat patterns.

A strong cyber security awareness program offered by an industry expert is also worth considering to make sure that the safety message is appropriately designed and communicated.

4. How often should cyber security awareness training be conducted?

In the past, the default option was to have a once a year training package that covered a long list of threats, processes and procedures.

However, a more effective strategy to make cyber security part of the business as usual thinking of employees not a ‘one off’ or ‘tick and flick’ mandatory training package might be to implement shorter duration, higher frequency modules.

These could take as little as 15 – 30 minutes to complete. Scheduling dedicated time in calendars specifically for the purpose of completing the training is a specific, practical way to encourage compliance.

Supplementing these self-paced individual sessions with interactive quizzes or short occasional seminars about the latest threats or scams circulating could also be an option to consider.

And key to all of the above approaches is continual monitoring and measurement of compliance. Given its immense importance, many large organisations simply make cyber security training mandatory for all employees and set deadlines for completion of regular modules. That approach is something that your business could also consider.

5. Implementing a cyber security awareness program

Cyber security awareness programs are a sensible investment that any business can make to strengthen what has been identified in the data as a clear weakness in business security.

CyberUnlocked is experienced in the design and implementation of these programs and can help your company put in place a tailored training program that works for your business and specific needs, and those of your employees.

The Top 5 Benefits of PCI DSS Compliance and How to Ensure It

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Fri, 14 Oct 2022 03:19:08 GMT

Achieving PCI DSS compliance might sound daunting but it’s a valuable tool for fraud prevention and data security. It applies to most businesses and being PCI DSS compliant is basically non-negotiable for many organisations.

The rest of this article is focussed on answering the most common questions business owners and operators have about PCI DSS compliance, including its benefits, costs and consequences for non-compliance.

What is PCI Compliance?

The Payment Card Industry Data Security Standard (PCI DSS) is a framework that can apply to all companies that use credit card information. If you sell products or services to customers and allow them to pay via credit card, then the standard applies to you.

What are the top 5 benefits of PCI DSS compliance?

Getting PCI DSS compliant might seem like a big undertaking. So, you might understandably be asking ‘what is the benefit to my business from doing this?’.

There are five major benefits that that PCI DSS compliant businesses have over those that are not:

Demonstrated security - By having the PCI DSS ‘tick’ you can demonstrate to your suppliers and customers that you have the highest level of payment information security with reference to a long-established and trusted industry standard.
Vigilance - Attempts to steal data and money are not going to go away. PCI DSS compliance is ongoing. That means that it helps you proactively identify and eliminate any weaknesses in your processes. And that means you are less likely to suffer from data theft and losses of your customers most sensitive payment information.
Reputation - Reputation and trust is hard to establish and maintain. Holding an industry recognised compliance certification can signal to your stakeholders that your business is committed to the highest standards.
Time saving - The steps that you take to obtain your PCI DSS compliance can also have benefits for other mandatory and optional certifications that prove your organisational security and efficiency. The processes and procedures you put in place to get this certification can often be used to streamline other applications.
Cost - There are obvious indirect cost savings from proactively preventing the issues that come from data breaches. There are also likely to be direct cost savings for things like insurance premiums that cover financial loss from malicious actions if compliance with independent standards is demonstrated.

Is PCI DSS mandatory?

In practice, yes, the PCI DSS applies to any organisation that acquires, stores or transmits the data held by the holder of a credit card. That means that theoretically, a business that has one transaction from one cardholder for any dollar value is included.

Event through it is not the law in Australia, the way this effectively becomes mandatory is that companies like Visa or Mastercard will include terms in its contracts requiring compliance with the standard to access their card networks.

What if a company is not PCI compliant?

On a practical level, not being PCI compliant will probably mean that you won’t have access to one or more of the major card networks. With Visa and Mastercard issuing the vast majority of all credit and debit cards in Australia that would be a major hindrance to any business.

Non-compliance with the standard can result in the governing body for the PCI DSS fining the bank of the organisation between $5,000 and $100,000 per month. The bank would typically pass on this cost to the offending organisation.

Who regulates PCI DSS?

The framework was created in 2006, and it is managed by the PCI Security Standards Council. That council was created by and is still funded by the major card networks (e.g. Visa, Mastercard and American Express). These founding card networks are also responsible for enforcing compliance with PCI DSS.

How can I get PCI complaint?

PCI DSS compliance is a valuable asset for any business, and also gives you additional benefits when it comes to preventing card fraud that could hinder or harm your business and its relationships.

As information management and cyber security specialists, CyberUnlocked are experts in helping businesses get their processes and data security right to increase their chances of getting their PCI DSS compliance faster, and with less fuss.

Upgrading Cyber Security With Incident Response Playbooks

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Fri, 07 Oct 2022 05:18:47 GMT

Searches for insurance cover reach their highest levels just after a major storm or natural disaster. That’s just how our brains work. We are never more focussed on risk than after we’ve just experienced a negative event.

But when a negative event occurs for a business it can be a great comfort to have a ‘response playbook’ in a drawer or saved in a secure location to pull out and start applying.

The ‘playbook’ approach is used in organisations from natural disaster response, critical surgery and the armed forces. For your business, a playbook that responds to a cyber security incident could help reduce stress, get the business back on its feet faster and retain trust and relationships with trusted suppliers, partners and customers.

In the rest of this article we’ll go through some of the building blocks of having an effective cyber security response playbook.

What is an incident response playbook?

Trigger Event A leads to Action A. At its simplest, that’s all an incident response playbook is. It lays out in detail the response required when a certain event occurs. You’re likely already very familiar with versions of this structured response if you’ve been involved in an emergency evacuation or a practice run for one.

The principle is based on the fact that the correct actions are most likely to be identified before an event occurs, as a result of planning and consulting experts, rather than after an event occurs.

What are the steps in creating an incident response playbook?

There are some key ideas to understand when it comes to building an effective incident response playbook.

Identify the events - The first task is to identify the trigger event or events that will trigger the use of your playbook. For cyber security this could include a malware attack or the loss of business critical data.
Identify your legal obligations - Some businesses have legal requirements imposed on them by regulators and governments in the event of data breaches or hacks. Check all relevant state and federal laws to see which of these apply to you and incorporate them in the next steps. You may also have contractual obligations to service providers to notify them of particular cyber security incidents.
Identify your options - This is akin to a ‘brainstorming’ step. Your job here is to identify all of the possible options you could choose in response to the trigger event or events from step one. This may include actions that you may not believe are likely to be chosen, but this step is all about collating every possible mitigating action in one place for discussion and feedback.
Segment your actions - This step takes the options in step two and narrows them down to the most important. This process requires you to balance between the resources you have and the actions you want to take. There will be some actions that are absolutely non-negotiable and others that are ‘nice to have’ but that may not be cost or time effective. Tag the most important actions as ‘critical actions’ or ‘non-negotiable responses’ to highlight their importance. Take all the remaining options and note them as ‘optional actions’ or ‘secondary actions’ that can be utilised if needed.
End state - This is the end point of your incident response playbook and signifies that all critical actions have been taken and follow up actions completed. A checklist and monitoring and maintenance plan are both useful elements to include to document this step.

What makes a good security response playbook?

A good cyber response playbook is about two things: high quality advance planning and tailoring.

An average cyber response playbook is put together as a ‘check the box’ exercise and is general and generic.

In contrast, a high-quality cyber response playbook is carefully planned and collated. It involves input from all key decision makers in the business including those with responsibility for the data and business functions that might be affected by a cyber security incident. It also might utilise input from industry experts or others with experience in cyber security matters to inform the content.

Tailoring is also critical. Each industry and business has specific requirements. Tailoring also includes regular reviews of the playbook so that reviews are conducted at regular intervals, and to ensure that key contacts are updated regularly including when key staff leave or when key external service providers change.

What are some common incident response playbooks?

A cyber security incident response playbook is an ‘umbrella’ term that can include a range of events. The best quality playbooks contain tailored response plans for the different cyber security events most likely to affect Australian businesses. These include incident response playbooks for:

ransomware and malware attacks
data breaches (accidental and malicious)
phishing
unauthorised access (due to external intrusions and also internal misuse or fraud)

Does my business need a cyber incident response playbook?

Like any emergency plan, an incident response playbook is something that is put in place in the hope it never has to be used. But it’s a simple fact that cyber security is becoming an increasingly common concern for Australian businesses of all sizes and their customers.

Having an incident response playbook in place ensures that if and when a cyber security event happens, its impact on your business, and on the mental stress and wellbeing of all that work on it are minimised as much as possible with access to a clear, structured plan that was prepared well in advance. As cyber security experts, CyberUnlocked can provide you with business-specific advice on setting up an effective, high quality incident response playbook.

Are You Ready for Cyber Security Month in Australia and New Zealand?

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Fri, 30 Sep 2022 09:57:15 GMT

October might be better known for Halloween or noticing the weather warming up as we leave winter behind, but for the cyber security community, it’s important for another reason. That’s because each October is Cyber Security Awareness month in Australia and New Zealand.

What is cyber security month all about?

The aim of the annual cyber security month each October is to educate businesses and their customers about the basics of cyber security. It’s also a good time to highlight new developments and scams that are circulating.

For businesses, it’s a good time to set aside a few hours each week to assess, update and improve your current cyber security practices.

Why does it matter?

According to the Australian Cyber Security Centre, Australians reported a cyber-attack once every 8 minutes last year. And the attacks that are successful cost businesses millions of dollars, not to mention the stress and lost time that comes from trying to fix the problem. That means that it is statistically likely that your cyber security will be tested at some point in the near future, if it hasn’t been already.

And when that test comes, you want your systems and processes to pass with flying colours. Let’s look at some practical ways you can do that.

What are we trying to protect against?

Let’s focus on two common threats that the following actions will help fortify your business against.

The first threat is malware. Malware is a shortened version of the phrase ‘malicious software’. It’s a computer program designed to cause harm by stealing your information, data or money. It might do this by stealing your passwords or identity. There are plenty types of malware, from the viruses you might have heard about to ransomware, trojans and worms.

The second common type of threat is phishing. These are email messages that use psychology and social engineering techniques to trick victims into sharing sensitive information or into installing malware onto an internet connected device.

What are some simple actions you can take today to improve the cyber security of your business?

The simplest thing you can do for your business is to keep your software and operating systems updated. Software is made up of millions of lines of code. Occasionally, that code leaves a ‘weak point’ for hackers to exploit. But software providers work hard to ‘patch’ these weak points. They roll out these fixes by providing updates to users of their software. These updates can be regular or periodic, and attempt to block off known security vulnerabilities. A system administrator should update all company machines and devices at least once a week if not on demand when patches are available.
Enabling multi-factor authentication (MFA) or two factor authentication (2FA) is also a simple, practical step to drastically improve cyber security. It simply refers to the process of needing two types of authentications before a user can log in to an account. That might be a combination of any of:
* A PIN number
* A passwordA fingerprint
* A specific phrase
* Or a temporary passcode sent to the users’ mobile phone number.
Backing up devices is the best ‘insurance policy’ you can buy against loss of data. Backing up devices and business critical information in the cloud or on external hard drives or servers doesn’t just protect against cyber attacks, it also protects against natural disasters, power surges and water damage to physical machines.

Where can I find more trusted resources about cyber security?

CyberUnlocked can be your first point of call for a range of options to improve the cyber security of your business. These include:

A facilitated, in-depth training session with your team.
A ‘point in time’ cyber security audit to understand your existing systems and processes and identify any weak points or areas for improvement.
An annual ‘health check’ and cyber audit to ensure that your IT systems and processes are in good working order, and evolving to respond to any new threats that might have emerged.

If you want to get your cyber security in the best shape possible this October during cyber security month then we would be delighted to help.

Top 10 Considerations When Getting Cyber Liability Insurance Cover

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Fri, 09 Sep 2022 01:56:29 GMT

Certain types of business insurance are non-negotiable. But with more business conducted online, did you know that there is specific cyber insurance available to you? But how does it work? What does it protect against? What does it cost? And ultimately, should you be looking into it?

We’ve answered all these questions in this article so you can make an informed choice about your next steps.

How does cyber insurance work?

Cyber insurance works in a very similar way to other types of insurance you might be familiar with like property or motor vehicle insurance. In exchange for the payment of an insurance premium, you can be covered from damages arising from cyber-related events.

What does cyber insurance protect against?

Cyber insurance can protect against events that may cause your business financial loss such as:

The loss of revenue after a cyber attack
The cost of replacing or recovering damaged or stolen records and data
Losses arising from the illegal use of stolen intellectual property
Costs arising from defending legal claims from third parties after a cyber-attack

Similar to any insurance policy, cover will vary from policy to policy. Some may cover the more straightforward losses such as the cost of recovering data but not extend coverage to indirect effects like legal claims from third parties. A detailed understanding of the product disclosure statement (PDS) is needed before making any decision.

Is E&O the same as cyber liability insurance?

Errors and omissions (E&O) insurance differs from cyber liability insurance. It is a broader category of insurance that covers you if and when a genuine error or omission by you or your employees causes financial loss to a third party. In a software context, it might apply to software sold by Company A where for some reason that software fails, which then causes financial loss to the customer, Company B.

In contrast, cyber liability insurance covers consequences that arise after attacks by malicious third-party hackers on a company.

However, because they both cover digital operations and assets, these two types of insurance (E&O and cyber) are often ‘bundled’ together and sold.

Does cyber insurance cover ransomware?

Ransomware is one of the most widely used and known forms of cyber-attack, and cyber insurance generally covers this type of attack and its consequences. However, coverage limits may apply, and insurers might require a business attempting to claim under their insurance to prove that they took ‘reasonable steps’ to ensure the protection of their systems.

What is the cost of cyber insurance?

Costs vary widely depending on business size, turnover and industry.

Industry estimates show that the cost of cyber insurance is increasing steadily as online threats increase. At the same time, policy limits have shrunk. a recent report from Gallagher states that underwriters have attempted to limit exposure by limiting cover, which has led to policy limits only about half as large as those offered in the 2021 renewal cycle.

Should I get cyber insurance? Is it a good risk mitigation strategy?

As with any insurance, it’s dependent on your personal assessment of cost versus risk. However, data breaches, stolen customer information, loss of access to your systems and business interruptions can have both financial and reputational consequences.

Cyber insurance can help mitigate financial losses and allow you to focus on limiting the reputational consequences from the earliest possible moment.

What key cyber insurance elements should I look for?

There are many options that have differing levels of suitability depending on the industry you operate in, but elements of cover could include provisions to cover losses arising from:

Forensic expenses
Legal defence costs
Regulatory investigations, fines and penalties
Rectification costs (e.g. notifying customers, suppliers and third parties)

Are state based attacks covered by cyber insurance?

Generally, no. For example, one of the largest and most respected insurers in the world, Lloyds, is phasing out coverage for acts of cyber warfare or attacks carried out by nation states.

Is cyber insurance mandatory?

No. However, for some industries or professions, it might become mandatory in the future in the same way that medical practitioners must have professional insurance.

Key cyber insurance takeaways

Cyber insurance is going to become more important as more Australian businesses do more online. If you are not sure about whether your business would benefit from cyber insurance or want to have your current cyber security infrastructure audited, CyberUnlocked is a Sydney based, trusted business that would be delighted to help with those needs.

Rise of the Machines: Managing Cyber Security Weak Spots in AI

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Fri, 02 Sep 2022 03:28:36 GMT

If you own or run a business, chances are you’ve seen more about artificial intelligence (AI) and machine learning (ML) over the past few years. But you might still be wondering what exactly these definitions cover. And beyond that, it’s probably still not clear to most business owners and managers exactly how AI and ML can be used to build better, more resilient, and efficient businesses.

The rest of this article is devoted to answering those questions, and giving you a primer on the upside for AI and ML applications for medium sized businesses, and also about the risks that need to be accounted for.

What is AI / ML?

Artificial Intelligence (AI): AI is the capability of computer software to replicate the thinking styles and patterns of humans. This includes things like problem solving and learning. The computer software does this using math and logic-based methods to approximate the ways that humans think in order to solve a given problem.
Machine Learning (ML): ML is a way that AI is applied in the real world. It is the procedure of setting up a computing system to take data (often a lot if it) and apply it to models to solve problems. This means that the ML application can go about its business without the need for direct human instruction. It also means that the ML application can continue to test different solutions (experiment) and improve (learn) on its own.

How is AI / ML being used to transform business?

It helps to take a lesson from recent history to grasp the scale of applications for AI and ML. When the internet first came into mainstream use the endless number of possible use cases was not well understood. But email, streaming (audio and video) and payments are just three areas where internet-based applications have reduced costs, increased speed and reduced the need for manual handling by humans. The result has been more efficient businesses, along with entirely new business models and tools.

For businesses, Xero, Zoom, Microsoft Office, Slack, PayPal and Afterpay are just a few familiar examples of these web-based applications.

The process of innovation and evolution of business tools is likely to be replicated by AI and ML.

Some areas of new opportunities that can apply across multiple industries include:

Image and video processing: including applications that allow software to identify objects (e.g. hazards on a worksite) and actions (safe and unsafe driving in a warehouse) and notify the right people to reduce injuries and insurance bills.
Recommendation services: including applications that track the ‘most used’ in house software and programs by high performing employees that then suggest these programs to other users to help save them time and effort.
Sentiment and mood monitoring: including applications that take large volumes of text and video (for example, customer reviews and social media conversations) and analyse them on a regular basis to provide businesses with real-time intelligence about how their brand and products (and those of their competitors) are being rated in the market.
Prediction tools and analytics: including applications that allow businesses to anticipate spikes and lulls in demand and adjust their staffing and inventory levels accordingly (e.g. food ordering and rostered shifts for restaurants).

What are the main threats for AI / ML applications?

Just like an internet-based application, an AI / ML application can be vulnerable to threats if not secured correctly. There are some best practices to follow to increase the level of security and trust around any AI and ML applications you may use or create.

First, high quality ‘data hygiene’ is required. In practice, this means that only the data that is absolutely necessary to create AI and ML applications should be collected and stored. That data should be destroyed once the practical application of it ends.

Second, strong data sets should be used. Just like cooking, quality ingredients lead to better results. The better the inputs (‘ingredients’) being fed into AI / ML models, the better the end results will be. This practice can help avoid any negative consequences that might occur when AI applications ‘go rogue’ and deliver unintended results as a consequence of low quality data being used to train them.

Third, integrity is paramount. In practice, this is about trust. Users should be made aware of when their user data is being accessed, whether AI is being used and be able to give or withhold informed consent about that use of their data.

How can I secure my AI / ML applications?

If you have AI / ML tools in place (or are thinking about adopting them) and are unsure of the level of security around these tools then contact us at any time .

CyberUnlocked are leaders in the space and work to put in place best practice data security processes to protect your business and reputation by analysing your needs and preparing an individualised plan that fits those needs.

Top 7 Things You Need to Know About ISO 27001 Certification

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Fri, 26 Aug 2022 11:26:51 GMT

Certifications matter. That is especially the case when the accreditation is highly credible and well-known. In global business, the International Organisation for Standardisation (ISO) certifications represent one of the best examples of this.

The ISO 27001 designation applies to businesses that have put in place a high-quality Information Security Management System (ISMS).

The certification is also a ‘badge’ that signals that the business has demonstrated to an external auditor that its systems and processes are of a high standard.

As cyber security experts, we know a lot about this accreditation. So, the rest of this blog is devoted to answering the main questions we’ve fielded about ISO 27001 from clients, including why it matters, how your organisation benefits from having it and how much it costs.

What is ISO 27001?

ISO 27001 is a standard that sets out best practices for organisations when it comes to managing their technology processes and how their employees handle information. The goal is to ensure that the information that the business holds is confidential, trustworthy and able to be accessed when needed.

The focus of the standard is the internal information security management system. This is divided in 14 broad categories. Those categories are further broken down into a total of 114 controls. It’s important to know that it’s not required that every one of those 114 controls is implemented to pass an ISO 27001 audit.

What is the difference between ISO 27001, ISO 27017 and 27018?

ISO 27017 and ISO 27018 are codes of practice that are included as add-ons within the ISO 27001 certification. ISO 27017 demonstrates compliance with the provision and use of cloud services while ISO27018 focuses more specifically on Personally Identifiable Information (PII). Unlike ISO 27001, ISO 27017 and ISO 27018 are not management system standards, so you cannot attain certification to them without ISO 27001 compliance.

Who needs ISO 27001?

The answer to this question depends a lot on the type of business you are in and the needs of your customers. For businesses that work with or are looking to provide future services to enterprises, government entities or are part of regulated industries this is becoming an absolute must. Increasingly, the collection and handling of sensitive data is becoming critical for all parts of the value chain, not only the large enterprises. Not having an ISO 27001 can put companies at a disadvantage to competitors when chasing RFPs with government or enterprise customers.

Similarly, for some large customers, a top-tier information security management system for their suppliers is an important part of their supplier selection checklist. Understanding whether that’s the case for you is an important factor.

Some sectors that might strongly consider an ISO 27001 certification include businesses bidding for government contracts, information technology, finance, insurance, healthcare and telecommunications services.

Is ISO27001 a legal requirement?

ISO27001 is not at present a legal requirement in Australia. In some industries, ISO27001 is accepted as a substitute for the legislated requirements. If you are unsure about the cyber security requirements in your industry, reach out to CyberUnlocked to learn more.

So why is ISO 27001 important?

While it’s not mandatory, some of your customers might have tendering or contracting guidelines that require any potential suppliers or partners to be ISO 27001 compliant. Or, they might award extra ‘points’ to a supplier or customer that has the certification when they are engaging in a competitive tender process.

It’s also important to realise that there is no ‘minimum size’ for a business to obtain this certification. In fact, a smaller or newer entrant to a sector that holds this certification might be at an advantage over incumbents who have not yet made the effort to obtain it.

Can software be ISO27001 certified?

No. The certification applies to organisations and their processes, not to individual pieces of software. However, an organisation that sells software may obtain the certification to demonstrate their security credentials to potential customers, especially if they are asking customers to trust them with personal or private data.

Why should you get your business ISO27001 certified?

Put simply, it’s about trust. An organisation with the certification can prove to its clients, customers and employees that it has the processes in place to protect sensitive data. And that ‘proof’ is obtained with reference to an independent umpire, and a globally recognised standard.

It’s widely accepted that data is one of our most valuable assets that need a high level of protection. That protection is quickly becoming non-negotiable for top-tier businesses and by extension their partners and suppliers.

How much does it cost to get ISO27001 certified?

The cost is determined by the size and complexity of the organisation, its systems and processes and its current security maturity. The costs are associated with:

The effort of evaluating and documenting your current processes
The effort of setting up a secure system that meets the certification requirements
Engaging an ISO-accredited auditor to test your systems and processes

At the end of the day, an ISO 27001 certification is a valuable accreditation that can assist organisations in winning higher value and more complex work. As information management and cyber security specialists, CyberUnlocked are experts in ISO 27001 and can help your business conduct an ISMS audit to help increase your chances of getting the certification.

How Can You Protect Your Business From Ransomware Attacks?

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Fri, 19 Aug 2022 03:36:16 GMT

Ever watched one of those classic hostage movies? Air Force One, Speed, Inside Man or even that unforgettable scene in The Dark Knight with the Joker, Batman and the immobilised twin ferries full of hostages drifting on the river. They might make for great cinema, but if you stop for a second to think about the emotions of the characters in those scenes it makes for some uncomfortable thoughts.

What were those people feeling? Fear. Helplessness. Vulnerability. The terror that your fate is in the hands of someone else.

But what if you are unfortunate enough to become one of many managers or owners of a small or medium sized business who was subject to a ransomware attack? Chances are you’d feel a lot of one similar emotions. Because the ‘bad guys’ playbook is exactly the same.

What is ransomware?

$322,000. That’s the average amount that organisations who were actually ‘taken hostage’ by the attacks paid to hackers to get released.

This is based on data from 5,600 medium-sized businesses just like yours.

Ransomware is a type of malicious computer code. The usual goal of the code is to infect your computer or network and perform a pretty specific action: to take your system, data and access hostage by ‘locking it up’ away from your reach until a ‘ransom’ is paid by you. But there are plenty of variations on this theme.

What are the types of ransomware attacks?

Just like poisonous snakes, there are a wide variety of ransomware types and it can be helpful to know what you’re dealing with. We’ve put together a straightforward guide to some of the most common types out there:

Encryptors: these can also go by ‘crypto ransomware’ and are probably the most common type of ransomware out there. They take all the data in a system, encrypt it to make it unusable to you. The ‘fix’ is a decryption key – for a fee of course.
Lockers / lock outs: this type of ransomware is the classic ‘hostage taker’ that puts some big impenetrable walls around your system, locks you out and then asks for a ransom payment if you’d like to get the key to your systems and data back. Often, these are paired with tactics designed to increase fear and urgency like a countdown timer or a threat to delete all files if the ransom isn’t paid in a set amount of time.
Scareware: this method is slightly less confrontational but plays heavily on fear. A bug latches onto your system then continually reminds you and your staff of a virus or vulnerability that it will reveal to you in exchange for payment.
Leakware / doxware: our data is private which means that threatening to leak it online is a powerful tactic used by scammers. A common profile of these scam claims to have detected ‘illegal activity’ or lists the names of sites that the user has visited that they may prefer others not know about. This tactic is especially effective when targeting employees or managers who might have accessed non-work sites on work computers.

What steps can I take to protect against ransomware?

There is no one single solution to protect against ransomware. No two businesses are the same and many factors need to be considered when developing your cyber security strategy which should always cover the 3 pillars of people, process and technology.

Basic ‘computer hygiene’ such as having anti-virus software, performing regular system-wide software updates, having effective backups in place, enabling multi-factor authentication and automatically restricting what external applications are able to be installed on a work station are some basic practices every business needs to have embedded.

Regular in-person training, education and quizzes are critical because any employee clicking the wrong link or giving information to the wrong person can be the ‘point of entry’ for a ransomware attack.

If you would like to put in place some additional layers of protection around your business-critical systems and software then feel free to contact us at any time. We are local, professional cyber security experts and can do a thorough assessment of your needs and system weaknesses before recommending a tailored plan to help close those gaps in your defences.

Are Your Employees at Risk of Vishing? What You Need to Know as a Business Leader

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Fri, 12 Aug 2022 01:56:01 GMT

Have you noticed an increased number of phone calls to your personal and work phones lately from someone not in your contacts list? You’re not alone.

While their execution usually lets them down, no one has ever accused scammers of not being adaptable. And just like other clever bugs and parasites, they have evolved pretty quickly in recent years to our new world and ways of working. And that’s resulting in the explosion of vishing and smishing scams.

So, what are these scams, and why do they represent an ‘upgrade’ in the scam threat level?

What is vishing?

Vishing is a simple combination of the words ‘voice’ and ‘phishing’. Most have come across a phishing scam. It is an email designed to get the receiver (potential victim) to reveal information to the sender (scammer / attacker). More sophisticated versions of this scam mimic a reputable sending address (e.g. Telstra, Australia Post, Amazon, Apple) and also mimic the branding and layout of the emails of those companies.

Phishing scams are a form of social engineering designed to inspire trust and confidence before the ‘ask’. And that ‘ask’ might be for sensitive information like passwords or financial account information. More subtle phishing expeditions my ask for less obviously sensitive information like dates of birth, place of work or financial institution in order to get more information for a more targeted attack later on.

In contrast, vishing uses voice either through an automated message that plays when the recipient answers the phone, or an actual person on the other end of the line trying and get the same information.

What is the difference between smishing and vishing?

Where vishing uses voice to try to scam people, smishing relies on our other major form of communication using our phones, SMS’s and texts. Similar to vishing, it combines ‘SMS’ with ‘phishing’ to get its name.

And like vishing, it has grown in effectiveness because of the pandemic. Specifically, because of the rise in the amount of internet shopping we are doing. Whether you order your groceries for delivery from Woolies or Coles, get a meal kit from YouFoodz or Hello Fresh or just have a steady stream of Australia Post deliveries on their way to your front door, these purchases all share a common thing: the SMS confirmation or progress alert.

When you couple that with an easy to click tracking link (cause who doesn’t love knowing exactly where their groceries are) you’ve got the perfect ingredients for a scam that’s trying to get you onto a web page where you enter some sensitive data.

Why are smishing and vishing scams on the rise?

In a simple three letter acronym the answer is WFH. In early 2020 many of us went on a very unforeseen but largely successful experiment to work mostly from home. Almost three years on, it’s meant that on average, most white-collar workers spend two to three days working from home. And that means receiving more work calls on personal phones.

Out of practicality / security / privacy many of us will block our number from appearing on outbound calls. But when we receive a call while working from home, it often pops into our mind that it might be a work call, so we answer even if the number is unfamiliar or blocked. And that moment of doubt and action are what vishing scammers have exploited in the last few years.

The increased ‘pick up’ rates of calls from unknown and blocked numbers because of the increase in WFH and mobile usage means that the ‘target audience’ for these scams has grown much bigger. And the voice is a far more effective pressuring and influencing tool than an email where there are more opportunities for our subconscious mind to pick up spelling errors or inconsistencies.

How do I protect my employees from smishing and vishing attacks?

The first and most obvious step is education. But simply going through statistics the dangers of phishing scams, and the tens of millions of dollars they cost businesses each year probably won’t do it on its own.

You can contact CyberUnlocked to get custom cyber security training for your employees. Our training programs can keep your employees vigilant against vishing and smishing attacks.

What are the Benefits of a vCISO? Do I Need One?

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Fri, 05 Aug 2022 05:45:08 GMT

CISO (Chief Information Security Officer) is a trained cyber security expert who ensures that all aspects of a business’s cyber security strategy are running smoothly. For businesses to execute proper protection over time, the presence of a CISO is required to perform high-level IT security and compliance programs that protect your business trade secrets and your sensitive data.

For many businesses, the search for a suitable, full-time CISO can be challenging and resource-consuming. For many business leaders, recruiting a virtual CISO (vCISO) to fulfil the role is a smart alternative.

What is the difference between a CISO and vCISO?

A vCISO is a contracted cyber security expert that handles a business’ security strategy and programs. A virtual chief information security officer is highly trained, with years of experience in working for many different organisations and businesses. They are involved in the creation and compliance management of cyber security policies, standards, procedures, and guidelines based on the latest frameworks. Other crucial tasks include running cyber security audits, performing vulnerability assessments and penetration testing.

What are the benefits of a vCISO?

The functions of a vCISO are much similar to that of a CISO, in that they ensure the safety of your business's cyber security and provide threat intelligence. However, CISO-as-a-service allows for some advantages over employing an internal CISO. One such benefit is that a vCISO service can give your business near-immediate expertise on reducing or mitigating cyber security threats and breaches.

Does my business need a vCISO?

No two businesses are the same and many factors need to be considered when assessing if you need a vCISO. With cyber threats on the rise all businesses are a target. Spamwatch data shows that small and micro Australian business were the hardest hit financially by scams in 2021. Other factors are your growth strategy, most enterprise customers will require a security questionnaire during the tender process that will ask for your cyber and risk credentials.

Hiring a vCISO is also a more cost-effective option. Often, small to medium-sized businesses are vulnerable to cyber security risks due to insufficient resources to afford a full time CISO. A vCISO service can be tailored to your business strategy and affordability. If you own a small to medium-sized business, opting for a vCISO service is a great way to save spending while not compromising your cyber security.

CyberUnlocked can be your vCISO

CyberUnlocked can provide you with a vCISO for your business needs. Contact our cyber security professionals today to get started.

Are Cyber Security Audits Important on Company Systems?

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Fri, 22 Jul 2022 09:32:48 GMT

What is cyber security auditing?

Cyber security auditing or vulnerability scanning is a foundational strategy to keep your business safe and with its help, businesses of any size can mitigate security issues and patch weaknesses. Simply, it is the process of identifying and reporting on security vulnerabilities in your business systems. Security professionals like CyberUnlocked can perform a series of tests to identify any liabilities within your systems. This can range from sensitive information being exposed to unauthorised data access that can lead to threats to your business.

How to perform a cyber security audit?

Most audits start with creating an inventory of your IT components (firewalls, servers, desktops, virtual machines, cloud workspaces) connected to your company’s network or being used by your employees. This goes beyond identifying the devices and systems, to inventorying the operating systems, the user accounts and installed software. This is usually done by an information security auditor such as CyberUnlocked who can identify known and unknown devices connected to your systems.

Once all the devices and systems have been identified, cyber security scans are run to assess and study the potential weaknesses in the IT environment and the degrees of risk that are being held by the business.

How do I know what cyber security scan to run?

Different types of cyber security scans can be conducted on your business systems. These include network scans, website scans, host scans, cloud scans, application scans, database scans, and penetration tests, to name a few. Each tackle different areas of cyber security concerns for your business. Understanding and selecting the right approach is critical before starting. To find the best cyber security approach, you can consult with CyberUnlocked so that the right scan is conducted to best suit your business needs.

How often should you run a cyber security scan?

Cyber security scanning is an ongoing process. Though scans can be a one-time assessment, it’s best to have cyber security auditors like CyberUnlocked perform a continual evaluation of your business. This allows for continuous protection of your company’s infrastructure and helps deal with any changes to your systems (such as the introduction of new applications or devices) or new security vulnerabilities found by criminals that may pose a cyber security threat to your business.

If continuous scanning is not possible, the frequency of scans can vary from weekly or monthly to annually. So, what’s the minimum amount of time between scans? The answer is it depends on many risk and business factors, consideration of your industry, your risk appetite, your compliance needs and your customer’s expectation.

Where to start?

Contact CyberUnlocked to tailor a cyber security audit that best fits your business. What’s more, we can conduct the audit and manage your security vulnerabilities. We investigate your systems to determine the areas where they are most vulnerable to external threats and provide solutions to safeguard your business infrastructure.

What are the 5 Types of Cyber Security?

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Fri, 15 Jul 2022 05:14:58 GMT

As we dip further into the digital age, cyber security remains a crucial part of risk management for all businesses. Regardless of whether your business is big or small, to effectively implement cyber security measures, a great first step is to start with an understanding of the different types of cyber security services. In this article, we’ll explore the 5 main types of Cyber Security, why you need them, and how they all serve to protect your business’s important data, assets, and reputation.

5 Types of Cyber Security

1. Network Security

Network security is the measures used to safeguard your computer networks from unauthorised access. This encompasses the protection against security breaches, exploitation of authorised accounts, and various other threats that prevent organisations from meeting the demands of their employees and clients.

Some standard technologies that will help with network security controls are firewalls, Virtual Private Networks (VPNs), Intrusion Detection Systems (IDS) and Intrusion Protection Systems (IPS).

Network security is serviced through securing various aspects of your network:

Physical protection: Physical protection of network infrastructures means your data routers, data centres, and servers are secured to prevent unauthorised physical access. This is performed by situating the physical hardware of your network in a secured environment.
Secure storage of data: By encrypting data or implementing similar processes and ensuring your company’s network infrastructure such as servers are patched from vulnerabilities and prevented from infiltration.
Administrative protection: These are security restrictions that are placed on employees’ accounts, file management, and other tools of a company that will prevent any possible network breaches. A common example is Identity and Access Management (IAM), which controls who can access your data and systems.

2. Application Security

Nowadays, businesses use many different types of software to help manage business-related tasks. Whether they’re custom-made or are created by a third party; stored in the cloud or locally, these must be secured. There are many good practices to make sure that applications are safe:

Software updates: For application security, it’s important to keep up to date with applications software updates, as updates patch known vulnerabilities that cyber-criminals target.
Enable application security: reputable application providers will have in-built security features. Make sure these are configured correctly in your software.
Regular risk assessment: Regular risk assessment by a cyber security service like CyberUnlocked ensures that your application security is kept up to date and protected against the latest threats.
Strict access control: Having strict access control on applications is a great preventative measure from possible security breaches.

3. Internet Security

Internet or Web Security breaches can easily happen when a company does not have preventative data-protecting measures. The high magnitude of internet threats and access via web-based applications can leave an organisation’s internet security to be full of vulnerabilities. The most common internet/web cyber security solutions include:

Regular training of employees on cyber security
Filtering Web Content
Protecting your data transmitted over the internet
Strong Email Security
DNS (Domain Name System) Layer Protection

4. Cloud Security

Cloud services are more prevalent now than ever. Many businesses use cloud computing for its excellent data storage, scalability, applications, and improved protection. However, it’s still vital to keep up with the security of cloud services , especially, when companies are relying more and more on cloud computing to store sensitive data.

Some practices to enhance cloud security includes:

Comprehensive visibility: No matter how many cloud services and solutions you use, you need to keep and manage the security of your data. One common method is to use a Cloud access security broker (CASB) solution. This is software or hardware that acts as an intermediary between the user and your cloud services and allows you to enforce security policies.
Security monitoring: continuous security monitoring is critical to alert technicians that a cybercriminal is attempting to access your cloud environment. The quicker the response the better a business’s chance of avoiding or recovering from an attack.
Identity and access management (IAM): This protects your business against potential attacks by coming up with a management plan (such as a secured sign-on system and multi-factor authentication) to ensure the safety of your company.

5. Endpoint Security

What is an ‘endpoint’? An endpoint is any device that connects to your corporate network or is used by any of your employees to access your business applications and data. These include laptops, tablets, digital printers, mobile phones, etc.

With growing remote working setups and bringing your own device trends, it’s critical to implement proper endpoint security measures. Endpoint security provides you protection and response to combat threats such as viruses, ransomware and credential thefts. With today’s advanced malware, exploits, and other stealthy techniques getting the right malware and ransomware protection is crucial to device security.

How CyberUnlocked can help?

Why is Cyber Security Important for SMBs?

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Fri, 08 Jul 2022 06:30:14 GMT

As the world becomes more digitised, sensitive data is left more vulnerable than ever. The increased exposure of identity information due to increased remote working since 2020 has caused a boom in information theft. The average loss to companies due to business email compromise has increased to more than $50,600 in Australia. This compromise of identity information can lead to other infrastructures of a company being destroyed. When organisations have been exposed to a data breach, their integrity and client trust is lost. It’s crucial to have cyber security oversight, no matter the size of a company.

Remediating cyber-attacks is financially costly for SMBs

Small to medium businesses (SMBs) in Australia are especially at risk without cyber security oversight. Cybercriminals are aware that SMBs often have less cyber security protection due to financial costs. This makes them vulnerable to simpler forms of cyberattacks that are cheap to execute. The lack of cyber security resources and planning to protect and respond against such attacks leads to greater financial damage as remediating cyberattacks is costly.

A study done by the University of New South Wales found that social engineering is amongst the most common forms of cyber-attacks. The study also found, that in 2021, cybercrime cost the Australian economy $42 billion with over 67,500 reported cybercrimes. As typically only about 20% of cybercrimes are estimated to be reported, this number is expected to have been greater than 300,000. For SMBs to avoid bearing the brunt of financial costs, it is a good idea to implement and strengthen your cyber security plan sooner rather than later.

How can I stay secure?

Some measures to keep your business secure include:

Implement prevention-based security solutions
Seek out cyber security measurements and advice from the experts
Provide comprehensive and current cyber security training and education to your employees
Pay particular attention to enhancing protection for your critical systems and services
Promote a cyber security conscious culture

Where do I get started?

Contact CyberUnlocked today for our cyber security experts to help you with protecting your business.

Why do we Need to Build a Culture of Cyber Resilience in FY23?

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Wed, 29 Jun 2022 09:24:15 GMT

Risks of a Growing Digital Frontier

Today, the digital footprint of businesses is ever-expanding. COVID-19 and the rise of remote working have introduced to organisations a growing, high-threat risk of cyber security attacks. To combat this, most companies in Australia adopt a defensive security strategy, consisting of primarily preventing attacks from happening and protecting confidential data. However, this approach to security is proved insufficient when faced with the growing sophistication of cyber-attack techniques.

In 2021, a notable increase of 15% in ransomware attacks were reported to the ACSC (Australian Cyber Security Centre). Beyond that, a report by ASIC (Australian Security & Investments Commission) found that 40% of SMEs demonstrated weak supply chain risk management practices. An evolving digital frontier must call for a change in the way that we approach cyber threats. A defensive line of action is simply not enough. Companies need cyber resiliency in addition to cyber security.

What is Cyber Resilience?

Cyber resiliency is a long-term strategy that requires an organisation to establish ongoing and adaptable processes to not only protect against security threats but also be prepared to recover from cyber-attacks. To become cyber resilient, an organisation must develop a strong foundation in cyber security. This requires investments in infrastructure to detect and patch vulnerabilities , mitigate threats, educate employees on ways to defend against cyber threats and have robust processes to ensure operational and business continuity with minimal impact in the event of a cyber-attack.

A cyber resilient culture means considering all aspects of a business. From process mapping, and information technology services, to critical vendor dependencies; cyber security should be prioritised and consciously seen as an essential part. Organisations should also continue to adopt new technologies alongside a changing digital landscape. Cyber security and resilience should not be treated as an end objective but as a transformative process that is closely aligned to a company’s strategic direction to ensure ongoing security and survival.

It is critical to be prepared. Improving a company’s cyber resilience needs to be a program of continuous improvement rather than a one-time project. Cyber resiliency not only warrants a safer execution of an organisation’s direction towards success but serves as armour against a great wave of cyber liabilities.

How CyberUnlocked Can Help

If you want to build a culture of cyber resilience in FY23, talk to us today about strengthening your practices to build a successful culture for the future.

Saying Goodbye to Internet Explorer

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Fri, 17 Jun 2022 04:06:09 GMT

Microsoft has retired its former champion of web browsing, Internet Explorer, also known as “IE”. Nearly 27 years since its launch in 1995, on June 15, IE was disabled with users being directed to Microsoft’s Edge browser instead. As someone who grew up using IE with dial-up internet, there is a tinge of sadness in deserting a web browser that I and many others have found solace in. But Microsoft’s decision is no surprise.

Security: The end of IE

Internet Explorer was the default software that came bundled with Windows operating system. Over the years, with an influx of new, more exciting browser competitors, the experience using IE was increasingly perceived as unreliable and slow. The browser’s main users all dove towards faster and safer alternatives, like Mozilla Firefox and Chrome.

In 2015, Microsoft launched Edge to compete with other web browsers, which offered not only a more modern experience than IE but also addressed key security concerns. IE had an older, more insecure defence system that was vulnerable to crashes and malware. While Edge offered much more security, with newer, more powerful built-in defences against malware and phishing. With Edge, there is more protection over the user’s privacy. This makes it an easy decision as to why IE is no longer reliable as a browser that’s keeping up with current internet and security standards.

Much like browser security, it’s crucial to keep up with change. For instance, you can no longer rely on old-school anti-virus, instead, opt for next-generation antivirus to protect your business and remain safe.

What to do when I’m still using IE?

If you are still using IE, make the move to another browser that is in-kept with current security standards, such as Edge or Chrome. If you still have the IE application installed on your computer, it’s important to uninstall it following Microsoft’s guidelines.

What Is The Difference Between Cyber Security And Information Security?

Thu, 09 Jun 2022 23:53:00 GMT

In this digital age, it’s crucial for businesses and individuals to protect their networks and data. In fact, according to Forbes, the global economy loses $2.9 million every minute due to cybercrime.

Cyber security and information security are both essential for company protection. These terms are often used interchangeably, but there is a big difference between the two.

The focus of each security measure is different. Cyber security is focused on protecting your computer systems from unauthorised access or attacks. Meanwhile, information security protects your confidential data (in any form) from being accessed or stolen by unauthorised individuals.

In this article, we will explore the difference between cyber security and information security and how to protect your business through both measures.

What Is Cyber Security?

Cyber security describes the measures taken to protect your computer networks and user data from unauthorised access or theft.

It is essential because it protects your computer systems from malicious individuals who want to harm your business or steal your data. Thus, cyber security is a vital measure that companies of all sizes should take to protect their digital systems from attack.

What Is Information Security?

Information security is a term used to describe the measures taken to protect your confidential data from being accessed or stolen. Confidential data can be stored in many forms, from physical documents stored in a company’s filing cabinet system to files uploaded to a cloud.

Information security is focused on protecting the confidentiality, integrity, and availability of data. This means ensuring that data is not accessed or manipulated by unauthorised individuals and is available when needed.

What Is The Difference Between Cyber Security And Information Security?

Because cyber security and information security both deal with protecting important data from unauthorised access, there is some overlap between the two. Both can prevent data breaches and cybercrime threats , but they work differently to achieve this goal.

Examples of cyber security measures include firewalls, cloud security, anti-virus software, and password protection. These help to protect your computer systems from unauthorised access and malware threats.

On the other hand, information security measures include data encryption, access controls, and compliance with privacy laws and security standards. These help to protect your confidential data from unwarranted access and theft.

How to Protect Your Business with Cyber Security and Information Security

Here are some tips on how you can protect your business with both cyber security and information security measures:

Invest in an excellent cyber security solution: Good cyber security solutions will help to protect your computer networks , which is crucial especially if they contain confidential data. Choose reputable and reliable cyber security solutions that are updated regularly.
Train your employees in cyber security: Your employees should be trained to identify and respond to potential cyber threats. For example, they should be aware of phishing scams and how to protect their passwords.
Backup your data regularly: Regularly backing up your data can help you recover it quickly if it is ever lost or compromised.
Implement strong information security measures: These include encrypting your data, keeping it in a secure location, and using access control measures.
Regularly test your cyber security and information security measures: Regular testing of your security measures will help ensure they are effective. You should test your measures regularly and make changes as needed.

How CyberUnlocked Can Help

If you want to protect your computer networks and data from attack, you need cyber security and information security. While your business may have some security measures in place, it’s important to regularly test and update these solutions.

When choosing cyber security solutions for your business, make sure to choose a reputable and reliable partner. CyberUnlocked provides comprehensive cyber security solutions for companies of all sizes.

We offer a wide range of services to help businesses secure their systems, including:

Vulnerability and Risk Assessment: Your hidden vulnerabilities could be putting you at risk. We can help you find and fix them before they’re exploited.
Managed Detection and Response: We provide 24x7 threat detection and response to continuously monitor for malicious behaviour on your laptops, cloud environment or networks.
Web Application Security: Today's corporate world is dominated by web-based apps and websites . Our scanning service will detect SQL injection, DDoS, SSL issues, data leakage, and other vulnerabilities.
Cloud Security: The CyberUnlocked team will be your cloud security partner. We'll provide you with a variety of options, keep an eye on any suspicious activities, and maintain your cloud environment.

Critical Alert: Microsoft Office Vulnerability

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Tue, 31 May 2022 11:52:34 GMT

Alert background

Earlier today Microsoft disclosed a vulnerability (named “Follina”) in the Microsoft Support Diagnostic Tool (MSDT). The vulnerability can be exploited by cybercriminals sending a URL to a vulnerable machine. Successful exploitation allows cybercriminals to install programs, view or change data, or create new accounts in line with the victim’s user permissions.

Victims may be deceived into opening documents using email attachments, social media links, file downloads or other creative delivery methods.

We are aware that Australian organisations have actively been targeted.

How do I stay secure?

Since this is currently a zero-day vulnerability there is no patch available yet. Here is how to safeguard your organisation:

Caution your users to be extra observant when opening any attachments, particularly Microsoft Office documents.
Follow Microsoft's guidance on implementing a workaround .
Once a patch is available, apply it immediately.

Update as of June 15 : Microsoft have fixed the Follina zero-day flaw in Windows. The update included security updates to address 55 vulnerabilities. It is strongly strongly recommended to install the updates to be fully protected from the vulnerability.

Need help?

The CyberUnlocked team are here to help, call us today on 1300 901 835.

High Alert for Australian Organisations

sarah.mcavoy@cyberunlocked.com.au (Sarah McAvoy) — Thu, 24 Feb 2022 07:34:13 GMT

High Alert for Australian Organisations

Alert Background

Ukraine has historically been a target for cyber-attacks that have international consequences. With the events of the recent days, there is an increased risk of malicious cyber activity that could impact Australian organisations through unintended disruption.

The ACSC is not aware of any current threats to Australian organisations but wants organisations to strengthen their cyber protections.

How do I stay secure?

The ACSC recommends urgently reviewing your cyber security. Here is what you need to safeguard your organisation:

Audit your security practices
Remediate where possible
Increase monitoring for threats
Review your incident response and business continuity plans

Need help?

The CyberUnlocked team are here to help, call us today on 1300 901 835.

The Holidays Are The Busiest Time Of Year For Cyber Criminals—Is Your Business Prepared?

Mon, 22 Nov 2021 20:12:18 GMT

The Holidays Are The Busiest Time Of Year For Cyber Criminals—Is Your Business Prepared?

Cybercriminals are especially active during the holiday season. Do you know how to stay safe while shopping online and planning for your holidays?

“It’s the most wonderful time of the year…”—or, at least, it should be. Unfortunately, if cybercriminals get their way, it won’t be.

Do you understand why cyber security is especially important during the holiday season?

Cyber Criminal Activity Skyrockets During The Holidays

Cybercriminals routinely launch attacks on holiday weekends because it’s when businesses are most vulnerable—Kaspersky noted a 9% increase in activity during this time of year.

Why? Staff members are away from the office, doing their best not to think about work. IT support is less available than usual. Many businesses are essentially open targets.

This strategy is highly effective for cyber criminals—just consider the track record so far:

The Kaseya ransomware attack took place on the July 4 weekend
The 2013 Target hack was executed over Thanksgiving weekend
Last year’s SolarWinds breach took place just days before Christmas

Hackers also use this time of year as an opportunity to wreak havoc at the consumer level as well. With so many modern high profile gifts relying on some form of networking (video game consoles, smart technology, etc.), Christmas morning is the perfect time for cybercriminals to temporarily tank the stock of a company like Sony or Microsoft. In 2014, for example, hackers took down the gaming networks for PlayStation and Xbox, making hundreds of thousands of gifted video game consoles essentially useless.

Cybercriminals are preparing for their holiday hacks as you read this. Are you sure your business is prepared to stay secure until you get back from your holidays?

The Online Marketplace Is Especially Vulnerable

A key area for cybercriminal activity during the holidays is the online marketplace. In recent years, a majority of retailers have begun offering online shopping options for their customers. As the use of these e-Commerce platforms rises during the holiday season, cybercriminals target these systems at a much higher rate.

e-Commerce solutions are often highly vulnerable to malicious third parties. By compromising JavaScript code, cybercriminals can deploy a range of different attacks, including:

Cross-site scripting (XSS)
Form jacking
Cryptojacking
Malicious ad injection
Data skimming

Key Threats During The Holiday Season

The three primary types of threats you need to understand are:

Denial-of-Service/Distributed Denial-of-Service (DoS and DDoS) Attacks: This method floods your business’ systems with multiple data requests, resulting in lags and crashes. This type of attack can be deployed to take down your website during your most profitable time of year.
Malicious Bots: Bots can be deployed to execute a wide range of actions, from stealing data on your business and your customers to disrupting key processes in your online shopping systems. Cybercriminals may use bots to perform any of the following types of online fraud:
Price scraping
Content scraping
Scalping
Denial of inventory
Website Attacks: Retail websites suffered more attacks than other websites during Q4 of 2020. Cybercriminals will directly attack your website to breach your customers’ financial data. Any systems that store credit card info, home addresses and other personal information are high-value targets.

Double Check Your Cyber Security Before You Go On Holiday

It’s vital that you verify your cyber security posture before you go on holiday with a little help from CyberUnlocked. We offer a robust range of cyber security scanning and management services.

As a part of our Vulnerability Management services, we will take an unbiased look at your systems to determine where they may be vulnerable to external threats. Our scanning service will identify vulnerabilities linked to SQL injection, DDoS, SSL flaws, data leaks and more.

Don’t Let Cybercriminals Ruin Your Holiday Season

While the holidays are certainly a time to relax, you don’t want to relax your cyber security. The fact is that it’s big business this time of year for cybercriminals.

Get in touch with our team to prepare your business for the holidays.

Are You Planning To Launch A Hybrid Working Model?

Sun, 21 Nov 2021 14:23:23 GMT

Are You Planning To Launch A Hybrid Working Model?

Are you looking into a hybrid working model for your business? Doing so can come with a lot of advantages—but you have to make sure you manage it correctly.

One of the primary lessons the COVID-19 pandemic taught the business world is the value of remote work. Thousands of businesses learned first-hand how remote work capabilities can help them tap into new talent pools and create a better work-life balance for their employees.

That’s why so many business owners are looking into a hybrid working model as the standard for their organisation once the pandemic concludes. If you’re considering a similar arrangement for your team, make sure you do it effectively and securely.

Advantages Of The Hybrid Working Model

Regardless of when the COVID-19 pandemic is over, you need to come up with a plan of action for your business now. Will you return 100% of your staff to the office? Will you continue with remote work as you have so far? Or will you take a hybrid approach?

The remote work model offers a number of benefits that you’ve likely taken notice of over the course of the pandemic. Remote workers have seen the benefits as well:

77% of remote employees say they're more productive when working from home
76% of employees prefer to avoid their office completely when they need to concentrate on a project
98% of remote workers want to continue to work remotely (at least some of the time) for the rest of their careers

However, for all the ways remote work is beneficial to both the organisation and end-users, it’s not without its challenges.

Key Challenges Associated With Hybrid Work

When the COVID-19 crisis hit, it hit fast. Despite what, in retrospect, may have seemed like a gradual build-up, it was virtually over the course of a few days in March 2020 that businesses had to pivot to a remote work model.

Obviously, the first priority was maintaining business continuity. You needed to make sure your remote workers had the technology and the remote access necessary to do their work.

But the process doesn’t end there—security is a complicated undertaking for remote work models. In fact, 36% of organisations have dealt with a security incident due to an unsecured remote worker.

Continuing with a remote work model, whether entirely or in part, will require:

Enhancing security measures
Providing the right hardware for users working permanently from home
Implementing more permanent file-sharing, collaboration, and communication tools

How To Protect Your Hybrid Business

In optimising your hybrid working model, make sure to consider the following best practices for your cybersecurity:

Identify Risks: In order to confirm your security capabilities, you need to conduct a cyber risk assessment along with a vulnerability scan of your systems. This will help you identify potential vulnerabilities, and develop the starting blocks to a secure long-term hybrid management plan.
Train Your Staff: As some of your staff will be working from home, it’s more important than ever to ensure they receive proper awareness training. Without proper supervision, they are at greater risk of compromising the security of your business data or falling for phishing scams. Make sure they understand how to maintain business cybersecurity from their home office.
Deploy Security Measures: Your hybrid environment will require a combination of threat monitoring, firewalls, and antivirus solutions. These defences will form a comprehensive cybersecurity posture to protect your office network as well as your employees while they work remotely.
Follow A Zero Trust Approach: The zero trust approach to cybercrime assumes that every aspect is a potential vulnerability until it can be confirmed otherwise. That means instead of simply investing in a strong firewall and antivirus, and assuming you’re protected, every part of your IT environment and every user trying to access it is assessed for its security.

According to NIST SP 800-207:

“Zero trust security models assume that an attacker is present in the environment and that an enterprise-owned environment is no different—or no more trustworthy—than any non enterprise-owned environment.”

This means that an organisation following a zero trust security model cannot, even by default, offer any trust in any interaction in their protected systems. Risks must be continuously assessed and mitigated, and access must be continuously verified.

It’s important for business owners to understand that every potential part of their network is a target. Given the overall connected nature of the systems, compromising one part can give the cybercriminals control over the entire environment.

Need Expert Assistance Managing Your Hybrid IT Environment?

If you plan to continue with remote work in one way or another, you may need to change your model of IT support. As you and the other C-level executives at your business have likely discovered since the start of the pandemic, your ability to work remotely depends directly on your IT support.

CyberUnlocked can help—over the course of the pandemic, we’ve gained extensive experience in helping our partners to launch, optimise and secure remote work capabilities. Now that the mad rush to go remote is over, it’s time to perfect your processes, and you don’t have to do so alone.

Get in touch with the CyberUnlocked team today to get started.

What Your HR Department Doesn’t Know About The Privacy Act Could Cost You MILLIONS

Mon, 15 Nov 2021 14:47:17 GMT

What Your HR Department Doesn’t Know About The Privacy Act Could Cost You MILLIONS

Anyone involved in the security and confidentiality of company data has to understand how to maintain compliance. CyberUnlocked can help you train your staff in Privacy Act compliance best practices.

Privacy Act Compliance Doesn’t Just Apply To Your IT Team…

Does your entire staff understand the role they play in compliance with the Privacy Act?

The fact is that anyone that can affect the privacy of protected data has to make sure they’re doing their part to maintain compliance. After all, this compliance system covers all types of personal information—including the information that your HR department manages as a part of their recruiting, hiring, training and compensation tasks.

While your senior leadership and IT staff may understand how to maintain compliance with the Privacy Act, that may not be the case for your HR team. That’s why you need to ensure they know the role they play as well.

Privacy Act 101

All private sector organisations that generate $3 million or more on an annual basis must comply with the Act. Furthermore, some sectors such as healthcare are covered regardless of their annual turnover.

While a range of types of information is covered by the Privacy Act, in essence, it refers to all “personal information”. That is, any information related to an identified or reasonably identifiable individual.

A breach has occurred when there has been unauthorised access to or disclosure of personal information which poses a likely risk of serious harm to affected individuals. In the event of a breach, you are legally required to notify the Office of Information Commissioner (OAIC) and affected individuals. This means drafting and disseminating a statement regarding the breach.

How Much Will Noncompliance Cost You?

One unaware member of your HR department can do a lot of damage. Individuals found responsible for a breach can face penalties of up to $420,000. Organisations can be fined as much as $2.1 million.

Is Privacy Act Compliance A Lot Of Work?

Yes, it can be, if you handle it independently. But it’s necessary—it’s designed to protect consumers and allow you to continue to make the most of modern business advantages in the digital age.

The good news is that you don’t have to handle this alone. By working with a security company like CyberUnlocked, you can make sure you have the skills and knowledge you need to stay compliant.

While you may have never had to worry about this type of compliance with your HR team before, our team has the experience needed to assist in your analysis and updates to help you get in line and avoid big fines.

Get in touch with our team today to get started.

Can You Afford An $800,000 Fine?

Sun, 24 Oct 2021 16:24:21 GMT

Can You Afford An $800,000 Fine? Then You Need To Be PCI DSS Compliant

Find out what you need to know about PCI DSS compliance in this entry in our Cyber Security Awareness Month series.

In honour of Cyber Security Awareness month, CyberUnlocked will be exploring a range of associated topics for today’s business owners. In this blog, we’ll explore the importance of Payment Card Industry Data Security Standard (PCI DSS) compliance.

Unlike industry-specific compliance regulations that state how healthcare clinics or legal firms need to handle sensitive data, PCI DSS compliance covers an extremely wide range of businesses.

Any business that processes, stores, or transmits credit or debit card payments and payment information in any capacity is subject to strict PCI DSS compliance standards which dictate how credit card data needs to be handled and the precautions that need to be in place to keep that data secure. Failure to meet those standards can have serious repercussions, from penalties and fines to legal action in the event of a data breach.

What Is PCI DSS Compliance?

PCI DSS applies to your business if you handle cardholder information for debit, credit, ATM, e-purse, POS, and prepaid cards.

PCI DSS requires card issuers and holders to retain an audit trail history for a time period that’s consistent with its effective use and legal regulations. It’s necessary to undergo PCI DSS compliance auditing to ensure your customers' data is protected during credit or debit card transactions.

Is PCI Compliance Required By Law In Australia?

All Australian businesses, regardless of size or industry, are required to maintain PCI compliance if they accept card payments. Failing to stay compliant could result in serious consequences. Banks and credit card institutions can impose fines anywhere from $7,000 to $900,000. The 2013 Target hack resulted in $162 million in fines alone.

Bank fines are based on the research they perform to remediate your noncompliance. Credit card institutions impose fines as a punishment for noncompliance, and they may enforce a timeline of increasing fines.

That’s why you need to be sure you’re PCI DSS compliant.

What does PCI DSS Compliance offer you?

In addition to protecting you from fines, PCI DSS compliance offers a range of other advantages:

Client Confidence: Your clients need to know that their credit card information is safe. If you were to suffer a data breach that compromised their financial information, do you think they would continue to do business with you? Your ability to promote your PCI DSS compliance status is yet another value add for your brand.
Security Standards: A byproduct of PCI DSS compliance is a stronger cyber security posture. You will improve your data security simply by meeting the requirements of the compliance system.
Reduces Data Breach Costs: No matter what you do, you are likely going to experience some form of data breach at some point. How damaging and expensive it is will depend on what steps you take to defend your business right now. By complying with PCI DSS standards, you can ensure you won’t face any financial or reputational damages associated with card data compromise.

The Biggest Threat To Your PCI DSS Compliance

PCI DSS compliance is a higher level of security and data governance that organisations have to follow. Compliance is complex, and there is a critical element of assessment and planning that needs to go into your compliance strategy.

In particular, you need to make sure your staff understands their role in your organisation’s overall compliance efforts. It doesn't matter which types of technical safeguards you have in place if your staff doesn't know how to maintain compliance.

Are you sure your staff knows how to maintain PCI DSS compliance?

What’s Your First Step To Take Towards Confident PCI DSS Compliance?

First and foremost, businesses need to run a thorough assessment of their existing level data security and processes and identify gaps. By determining your current state of security and how it aligns with PCI DSS compliance standards, you can identify what needs to be improved before your audit.

A PCI DSS compliance audit is necessary to keep your business and your customers safe from a payment card data breach. PCI DSS compliance auditing assesses your business’s point-of-sale (POS) system. A qualified security assessor (QSA) will determine whether or not your business is compliant with The Payment Card Industry Data Security Standards by:

Examining your system,
Identifying vulnerabilities, and
Preventing data from being compromised.

As there is no one fix it all solution for compliance, it’s important to identify the gaps and work with a professional team to address them —CyberUnlocked will help.

CyberUnlocked Will Manage Your PCI DSS Compliance

As you can see, failing to manage compliance is expensive. That’s why you shouldn’t bother trying to oversee your compliance personally. You’re too important in your actual role at your business to split focus and risk overlooking something.

The CyberUnlocked team will help, following our proven plan for compliance:

A risk assessment with a PCI DSS Approved Scanning Vendor (ASV) to check compliance and improve your data security.
Expert consultation for staff training on security awareness so your employees have the information and skills they need to meet the latest PCI DSS standards and regulations.
Information about any vulnerabilities, and ranked by order according to their seriousness. This way, you can address the most important first.
Quarterly approved vulnerability scans to meet your PCI DSS obligations.

Don’t put your compliance at risk — CyberUnlocked’s team of PCI DSS compliance experts are available to manage it for you

Is Your Website Your Achilles’ Heel?

Thu, 21 Oct 2021 11:42:35 GMT

Is Your Website Your Achilles’ Heel?

An unprotected website can cut into your business operations and ruin your reputation in a matter of minutes. Are you sure your online presence is secure?

In honour of Cyber Security Awareness Month, we’re highlighting a series of topics that business owners often overlook when developing their defensive strategies. In this article, we’ll explore the importance of website security.

Cybercrime is an ever-present and increasing threat to businesses in every industry. Without up-to-date and varied IT security services for your IT infrastructure, successful hacks can compromise your customers’ and employees' sensitive data and harm your systems, resulting in costly downtime, legal consequences, and worse.

You already know this — that's why you invested time and money in protecting your servers, your desktops and other business hardware with top of the line firewalls, antivirus software, security solutions, etc.

What about your website?

A Website Is Hacked Every Three Seconds — How Long Until Yours Is Taken Down?

Did you know that 30,000 websites are hacked on a daily basis?

What you and so many other business owners and managers have not realised is that protecting your website is just as important as protecting your hardware. Without reliable IT security services for your website, you'll be left vulnerable to hackers trying to manipulate, control or just take down your business' web presence.

You can’t expect your small size or low profile to keep you safe. With tens of thousands of website attacks taking place every day, it’s only a matter of time until you get hit.

A Hacked Website Can Eat Into Your Profitability And Destroy Your Reputation—Fast

Web users are fickle — 57% of prospective clients refuse to recommend businesses with poorly designed websites. How do you think they’ll respond if your website is offline when they try to visit?

If your website is hacked, you can face a range of consequences:

Current and potential clients can’t visit a website that’s been taken offline, which costs you business
You’ll gain a reputation as a company that can’t be relied on
You’ll have to spend time and money bringing your website back online

Each and every one of these consequences can be easily avoided by ensuring your website is properly protected against the following types of threats:

SQL Injection: Structured Query Language injection, which can interrupt the queries made to your databases in order to destroy them.
DDoS: Distributed Denial-of-Service attacks floods your business’ website host with multiple data requests, resulting in lags and crashes.
Brute Force Entry: Cybercriminals break into your administrator account by running an automated program to try thousands of passwords in mere minutes. Once inside, they can deploy malware, change settings, and more.

5 Ways Experts Protect Websites

Use SSL: Investing in a Secure Sockets Layer certificate is a foundational part of website security. This confirms your website’s credentials and provides robust encryption capabilities.
Defensive Software: Deploy an anti-malware solution to identify and prevent malware infections before they take effect. Antivirus software is used in conjunction with a firewall to provide protection against malware, adware, and spyware. Each of these cybercriminal tactics has the potential to do immense damage to web processes and a company’s reputation.
Strong Password Policies: Your website access passwords need to be sufficiently strong. Make sure to keep the following in mind:
Length and Complexity: The easier it is for you to remember a password, the easier it'll be for a hacker to figure it out. That's why short and simple passwords are so common — users worry about forgetting them, so they make them too easy to remember, which presents an easy target for hackers.
Numbers, Case, and Symbols: Another factor in the password's complexity is whether or not it incorporates numbers, cases, and symbols. While it may be easier to remember a password that's all lower-case letters, it's important to mix in numbers, capitals, and symbols in order to increase the complexity.
Personal Information: Many users assume that information specific to them will be more secure — the thinking, for example, is that your birthday is one of 365 possible options in a calendar year, not to mention your birth year itself. The same methodology applies to your pet's name, your mother's maiden name, etc.

However, given the ubiquity of social media, it's not difficult for hackers to research a target through Facebook, LinkedIn, and other sites to determine when they were born, information about their family, personal interests, etc.
Pattern and Sequences: Like the other common mistakes, many people use patterns as passwords in order to better remember them, but again, that makes the password really easy to guess. "abc123", or the first row of letters on the keyboard, "qwerty", etc., are extremely easy for hackers to guess.
Patch and Update Management: Did you know that the most common way cybercriminals get into a system is through loopholes in common third-party programs and services, such as your website host? Whether you use WordPress, Squarespace, or another service, you need to ensure that you’re keeping them up to date. Similarly, if you are using javascript or python code, you need to check that any code libraries you use are secured against any exploitable vulnerabilities. Leaving your hosting software or code libraries outdated will make you highly vulnerable to penetration by cybercriminals. Unfortunately, software patches can be time-consuming and complicated; most of us just end up clicking the "Remind Me Later" button instead of sitting through an often-inconvenient update process.
Manage Web Backups: Don’t assume your website is ever going to be 100% secure against external threats. You need to manage and test robust backups of all website data. This ensures you can restore and recover your website quickly in the event that something bad happens.

Protect The Foundation Of Your Business’ Online Presence

Don’t cut corners when it comes to defending your website. It may be your next client’s first interaction with your business.

Get in touch with the CyberUnlocked team to develop a truly comprehensive cyber security posture that includes your website.

Top Lessons To Learn From Australia’s 2021 Cybercrime Stats

Fri, 15 Oct 2021 10:38:04 GMT

Top Lessons To Learn From Australia’s 2021 Cybercrime Stats

In honour of Cyber Security Awareness month, CyberUnlocked will be exploring a range of associated topics for today’s business owners. In this blog, we’ll explore the recent rate of cybercrime in Australia.

News of major data breaches is becoming more and more common. Have you stopped to wonder why these incidents keep happening?

The fact is that very few businesses are learning how these breaches happen and what they should be doing to prevent it from happening to them. Cybercriminals can keep relying on the same old tactics to penetrate business’ systems because they keep working.

That’s why, every time a breach like this occurs, it’s vitally important that you find out how it happened and determine whether a similar vulnerability exists in your organisation.

3 Lessons To Learn From Cybercriminals

The Office of the Australian Information Commission recently released a report detailing cybercrime in the first half of 2021. Here are four key lessons you should take away:

You Can’t Hide From Cybercrime: Don’t assume that by avoiding major services and companies you can lower your chance of being affected by a cyber attack. 66% of data breaches affect less than 100 people.

The fact is that your data has value. Cybercriminals don’t have to focus on massive companies like Amazon and Google in order to see an ROI on their efforts. They’re more likely than not to target and breach a small organisation that stores your data, often because these companies lack viable cyber security measures.
Not All Attacks Are External In Origin: Don’t think it’s only cybercriminals that are responsible for data breaches. While they are the source of a majority of incidents, there are other factors you need to consider:

Cybercriminals - 65%
Internal employees - 30%
System fault - 5%

The fact is that a range of cyber security incidents stem from internal issues. Whether it’s human error or a faulty device, the end result is the same: your data has been exposed.

Poorly trained employees make viable targets for a range of cyber scams. According to the report, the primary causes of human error-based breaches include:

Accidentally sending sensitive information to the wrong contact - 40%
Accidental publication of sensitive information - 23%
CC and BCC errors - 8%

This is why employee awareness training is such a critical part of cyber security. No matter how well defended against external threats you are, just one wrong move by a staff member can negate your entire cyber security posture.

Key Attack Vectors Remain Effective: As mentioned above, cybercriminals are able to use the same old methods because they’re still effective. The most common forms of attack in the first half of 2021 include:

Phishing - 30%
Stolen credentials - 27%
Ransomware - 24%
Hacking - 9%
Malware - 5%
Brute force - 5%

The three primary methods listed in that breakdown have been popular attack vectors for years now. Everyone has heard of these methodologies, and yet, as a nation, we’re still not effectively defending against them.

How These Stats Can Inform Your Defense

Cyber security is all about knowledge and prevention. The better you understand the threats you face, the more you can do right now to defend against them.

By reading this article, you’ve taken a first step to better understand how cybercriminals operate. The next step is to mitigate the most common attack vectors. Here’s how:

Train Your Staff: Business owners that are not confident in their staff’s level of cyber security may need to invest in training. Security awareness training helps employees know how to recognise and avoid being victimised by phishing emails and scam websites.

They learn how to handle security incidents when they occur. If employees are informed about what to watch for, how to block attempts, and where they can turn for help, this alone is worth the investment.

A comprehensive cyber security training program will teach staff members how to handle a range of potential situations:
How to identify and address suspicious emails, phishing attempts, social engineering tactics, and more.
How to use business technology without exposing data and other assets to external threats by accident.
How to respond when you suspect that an attack is occurring or has occurred.
Manage A Robust Backup: The right backup solution will offer the following features and capabilities:
Comprehensive Backups: The backup solution should provide both local onsite backup for quick recovery in instances of data loss, as well as an offsite cloud-based backup for when your business is hit with a critical disaster. Furthermore, these offsite backups need to be protected by a digital air gap, ensuring they are not at risk of encryption in the event of a ransomware attack.
Regularly Tested : Whoever is in charge of your security should regularly test the backups to verify their effectiveness in the event that something goes wrong with your onsite data.
Convenient Restoration : Don’t settle for clumsy, all-or-nothing backups. Managers should be able to choose a point in time to restore in the event that the data has been deleted, corrupted, or there has been a malicious intrusion.
Implement Multi-Factor Authentication: Multi-factor authentication (MFA) is a great way to add an extra layer of protection to the existing system and account logins. By requiring a second piece of information like a randomly-generated numerical code sent by text message, you're able to make sure that the person using the login credentials is actually who they say they are. Biometrics like fingerprints, voice, or even iris scans are also options, as are physical objects like keycards.

Don’t Fall For The Same Old Cybercrime Tricks

Cybercriminals have so many tactics and methods for penetrating an organisation like yours that you can’t settle for defending yourself on one front alone. That's why you need a comprehensive defense, that combines cyber security solutions, employee training, best practices, and detailed policies.

Take action now to defend yourself against these types of cybercrime attacks. If you don’t, it will only be a matter of time until you’re included in one of the above stats.

Microsoft 365 Is The Foundation Of Your IT Environment

Wed, 13 Oct 2021 00:05:05 GMT

Microsoft 365 Is The Foundation Of Your IT Environment — Don’t Let Hackers Break In

In honour of Cyber Security Awareness month, CyberUnlocked will be exploring a range of associated topics for today’s business owners. In this blog, we’ll discuss the importance of Microsoft 365 security.

Should You Be Worried About Microsoft 365 Security Capabilities?

As a rule, you should always be concerned about security. Put simply, it’s a never-ending battle, and as such, it should always be considered when it comes to the technology you use at your business.

But what about Microsoft 365?

Designed according to Microsoft Security Development Lifecycle, Microsoft 365 is a Software-as-a-Service solution that uses a defense-in-depth approach to provide physical, logical, and data layers of security features and operational best practices. Plus, it offers enterprise-grade user and admin controls to further secure your environment.

However, that doesn’t mean it’s entirely secure against today’s cybercrime threats. A recent report by Vectra exposed how cybercriminals are circumventing Microsoft 365’s security capabilities.

4 Cybercrime Methods That Will Breach Your Microsoft 365 Data (And How To Defend Against Them)

Stolen Administrator Rights: By design, global administrator accounts have the most privileges in a Microsoft 365 ecosystem. They can configure settings, grant access to other users, and more. That’s why cybercriminals will go to great lengths to access these accounts. By tricking their way in through a phishing scam or brute-forcing the login, they gain unfettered access to your data. Make sure to enable a multi-factor authentication solution (MFA) for all accounts (global admins and otherwise). At a recent RSA security conference, Microsoft engineers told attendees that 99.9% of the accounts that are compromised each month don’t have an MFA solution enabled. MFA is a great way to add an extra layer of protection to the existing system and account logins. By requiring a second piece of information like a randomly-generated numerical code sent by text message, you're able to make sure that the person using the login credentials is actually who they say they are. Biometrics like fingerprints, voice or even iris scans are also options, as are physical objects like keycards.
Privilege Abuse: The more capabilities you give your users, the greater the risk those accounts pose to your security. Cybercriminals just need to breach one over-privileged account to wreak havoc in your systems. Make sure to follow the rule of “least privilege”. It’s an important part of zero trust security. It ensures that every user is only given precisely the level of access they need to do their job. It’s like a cyber security equivalent of the intelligence concept, “need to know basis”.
Microsoft Outlook Disabled Auditing: Older Microsoft 365 accounts may not have mailbox auditing turned on by default. This puts them at risk of being monitored by cybercriminals hiding in the system. Any and all messages and data is automatically compromised when an external party is lurking in your network. Protect against this threat by having your administrator enable mailbox auditing on all accounts. This will track and identify suspicious behaviour.
Business Email Compromise: Business Email Compromise is a social engineering technique used by cybercriminals in which they pose as a business or member of a business in order to execute fraudulent payments. Just last month, cybercriminals stole $15 million by impersonating executives at over 150 businesses. Business Email Compromise can be carried out in a number of ways:

Phishing: Phishing emails are sent to large numbers of users simultaneously in an attempt to "fish" sensitive information by posing as reputable sources; often with legitimate-looking logos attached.
Spear Phishing: This is a much more focused form of phishing. The cybercriminal has either studied up on the group or has gleaned data from social media sites to con users.
Online Research: LinkedIn, Facebook and other venues provide a wealth of information about organisational personnel, as do their company websites. This can include their contact information, connections, friends, ongoing business deals and more.

In addition to ensuring your executives understand how to identify a BEC attack, make sure to enable mail flow rules. This will allow your administrator to track suspicious messages and intercept them while in transit.

Enlist An Expert Team To Manage Your Microsoft 365 Security

Think you can handle your Microsoft 365 security on your own?

Maybe you can — in theory, it's entirely possible that, if you've invested in the right technologies, and have the right skill set, you could handle Microsoft 365 cyber security for your business all on your own.

But, if we’re being honest, that’s a big if. The proven approach would be to have the CyberUnlocked team manage it for you. Our cyber security support will handle the following:

Management of security patches and updates
Implementation of best practices for user privileges and access management
Ongoing management of data backup

Don’t put your primary cloud platform at risk — get in touch with the CyberUnlocked team for expert assistance. We will employ a range of proven processes that will monitor and maintain your Microsoft 365 cyber security.

What You Need To Know About Business Email Compromise

Sun, 19 Sep 2021 12:26:43 GMT

What You Need To Know About Business Email Compromise

Business Email Compromise an increasingly common cybercrime tactic today that doesn't rely on technical vulnerabilities at all — it relies on you. Could you be putting your organisation at risk?

Business Email Compromise is a social engineering technique used by cybercriminals in which they pose as a business or member of a business in order to execute fraudulent payments. In order to effectively defend against scams like this, you have to first understand how they are executed.

How Does Business Email Compromise Work?

In layman’s terms, a cybercriminal will write an email pretending to be from a known contact or organisation (e.g. your bank), and request that a payment be processed – instead of sending the funds to a legitimate source, the payment will go to them.

Business Email Compromise can be carried out a number of ways:

Phishing: Phishing emails are sent to large numbers of users simultaneously in an attempt to "fish" sensitive information by posing as reputable sources; often with legitimate-looking logos attached.
Spear Phishing: This is a much more focused form of phishing. The cybercriminal has either studied up on the group or has gleaned data from social media sites to con users.
Online Research: LinkedIn, Facebook and other venues provide a wealth of information about organisational personnel, as do their company websites. This can include their contact information, connections, friends, ongoing business deals and more.

In some cases, cybercriminals may only spoof an email address, and in others, they’ll directly breach the target’s account. Once a cybercriminal has gained access to a target’s email address, they can begin sending payment requests or simply redirect all invoices to a private folder for their perusal. Whether they’re redirecting incoming or outgoing funds, the end result is still the same — your business loses money.

Alternatively, cybercriminals can simply intercept an important financial document such as an invoice. They can either change the payment details or inform the recipient that the details have changed, substituting their own bank account for the business’.

Is Business Email Compromise A Serious Threat?

Let’s look at the facts — Australians lost $128M to Business Email Compromise scams in 2020.

If you’re sceptical of how this type of scam could cause so much damage, consider the average amount you’re sending or receiving via wire transfer or invoice payments. In April 2020, one small business lost $15,482 in an instant when a cybercriminal intercepted a PDF invoice and redirected the funds to their account.

If just one fraudulent or misplaced email could cost you tens of thousands of dollars, it quickly adds up. That’s why you need to understand how Business Email Compromise works and how to defend against it.

Who Are Common Targets For Business Email Compromise?

While the CEO is often a target, cybercriminals can do plenty of damage by going after other members of an organisation. There are a number of key, high-value targets that make it worth the cybercriminal's time to go after.

Whether it's their authority or their access to confidential information, these groups are all at risk for Business Email Compromise:

Financial Staff Members : While the finance department is especially vulnerable in organisations that regularly engage in large wire transfers, smaller businesses' payroll data is also of high value to cybercriminals.
Human Resources : Similar to finance, HR is a key target for the data they store on employees, including birthdates, medical data and more, all of which are of high value to cybercriminals.
C-Level Executives : You don't have to be the CEO to be a high-level target. CFOs have access to financial data, CTOs have access to login info, and everyone at this level has the authority to execute wire transfers and make large purchases.
IT Management : The IT manager and IT personnel with authority over access controls, password management, and email accounts are also high-value targets.

How Can You Stop Business Email Compromise?

1. Know Your Targets: By noting the above listed key targets, you can examine the role they play in cyber security, and how their access and authority is being protected:

Review social/public profiles for job duties/descriptions, hierarchical information, out of office detail, or any other sensitive corporate data.
Identify any publicly available email addresses and lists of connections.

2. Defend Your Organisation: Implementing the right range of cyber security solutions can help to protect common points of penetration for cybercriminals:

Email filtering
Multi-factor authentication
Automated password and user ID policy enforcement
Comprehensive access and password management
Whitelist or blacklist external traffic
Patch/update all IT and security systems
Manage access and permission levels for all employees
Review existing technical controls and take action to plug any gaps

3. Implement A Robust Security Policy: You need to dictate how members of the organisation, top to bottom, contribute to your cyber security. Everyone with access to your IT environment should follow these best practices:

Don’t open attachments or click on links from an unknown source.
Don’t use USB drives on office computers.
Follow a Password Management Policy (no reusing passwords, no Post-it Notes on screens as password reminders, etc.).
Participate in mandatory security training.
Learn to recognise phishing emails.

4. Plan Ahead To Mitigate Cyber-Risk : You need to develop a comprehensive cyber-incident response plan for your organisation. Make sure to test it regularly, and update it to address any shortfalls. Make sure to implement your plan properly – it won't work if your staff doesn't know about it, and can't participate in it:

Executive leadership must be well informed about the current level of risk and its potential business impact.
Management must know the volume of cyber incidents detected each week and of what type.
Understand what information you need to protect. Identify the corporate "crown jewels," how to protect them and who has access.
A policy should be established as to thresholds and types of incidents that require reporting to management.
Best practices and industry standards should be gathered up and used to review the existing cyber security program.
Consider obtaining comprehensive cyber security insurance that covers various types of data breaches.

5. Test Against Phishing : Share these tips with your employees to ensure they know how to spot a phishing attempt:

Genetic content: Cybercriminals will send a large batch of emails. Look for examples like "Dear valued customer."
“From” Email Address: The first part of the email address may be legitimate, but the last part might be off by a letter or may include a number in the usual domain.
Urgency: "You've won! Click here to redeem a prize," or "We have your browser history pay now or we are telling your boss."
Check Links: Mouse over the link and see if the link’s destination matches where the email implies you will be taken.
Misspellings, Incorrect Grammar, & Odd Phrasing: This might be a deliberate attempt to try and bypass spam filters.
Don’t Click Attachments: Virus containing attachments might have an intriguing message encouraging you to open them such as “Here is the schedule I promised.”

Whether You’re An Easy Target Or Not Is Up To You

The bottom line is that everyone in your organisation, top to bottom, is a potential target. Make sure everyone is following cyber security best practices and is protected.

If you need expert assistance defending against cybercriminals and training your staff to recognise social engineering scams, get in touch with CyberUnlocked.

Introducing Our MSP Partner Program

Tue, 14 Sep 2021 12:08:53 GMT

Introducing Our MSP Partner Program

Are you struggling to deliver the cyber security support your clients need?

Cybercrime continues to evolve as a key threat to businesses, and as new cyber security technologies and methodologies gain prevalence worldwide, it can all be difficult to keep up with. If you don’t have a dedicated team of cyber security experts on staff, you may not be able to deliver the quality of support your clients need.

The good news is that with CyberUnlocked’s assistance, you don’t need to.

Let Us Take Care Of Your Clients’ Cyber Security Needs

We are excited to announce the launch of our new MSP Partner Program, which will allow MSPs like yours to outsource cyber security support and management tasks to our team.

Don’t let your clients’ security support tickets pile up or their major cyber security projects sit unfinished any longer. Talk to the CyberUnlocked team to augment your MSP with expert cyber security support from ours.

The quality and effectiveness of your IT company are up to you. Will you give them the resources and support they need to succeed? Our mission is to become your cyber security partner.

How Does Our MSP Partner Program Help You?

You Can Harness The Cyber Security Expertise You Need: If your staff is having difficulty keeping up with the ever-changing cyber security landscape, your extended CyberUnlocked team can supplement their efforts. Our team has extensive experience delivering cyber security support in a range of environments and can manage the workload for you.
You Can Scale With Ease: As your clients’ organisations grow and evolve, you may need to scale up your security services and support capabilities. Rather than hiring more technicians, you can work with CyberUnlocked to offload cyber security management and projects. If you find you no longer need as much assistance, you can quickly scale back.
Maintain Your Brand: You get exactly the IT resources you need without ever having to pass your clients onto another IT company. We supplement your team under your company name, showing your clients that you always have the capability to complete their projects and meet their needs.

What Does Our MSP Partner Program Include?

Our MSP Partner Program is designed to be simple, effective, and low-cost.

We test the cyber risk and resilience of a fixed number of your clients every month and determine what actions are needed to reduce their risk. We deliver this through:

External Vulnerability Assessment: We scan your client’s internet-facing resources to determine whether publicly accessible resources online are putting your client at risk.
Internal Vulnerability Assessment: Some attack vectors in use by cybercriminals can circumvent known external vulnerability scanners. In this assessment, we analyse potential internal vulnerabilities present on your client’s network.
Cyber Risk Assessment: We examine your client’s cyber security from people, process and technology perspectives to determine whether it is in line with leading framework standards.
Compliance Management: We evaluate your client’s compliance standards and processes, generating a report that details any potential risks of noncompliance with the likes of PCI DSS, CMMC, GDPR, HIPAA and more.

Once we have completed our assessments, we will implement proven cyber security best practices and procedures with each and every one of your clients, ensuring they are properly protected against known threats.

Furthermore, using detailed customer metrics, we measure progress in reducing your clients’ risks and help you to communicate these benefits back to them. In addition, this program also gives you further benefits:

As your vCISO, we offer extensive cyber security expertise — any questions you have, we’re here to answer.
The white label nature of the program makes it as easy as possible to start promoting it to your clients. Simply add your logo to our marketing collateral and send it out.
As your partner, we offer all our services and solutions at a discounted rate to ensure it’s a cost-effective arrangement for both you and your clients.

CyberUnlocked Has The Expertise You’re Looking For

Our team has the expertise and experience you need to totally offload your clients’ cyber security concerns. We’ll manage their IT environments, keeping everything up to date, secure, and optimised.

Get in touch with our team to learn more.

Key Cybercrime Threats For 2021 And Beyond

Tue, 07 Sep 2021 12:03:08 GMT

Key Cybercrime Threats For 2021 And Beyond

2020 was a prosperous year for cybercriminals.

The number of phishing emails and social engineering scams that use the COVID-19 pandemic as a topic represents the single largest thematic series of cybercrime attacks ever. Furthermore, cyberattacks grew 400% compared to the previous year, according to Cyber Threat Intelligence League, a collective of over 1400 cyber security professionals and government experts from 40 countries.

The ever-growing rate of cybercrime has prompted nationwide activity here in Australia. The Cyber Security Advisory Committee now considers ransomware one of the most serious growing threats to Australian businesses, and the Australian Cyber Security Centre (ACSC) has released a new version of the Essential Eight Maturity Model.

This goes to show how important awareness is becoming in the modern business world. The degree to which you understand cybercrime attack vectors will directly inform the effectiveness of your cyber security processes.

What can you do to stay ahead of emerging threats? Your best course of action is to learn everything you can about what they are and how they work.

The more you know about the threats your business faces, the better prepared you’ll be to identify attacks in progress and prevent them from causing damage. The biggest threats you need to know about are ransomware and phishing, as well as the evolving way in which cybercriminals execute their attacks.

Social Engineering Remains The Primary Source of Breaches

Social engineering uses manipulation and deception to target a specific individual with the goal of getting them to give up sensitive information, or complete a task that benefits the hacker's end goal.

Using email tactics similar to those used to spread ransomware, social engineering is the primary way that hackers influence unsuspecting users to do things they normally wouldn’t do. Phishing and Business Email Compromise (BEC) are the two major ways that social engineering is used to target victims.

Phishing is a fraudulent attempt to obtain sensitive information like login credentials or credit card numbers by impersonating trustworthy figures, like companies and other users. Since the start of this year, Google had registered 2,145,013 phishing sites, a drastic increase from 1,690,000 the year before.

BEC takes it one step further, targeting known users and prompting them to take action, like wiring money to bank accounts or buying gift cards and sending them to a hacker. In both cases, the cybercriminals exploit the naivety and ignorance of a person to get them to do something they might not normally do.

Spear phishing is an enhanced version of these exploitation methods. The hackers take the time to gather detailed information about the victims, targeting specific people and presenting them with detailed requests that only a knowledgeable person might have, causing the targeted people to lower their guard and leading to much better results.

The Changing Nature Of Ransomware

Ransomware is a type of malware or trojan that infects a network and blocks access to data stored on those networks by encrypting all the files in a way that is difficult, if not impossible, to decrypt. The hackers who deploy the malware agree to provide a unique decryption key in exchange for a payment, usually in Bitcoin or some other cryptocurrency, making tracing and prosecuting the hackers difficult.

The malware is mostly spread using emails with embedded links that are sent out en masse to thousands if not millions of email addresses that can be readily obtained at low prices on the Dark Web. The hackers assume that at least some of those emails will be opened and some of the links clicked, downloading malware to the unsuspecting user’s PC and starting the encryption process. Overall, it is a very easy process to manage, and the rewards are exponentially higher than the cost.

In recent years, Australian businesses have become popular targets for ransomware attacks, resulting in a range of attacks on smaller organisations in 2020:

62% of small businesses that contacted ACSC suffered a cyber attack
Cosmetics retailer The Heat Group was infected with ransomware
Langs Building Supplies is attacked twice in five years

Cybercriminals Are Becoming More Patient

Starting around 2018, hackers discovered that it was relatively easy to penetrate an organisation’s network and remain undetected. Rather than immediately deploy a ransomware trojan and begin infecting files, the hackers watched silently as the firm went about its day-to-day business.

Because they had unfettered access to the network and all the information stored there, the hackers learned details about the organisation and all the people who worked there, which allowed them to do additional damage, including accessing bank accounts, confidential documents, and emails. They would start copying this data from the network to their servers, a process known as exfiltration, until they had all the data they wanted.

Some documented incidents found that hackers were roaming the network for up to 12 to 18 months before launching their primary attack. This is an attack that occurs when the threat actors have exfiltrated all the data they need and are ready to hold the organisation hostage. They launch the encryption payload that has been sitting dormant on the network for weeks if not months.

Once the files are encrypted, and the organisation is locked out of the data, the hackers demand a ransom. In Australia alone, there has been a 60% increase in ransomware attacks in the past year, and Telstra estimates that cyberattacks cost the national economy $3.5 billion in 2020.

Once the ransom is paid, and the decryption key is turned over by the hackers, cybercriminals often turn around and ask for more money to prevent the release of the information they have already stolen, putting the compromised firm in a tough spot. In most cases, the regulatory fines for data breaches are so high that companies are forced to decide between paying yet another ransom or facing fines and potentially significant damage to their reputation. For hackers, getting access to the data is the new gold rush.

What’s The Key To Cyber Security In 2021?

Invest in a little expert protection – CyberUnlocked. We can put our big business cyber security expertise to work for you, implementing best practices, identifying vulnerabilities, and protecting you against the more common and dangerous cybercrime scams.

How Cybercriminals Hack Multi-Factor Authentication Solutions

Wed, 01 Sep 2021 11:57:28 GMT

How Cybercriminals Hack Multi-Factor Authentication Solutions

Are you assuming multi-factor authentication (MFA) will keep you 100% secure? Think again. Despite how effective MFA is at preventing cybercriminals from gaining access to your accounts, it’s not entirely foolproof.

The Unfortunate Reality Of Password Security

Despite the fact that passwords are the most direct way to access a user's private information, most passwords in use today are simply not strong or complex enough.

Passwords protect email accounts, banking information, private documents, administrator rights, and more — and yet, user after user and business after business continue to make critical errors when it comes to choosing and protecting their passwords.

A report showed that 86% of more than 2 million breached passwords were identical to passwords that had already been breached. In the end, creating and using strong passwords can be frustrating — the more secure they are, the more difficult they are to remember. The more memorable they are, the greater threat they pose to the business.

What’s The Better Way To Approach Password Management?

MFA is a superior way to keep your data more secure — after all, it blocks 99.9% of identity-based attacks .

MFA requires the user to utilise two methods to confirm that they are the rightful account owner. There are three categories of information that can be used in this process:

Something you have: Includes a mobile phone, app, or generated code
Something you know: A family member’s name, city of birth, pin, or phrase
Something you are: Includes fingerprints and facial recognition

How Does A Multi-Factor Authentication Solution Work?

The user logs into the session with primary credentials.
The session host validates credentials with Active Directory.
Then, it sends credential validation to the cloud via the login app.
The MFA client sends its secondary authentication to the user. User approves.
The MFA client sends approval back to the session host via the login app.
The user accesses their session very securely.

Is MFA Foolproof?

While MFA is infinitely better than single authentication methods, it’s not unhackable. Its immense popularity over the past few years has led to an assumption that it’s a foolproof solution, and that’s simply not the case.

If executed properly, a range of conventional cybercrime techniques from phishing to trojans can effectively circumvent the security capabilities of an MFA solution. That’s why you can’t just assume an MFA solution is keeping you secure. You have to understand how it may be vulnerable and how you can play a role in its effectiveness as a security layer.

12 Ways MFA Solutions Can Be Hacked

Session Hijacking: The cybercriminal gains access to the same session that the user has already authorised. This can be achieved by simply sending a phishing email that tricks the user into giving up the access token before it has expired.
Guessing The Session Token: When a user properly authenticates access to a website or service, they will receive a session token, which is usually a URL string or a keycode. Hackers can potentially guess that code by studying the types of tokens the website in question generally issues and looking for common factors. Once they have established a pattern for the unique identifiers, they can simply brute force their way through an MFA solution.
Proxy Hijacking: This is essentially a Man-in-the-Middle (MitM) attack, in which the hacker squats on a shared wireless network, sends phishing emails to users, and intercepts their activity from that point.
False Authentication: This is by far the simplest method, in which the hacker just fakes the authentication process. As with other social engineering methods, they create a fake website that looks similar enough to the legitimate service to trick the user into providing the necessary info and sharing the unique access token.
Man-In-The-Endpoint: In this scenario, hackers gain admin access to a device and can then follow any activity the user undertakes — including authorising MFA for access.
Trojan: As with the previous method, this type of attack starts with a cybercriminal gaining admin access to a device. From there, they open a hidden browser session and monitor the user’s activity. Once an access code has been issued, the hacker uses it to authorise their session and leaves the user locked out.
MFA Software Modification: With admin access to a device, hackers can also make direct changes to the way the MFA solution operates. In this scenario, they hack into the MFA solution to weaken or disable its capabilities.
MFA Hardware Modification: This is similar to the previous method, but in this case, the hacker modifies installed MFA hardware to negate its security capabilities.
SIM Swap: A popular method for hacking, hackers that execute a SIM swap transfer a users’ data and authorisation to their own mobile device. From there, they can act as the legitimate user, access private data and more. As mobile devices are often where users receive MFA tokens, SIM swaps have become especially dangerous in recent years. Cybercriminals that successfully take over a user’s SIM can then receive MFA tokens when they log in to that user’s accounts.
SMS Rogue Recovery: To execute this type of attack, a hacker only needs the target’s email address and associated phone number. They then send a falsified SMS recovery message that requests an authorisation code in response. They then prompt the email client to send a forgotten password recovery verification to the user’s phone, which the user then sends to the hacker, giving them access to the email account.
Duplicate OTP Generators: MFA solutions often use one-time-passwords (OTPs) to authenticate users. These codes are issued in response to a login request and must be used within a short time frame before they expire. By hacking into the database that stores critical info for these processes (known as “seed value”), the hacker can then generate their own valid OTPs.
Over The Shoulder: Last and certainly not least, many MFA authentication tokens are simple enough to see by peeking over the user’s shoulder. Cybercriminals operating in public spaces (often while passively executing Man-in-the-Middle attacks) can get lucky by watching a user type in an access code.

These are just twelve of a vast range of methods cybercriminals can use to bypass MFA systems. For the most part, these are simply updated versions of older attack vectors that have been directed to specifically circumvent MFA security capabilities. The bottom line is that while MFA solutions are a recommended part of modern security, you shouldn‘t assume they will keep you secure no matter what. That is why at CyberUnlocked we recommend multiple layers of security to protect your business.

Need Expert Assistance Implementing And Managing An MFA Solution?

If you're unsure about how to implement a multi-factor authentication solution, don't try to handle it all on your own. CyberUnlocked will help you evaluate your password practices and security measures as a whole to make sure you're not taking on any unnecessary risks.

The ACSC Has Updated The Essential Eight Maturity Model

Thu, 19 Aug 2021 06:39:11 GMT

The ACSC Has Updated The Essential Eight Maturity Model — Here’s What You Need To Know

The Australian Cyber Security Centre (ACSC) has released a new version of the Essential Eight Maturity Model. Do you know what has changed, and what it means for you?

What is the Essential Eight Maturity Model?

The Essential Eight Maturity Model is a set of prioritised mitigation strategies developed by the ACSC to assist businesses in addressing and eliminating cyber security vulnerabilities. These strategies are drawn from the Strategies to Mitigate Cyber Security Incidents, the main ones being the Essential Eight.

In a nutshell, it’s a rather simple rubric that you can follow to make sure that all your bases are covered when it comes to cyber security. In addition to listing the technical aspects of cyber security that you should address and verify, it also provides a system by which to determine the level of threat you need to mitigate.

5 Changes To The Essential Eight Maturity Model You Need To Know About

Maturity Level Zero Has Been Reintroduced: Maturity level zero was not included in the previous version but has been brought back to define a level wherein the organisation is “showing weaknesses” in their overall cyber security posture. This is opposed to the previous version’s lowest level, in which even the least secure organisation in question would still reach Level 1, described as “Partly aligned with the intent of mitigation strategy.”
Redefining Maturity Levels 1 - 3: The higher three levels of maturity have been redefined according to the degrees of adversary tradecraft sophistication and targeting, instead of the degree to which a current organisation is aligned with the overall mitigation strategy. In other words, the ACSC is urging organisations to consider the real-world threats they face, rather than simply attempting to comply with a theoretical mitigation strategy.
Redefined Expectations: The ACSC no longer expects organisations to be compliant with the highest maturity level as a general rule. Instead, they are urging organisations to assess the potential threat they face (based on current trends and the desirability of their assets) and meet the appropriate maturity level to mitigate that threat.
Redefined Approach : This new version of the Essential Eight is focused more on a risk-based approach instead of a compliance-based approach. As with other changes mentioned above, this is due to a more realistic consideration of the current cybercrime climate, and the economics of cyber security development and management. The ACSC understands that not all organisations will be able to afford the changes necessary to fully comply with a high maturity level. It is more realistic and effective to have them focus on mitigating the greater threats to their cyber security currently at play.
Concurrent Implementation: This version of the Essential Eight recommends that organisations implement mitigation strategies from a given level all at once, rather than on an ad-hoc basis. The ACSC recognises that these solutions and practices work best in concert, and as such, organisations should implement all strategies in one level before moving on to the next.

As expected, the technical guidance for each maturity level was adapted according to the insight and data gathered in the 2019 Essential Eight sprints for Federal Government and major cyber security incidents dealt with by the ACSC since the last version was published. Prior to being published, this version of the Essential Eight Maturity Model was thoroughly reviewed by the ACSC, government, and industry partners.

What Are The New Maturity Levels?

As mentioned above, these new versions of the Maturity Levels focus on the potential adversaries to an organisation, rather than the organisation itself:

Maturity Level Zero: This level defines an organisation as having weaknesses in its overall cyber security posture. These weaknesses could be exploited by hackers at the level of Maturity Level One or below.
Maturity Level One: This level considers cybercriminals that apply publicly available techniques at a large scale, targeting mass groups of potential targets. Threat vectors are likely social engineering techniques or the targeting of unpatched vulnerabilities.
Maturity Level Two: This level focuses on cybercriminals that are still using publicly available and wide-cast techniques, but will invest somewhat more time and resources in their attacks. They will select their targets somewhat more specifically and will follow up on successful breaches to further compromise data or make use of credentials and access they have gained.
Maturity Level Three: This level of adversaries will specifically target certain organisations, looking for vulnerabilities based on older software, and invest time in improving the quality of their social engineering tactics against specific users. Once they have breached an organisation’s security, they will then invest more time to solidify their access and hide their presence over a greater period of time.

What Are The Essential Eight?

Addressing the most vital components of a strong cyber security defence, the Essential Eight Maturity Model includes the following (each laid out in their definitions relating to the top 3 maturity levels):

Application Whitelisting : Application whitelisting is the practice of specifying an index of approved software applications that are permitted to be present and active on a computer system. The goal of whitelisting is to protect computers and networks from potentially harmful applications. In each Maturity Level, an application whitelisting solution has been implemented on workstations, Active Directory servers, email servers, and other necessary servers.
Application Patching: Many of the most common malware and viruses used by cybercriminals today are based on exploiting programming flaws; to address this, developers regularly release software patches and updates to fix flaws and protect the users. That’s why regular patching is such an important part of cyber security. Furthermore, each level also requires that end of life applications (those that are no longer receiving vendor support such as updates, and patches) are updated or replaced with vendor-supported alternatives.
Configuration of Microsoft Office Macro Settings: A macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. These can be very convenient for users that want to eliminate repetitious or tedious work. However, because macros deploy an automated series of commands, they are also used by cybercriminals to execute tasks on a target’s system. That’s why there needs to be strict control applied to how macros are allowed to execute.
User Application Hardening: This is the security practice of only allowing necessary (and safe) areas of a given application to run. This is done to prevent conventionally unsafe browser-based plug-ins such as Java and Flash from compromising a user’s systems.
Restriction of Administrator Privileges: Administrator privileges allow certain users with privileged access to applications, controls and sensitive data. In a poorly secured IT environment, it’s not uncommon to find that all users have Administrative Privileges, which is a major security risk. All three Maturity Levels require the implementation of security controls to prevent privileged users from reading emails, browsing the web and downloading files from online services.
Patching Operating Systems: Similar to application patching, operating systems must be patched as well to make sure that identified security vulnerabilities are not left open for cybercriminals to exploit. Furthermore, each level also requires that end of life operating systems (those that are no longer receiving vendor support such as updates, and patches) are updated or replaced with vendor-supported alternatives.
Multi-Factor Authentication: Multi-factor Authentication (MFA) is a superior way to keep your data more secure. MFA requires the user to utilise two methods to confirm that they are the rightful account owner.

There are three categories of information that can be used in this process:

Something you have: Includes a mobile phone, app, or generated code
Something you know: A family member’s name, city of birth, pin, or phrase
Something you are: Includes fingerprints and facial recognition

At each Maturity Level, it is assumed that an MFA solution has been implemented to authenticate anyone that uses a remote solution, and that the solution uses at least two of the following authentication factors:

Passwords (six characters or longer)
Universal Second Factor security keys
Physical one-time passwords
Biometrics
Smartcards
Mobile app one-time password tokens
Emails
SMS messages
Voice calls
Software certificates
Daily Backups: Backups are a process by which local data is replicated and stored in a secure offsite location, to protect against permanent data loss. Today, this is often done automatically, via the cloud. The Maturity Levels for backup best practices include the following:
Backups of important data, software and configuration settings are performed and retained in a coordinated and resilient manner in accordance with business continuity requirements.
Restoration of systems, software and important data from backups is tested in a coordinated manner as part of disaster recovery exercises.
Unprivileged accounts can only access their own backups.
Unprivileged accounts are prevented from modifying or deleting backups

Which Maturity Level Should You Try To Achieve?

While previous versions of the Essential Eight Maturity Model would have told you to try to achieve Level 3, that’s no longer the case. The ACSC updated the Essential Eight Maturity Model to recognise that different organisations have different resources and face different threats.

Depending on the size of your business and the industry you operate in, the frequency, severity, and type of risks you encounter can vary greatly. In those cases, you may very well move from one maturity level to another over time, and as such, will require more regular updating.

After all, an enterprise corporation and a small business face different threats and have different resources available to them to invest in cyber security. That’s why this new version of the Essential Eight Maturity Model doesn’t expect both organisations to achieve the same level of maturity.

How Should You Approach Compliance With The Essential Eight Maturity Model?

You can achieve the appropriate maturity level for your organisation by following these steps:

Determine Your Risk: By considering the size of your organisation and the threats at play based on the value of your assets, you can get a better idea of which maturity level you need to achieve.
Assess Your Cyber Security: The next step will be to examine your current cyber security solutions and practices and compare them against the specifics of the Essential Eight Maturity Model and its maturity levels. You can then determine what needs to be improved, upgraded or expanded.
Remediate Your Cyber Security: With a plan in place, you can then start the remediation processes, addressing any shortcomings in your current cyber security posture when compared to the maturity level you intend to achieve.

Need Assistance With Your Cyber Security?

Taken all at once, the TBD may seem like a lot to manage on your own. If you’re unsure of how to undertake this process, you should be sure to consult with the experts from CyberUnlocked for assistance.

The Necessity Of Cybersecurity Training In The Modern Business World

Thu, 12 Aug 2021 06:23:11 GMT

The Necessity Of Cybersecurity Training In The Modern Business World

Cybersecurity Training is an essential part of an effective cybersecurity defence. Are your staff members supporting your cybersecurity? Or putting it at risk?

Did you know that more than 90% of cybersecurity incidents can be traced back to human error?

The fact is that what you (and your staff) don’t know could hurt you. If your staff isn’t up to date on the latest cybercrime scams, then they’re putting your data and reputation at risk, simple as that.

The best cybersecurity technology and practices in the world can be undone by one staff member who doesn’t understand how to use them, or how to protect the data they work with. These types of staff members make ideal targets for phishing scams.

What Is Phishing?

Phishing is a method in which cybercriminals send fraudulent emails that appear to be from reputable sources in order to get recipients to reveal sensitive information and execute significant financial transfers.

Phishing attacks are mass emails that request confidential information or credentials under pretences, link to malicious websites or include malware as an attachment.

Lately, phishing attacks are becoming more targeted with cybercriminals being able to access more than 15 billion stolen account credentials circulating on the dark web, including personal information, stolen usernames and passwords.

With only a surprisingly small amount of information, cybercriminals can convincingly pose as business members and superiors in order to persuade employees to give them money, data or crucial information.

Why Is Phishing Dangerous?

First of all, it’s prevalent. At the start of this year, Google had registered 2,145,013 phishing sites, a drastic increase from 1,690,000 the year before.

Furthermore, the average phishing attack costs businesses $1.6 million . The problem with the rising tide of cybercrime incidents is that you get desensitised to the whole thing.

Lastly, the fact is that businesses aren't learning to protect themselves, which is why the number of reported phishing attacks has gone up by 65% in the past few years, and by 47% in the first quarter of 2021 alone.

How To Identify A Phishing Email

Share these key tips with your employees to ensure they know how to spot a phishing attempt:

Incorrect Domain: Before even taking a look at the body of the message, check out the domain in the sender’s address. Maybe they claim to be from your bank, or a big name company – but talk is cheap. It’s much more difficult to spoof an actual domain name, and so it’s more common to see domains that are closer, but not 100% correct. If it seems fishy, it probably is.
Suspicious Links: Always be sure to hover your mouse over a link in an email before clicking it. That allows you to see where it actually leads. While it may look harmless, the actual URL may show otherwise, so always look, and rarely click.
Spelling and Grammar: Modern cybersecurity awareness comes down to paying attention to the details. When reading a suspicious email, keep an eye out for any typos or glaring errors. Whereas legitimate messages from your bank or vendors would be properly edited, phishing emails are notorious for basic spelling and grammatical mistakes.
Specificity: Another point to consider is how vague the email is. Whereas legitimate senders will likely have your information already (such as your first name) and will use it in the salutation, scammers will often employ vaguer terminology, such as "Valued Customer" — this allows them to use the same email for multiple targets in a mass attack.
Urgent and Threatening: If the subject line makes it sound like an emergency — "Your account has been suspended", or "You're being hacked" — that's another red flag. It's in the scammer's interest to make you panic and move quickly, which might lead to you overlooking other indicators that it's a phishing email.
Attachments: Phishers will often try to get you to open an attachment, so, if you see an attachment in combination with any of the above indicators, it's only more proof that the email is likely part of a phishing attempt.

What’s The #1 Way To Protect Against Phishing?

Cybersecurity Training is by far the most effective way to defend your organisation from phishing. This method recognises how important the user is in your cybersecurity efforts.

A comprehensive cybersecurity training curriculum will train users to ask important questions about each and every email they receive:

Do I know the sender of this email?
Does it make sense that it was sent to me?
Can I verify that the attached link or PDF is safe?
Does the email threaten to close my accounts or cancel my cards if I don't provide information?
Is this email really from someone I trust or does it just look like someone I trust? What can I do to verify?
Does anything seem "off" about this email, its contents or sender?

The right training services will offer exercises, interactive programs, and even simulated phishing attacks to test your staff on a number of key areas:

How to identify and address suspicious emails, phishing attempts, social engineering tactics, and more.
How to use business technology without exposing data and other assets to external threats by accident.
How to respond when you suspect that an attack is occurring or has occurred.

Your staff can have a significant effect on your cybersecurity – either they know enough to keep your assets secure, or they don't, and therefore present a serious threat to your security.

Why Is Cybersecurity Awareness Training So Important?

User awareness is a fundamental part of effective cybersecurity. It can protect your organisation from a range of threats.

The fact is that a majority of cybersecurity services offered today include the best in vital technologies, from firewalls to anti-malware to data encryption and more. However, as important as this technology is, on its own, it simply isn't enough.

Much of cybersecurity is dependent on the user, and as such it's vital that you properly educate your employees and volunteers in safe conduct. The more your workforce knows about the security measures you have in place, the more confidently they can use the technology in a secure manner.

CyberUnlocked Will Train Your Staff To Protect Your Business

Our employee security training services offer a range of critical features and components, all of which helps to make your staff more aware of the threats they face at work every day:

Baseline: We provide baseline simulated phishing attacks to determine the starting point of your organisation and provide a training plan.
Train Your Users: Succinct, easily consumed courses increase employee attentiveness and the overall effectiveness of cybersecurity education programs. The majority of our current training courses take 10 minutes or less to complete and all involve the employee by being informative and interactive.
Phish Your Users: We offer realistic phishing simulations that let you test and measure real-world employee cyber-awareness and training effectiveness. Results allow us to customise further campaigns to employees as needed.
See the Results: Activity reports can be shared with management to measure progress, risk score and ROI. Training reports show user progress, so accountability and value are always clear.

Phishing and credential theft are the number one tactics used in breaches, with user error being more common than malware as the causal factor. With our training, you can significantly reduce the odds of employees taking the bait.

We Will Train Your Team To Be Cybersecurity Experts

The good news is that you don’t have to handle cybersecurity training for your team by yourself — CyberUnlocked is here to help. With our expert assistance, your staff will contribute to your cybersecurity, not compromise it.

The State Of Ransomware In Australia

Thu, 05 Aug 2021 06:13:39 GMT

The Current State Of Ransomware In Australia

It feels like ransomware attacks make headlines every few days at this point — is this the start of a dangerous trend in Australia?

What used to be simply one threat present in the cybercrime landscape has now become the most clear and present danger to modern businesses, and the country as a whole. Telstra estimated that cyberattacks cost the national economy $3.5 billion in 2020.

Ransomware is a key contributor to that total. Don’t assume we’re exaggerating this for effect — experts estimate that a ransomware attack will occur every 11 seconds in 2021. In Australia alone, there has been a 60% increase in ransomware attacks in the past year.

Do you understand the true nature of the threat of ransomware?

The Growing Threat Of Ransomware In Australia

Australian businesses have become especially easy targets for ransomware attacks, which has led to a series of devastating incidents in the past year:

JBS Foods pays $14 million in response to ransomware infection.
Logistics company Toll Holdings is attacked twice in as many months.
Nine Entertainment is taken offline by ransomware attack.

Attacks like these have prompted The Cyber Security Advisory Committee to consider ransomware one of the most serious growing threats to Australian businesses. They are advising owners and managers to think more carefully about both their defensive strategies, as well as their policies for dealing with ransom payments once infected.

The Threat Of Ransomware Is Evolving

Just a few years ago, ransomware wasn’t as big of a concern. While high-profile incidents like the WannaCry attack on the NHS were concerning, they were far and few between. If you had a recent backup of your data in place, you could rely on that to replace your data in the event it was encrypted by ransomware.

Since then, however, the way cybercriminals use ransomware has evolved. They have improved their tactics and capabilities, allowing them to do much more damage, and demand much more money. Characteristics of modern ransomware attacks include:

Expanded Timelines: Sophisticated attackers sneak ransomware into a breached network and then lay dormant for weeks or months, ensuring their method of entry isn’t discovered right away. This gives them time to embed themselves, steal data, and more, all before they actually activate the ransomware and infect the systems. Without undertaking extensive forensic processes, an infected business won’t know how far back they need to go to back up their systems. Or, even worse, it will be so far back that they’ve already expunged those backups to make room for more recent versions.
Improved Capabilities: Modern forms of ransomware can even target and infect backup hard drives and cloud-based data if the connections are left unsecured. That’s why cybersecurity professionals are now recommending digitally-air-gapped backups as well.

Given the effectiveness of modern ransomware attacks, defensive methods and best practices from just a few years ago are already losing feasibility.

4 Important Lessons To Learn From Recent Ransomware Attacks

The most important lessons we can learn from the recent attacks on JBS and Toll Holdings are the following:

Big Targets Require Comprehensive Protection: More emphasis should be made on protecting critical infrastructure such as organisations that process and provide fuel, power, and other vital resources for life and economic survival.
Secure Network Configuration: Business leaders need to re-evaluate which machines absolutely need to be on the network, and if so, whether they can be isolated from all other networks, especially in terms of exposure to the Internet.
Assess, Improve, And Repeat: Those in charge need to re-evaluate the security measures that are in place currently and immediately remediate any weaknesses found.
Accept The Reality Of Cybercrime: It is not a question of "if it happens", but "when it happens”. Is the business positioned to recover quickly and efficiently, and avoid extended periods of downtime or the access to or production of critical resources?

How Is Australia Responding To The Increased Rate Of Ransomware Attacks?

In order to address the rising tide of cybercrime activity in Australia, the Australian Federal Police (AFP) has put together a joint task force. Dubbed “Operation Orcus”, this coalition of Austrac, state and territory police agencies, the Australian Criminal Intelligence Commission (ACIC), the Australian Cyber Security Centre (ACSC), and other industry partners aim to mitigate the threat of ransomware and other cybercrime tactics

Operation Orcus will both gather intelligence on cybercrime methodologies and endeavour to actively disrupt cybercriminal activity in Australia. They will target known cybercriminal groups that use ransomware, and help to further mitigate the extensive damage it has caused in recent years.

How Do You Protect Your Business?

It is recommended that organisations continue to be vigilant when it comes to safeguarding systems and educating employees. Not every organisation is the same. Similarly, the risks within each organisation are different.

Two key areas of focus to reduce your organisations’ risk from ransomware attacks include:

Conducting a cyber risk assessment along with a vulnerability scan of your systems provides you with the starting blocks to plan and resolve your risks to ransomware.
Ensuring employees receive proper awareness training and that prevention controls are in place and comprehensive.

You Can’t Ignore Ransomware And Hope It Goes Away

In summary, there will never be a way to be 100% protected from an attack, or worse, an actual breach. However, by implementing the proper security measures, training, and constant re-evaluation of these security measures, the risk of being infected with ransomware can be dramatically reduced.

Get in touch with the CyberUnlocked team to discover more about developing a modern ransomware defence.

Unprotected Cloud Database Leaks 800 Million WordPress Users’ Data

Sun, 25 Jul 2021 13:25:01 GMT

Unprotected Cloud Database Leaks 800 Million WordPress Users’ Data

An improperly configured cloud database has exposed more than 800 million users’ account info.

A US hosting provider has accidentally leaked the account information of well over 800 million WordPress users. The company, DreamHost , failed to protect the cloud database with a password, leaving it wide open for cybercriminals to breach.

The data, dating back to 2018, was discovered online and traced back to the managed WordPress hosting provider. The 86GB of data included information from 814 million users, such as login location URLs, first and last names, email addresses, usernames, roles, host IP addresses, timestamps, and configuration and security information.

Even more concerning was that some of the account information involved users with .gov and .edu domains. Fortunately, the database was secured just hours after its discovery.

The concern is that this data was accessible to the public for an unknown period of time. That makes it likely that malicious third parties could have accessed it, stolen the data, and can now use it for phishing campaigns.

The right cybercriminal could use this data to target and harass users with spam, and subsequent hacking attempts. A data set this large, including names and emails, would be a very effective foundation for a massive phishing campaign.

What Should You Learn From This Breach?

This is yet another reminder of why basic cybersecurity processes are so important. While passwords are not the end-all, be-all of cybersecurity, they’re still a critical part of developing an effective defence.

If your data was exposed in this breach, be prepared for more targeted phishing attacks against you. Social engineering scams like phishing use manipulation and deception to target individuals with the goal of getting them to give up sensitive information or complete a task that benefits the hacker's end goal.

Here are a few best practices to mitigate the risk of social engineering:

Proper Password Management : Make password security a top priority, and enforce individual accountability for the safety of all end-user accounts
Two-factor Authentication : Use secondary confirmation methods in addition to passwords to add an extra layer of protection to accounts and devices
Endpoint Protection/Anti-Phishing Defences : While these precautions can't make up for a lack of diligence on your employees' part, they're a good place to start and a necessity for basic cybersecurity.
Standard Protocols For Requests : Have set steps in place for management to follow when asking for information or access from employees. If your employees have a clear idea of how these interactions should look, they're less likely to be fooled by a hacker posing as their supervisor

As always, stay vigilant and aware. The better you stay up to date with the latest cybercrime events and trends, the better prepared you’ll be to defend against them.

Ransomware Attack Will Cost Health Service Executive Up To $600 Million

Fri, 16 Jul 2021 13:20:39 GMT

Ransomware Attack Will Cost Health Service Executive Up To $600 Million

Recovery from the massive ransomware attack in May 2021 will cost the Irish healthcare system well over half of a billion dollars.

Health Service Executive (HSE) is reporting that the May ransomware attack on their systems will likely cost them as much as $600 million . HSE’s director general Paul Reid provided the estimate in a recent hearing with Ireland’s legislative body, Oireachtas.

The publicly funded healthcare system was first infected with ransomware on May 14, and the ensuing ordeal levied a series of expenses on HSE. At first, the immediate costs of response and recovery came to approximately $120 million. Ongoing upgrades and replacements in the following months would cost as much as $480 million. This expense also included the hiring of technical experts to consult on the process and manage remediation.

How Did The Ransomware Attack Occur?

On May 14, staff noted that the IT network at a maternity hospital in Dublin had been infected with ransomware. As they investigated the extent of the attack, it became clear that the attack could have affected the full range of HSE systems throughout Ireland. The HSE chose to shut down all systems while they attempted to deal with the attack. The cybercriminals responsible (Conti) demanded a $19 million ransom, which HSE declined to pay.

How Does Ransomware Cause So Much Damage?

Cybereason recently conducted a survey of 1,263 cybersecurity professionals to study the real-world effects of ransomware. There are a number of key costs that will come with a ransomware attack, including:

Ransom : This is the most obvious cost, and it just keeps going up. According to cybersecurity company Coveware, what was an average ransom of $6,733 in 2018 has increased to $12,672 in 2019. As of this year, Cybereason reports that 35% of respondents who paid a ransom said it cost them between $350,000 and $1.4 million; 7% paid more than $1.4 million.
Loss Of Revenue: Beyond the actual ransom paid, targets also noted a loss in business as well. 66% of respondents in the Cybereason study reported that their organisations were hit by major losses in revenue due to a ransomware attack.
Downtime : As Kaspersky notes, 34% of businesses hit by ransomware take up to a week to regain access to data. In that week, you’re still incurring costs associated with downtime while you and your staff can’t access your data.

That’s time in which you can’t get work done, can’t serve your clients, can’t gain new business, and yet, still have to pay your employee wages and ongoing costs to keep the lights on.
Reputational Damage: Current and future clients will think twice about working with a company that was infected by ransomware. A little over half (53%) of Cybereason’s respondents reported suffering brand and reputation damage because of ransomware.
Personnel: The fallout of a ransomware attack can often lead to loss of staff as well, either as a matter of damage control (laying off responsible C-Level executives) or as a response to lower revenue (layoffs). 32% of those polled by Cybereason reported that C-suite members left their organisation, and 29% of the organisations surveyed had to lay off employees
Remediation: Lastly, there’s the cost of damage control. Do you have to hire an IT company to help you out? Do you have to hire a forensic cybersecurity crew to determine how you were attacked? Do you have to pay fines for breaching regulations? These all get added to the bill for getting hit by ransomware.

Finally, there’s always the chance that all these costs combined will spell the end for the business in question. According to Cybereason, 26% of respondents had to close their businesses for good.

How Do You Protect Your Business?

Two key areas of focus to reduce your organisations’ risk from ransomware attacks include:

Conducting a cyber risk assessment along with a vulnerability scan of your systems provides you with the starting blocks to plan and resolve your risks to ransomware.
Ensuring employees receive proper awareness training and that prevention controls are in place and comprehensive.

What Would Happen If You Were Infected With Ransomware Right Now?

Do you have a plan? Are your system endpoints protected? Are your backups recent, tested, and viable?

It’s a mistake to assume that just because you haven’t been hit by ransomware yet, that you won’t be anytime soon. You may think you can put off investing in effective cybersecurity support, but without warning, you may get hit.

Don’t assume you’re safe — working with the CyberUnlocked team, you’ll know for sure.

700 Million LinkedIn Users’ Data Posted For Sale Online

Mon, 05 Jul 2021 13:14:38 GMT

700 Million LinkedIn Users’ Data Posted For Sale Online

A massive data breach has resulted in the data from 700 million LinkedIn accounts being shared online for sale.

Cybersecurity researchers have discovered that 700 million LinkedIn users’ data has been posted for sale online.

Advertised on the popular cybercriminal website RaidForums, the data includes full names, genders, email addresses, phone numbers and industry information for hundreds of millions of users, making it an even more serious security breach than a similar incident back in April of this year.

How Did Hackers Steal This Data?

It is unclear as to how the hacker in question obtained this data, but cybersecurity experts believe it may be the result of “data scraping”. This is a process in which a hacker will siphon public information from the Internet, and package hundreds of thousands or millions of users’ info together for sale.

According to LinkedIn, there have been no recent breaches of their network that could have led to this incident:

“We want to be clear that this is not a data breach and no private LinkedIn member data was exposed. Our initial investigation has found that this data was scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping update.”

The good news is that data scraping doesn’t give cybercriminals access to passwords, credit card info, or other protected types of sensitive data. Unfortunately, however, the right buyer could use this data to target and harass users with spam, and subsequent hacking attempts. A data set this large, including names and emails, would be a very effective foundation for a massive phishing campaign.

What Does This Breach Mean For You?

This is yet another reminder of why cybersecurity training and awareness are so important. The fact is that data scraping incidents and subsequent sales are commonplace (but rarely at this scale). This is how hackers get your contact info and target you in social engineering scams.

Social engineering uses manipulation and deception to target individuals with the goal of getting them to give up sensitive information, or complete a task that benefits the hacker's end goal.

Here are a few best practices to mitigate the risk of social engineering:

Proper Password Management : Make password security a top priority, and enforce individual accountability for the safety of all end-user accounts
Two-factor Authentication : Use secondary confirmation methods in addition to passwords to add an extra layer of protection to accounts and devices
Endpoint Protection/Anti-Phishing Defences : While these precautions can't make up for a lack of diligence on your employees' part, they're a good place to start and a necessity for basic cybersecurity.
Standard Protocols For Requests : Have set steps in place for management to follow when asking for information or access from employees. If your employees have a clear idea of how these interactions should look, they're less likely to be fooled by a hacker posing as their supervisor

Above all, it's important to build and maintain a culture of awareness. Make sure you have the knowledge and tools needed to spot a potential threat — that way, you'll be making it that much harder for a hacker to compromise your security.

Insights from Australia Cybersecurity Breach on JBS

Sun, 27 Jun 2021 22:34:24 GMT

Insights from Australia Cybersecurity Breach on JBS

According to a recent cybersecurity report, at least seven other companies in Australia are among those affected by the JBS Meat ransomware attack. The cybercriminal group REvil acknowledged responsibility and went ahead to post a list of other affected companies.

The list includes:

A mental health organisation
A consultancy agency
An accounting practice
A legal practice
A liquor group collective
An online retailer
A chemical packaging entity

The ransomware that facilitated the attack on these organisations was reportedly created by the ransomware-as-a-service provider known as Pinchy Spider. In the current digitized environment, cybercriminals are enjoying a great time, and the service is making it easy for threat actors to deploy such costly attacks.

According to a recent Forbes report, the global increase in cyberattacks like ransomware results from the ease and affordability of launching such attacks. It's now easier than ever to access off the shelf malware, and anyone can become a cybercriminal provided they have something in their cryptocurrency wallet.

How Ransomware Works

The most common approach used by threat actors to access company systems and deploy ransomware attacks is malicious emails with infected links or attachments that unsuspecting employees may click on and unknowingly initiate attacks. They may send the emails to targeted persons in specific organisations or millions of potential victims.

Once the threat is initiated, the attacker will then inform the organisation that their data is encrypted and must pay promptly to access the decryption key. The payments are primarily in cryptocurrency form to shield the threat actor's identity. If you fail to pay within an initial period, they may shamelessly increase the ransom and threaten to delete or sell your data.

These arrangements don't have good faith negotiations, so there's no guarantee that the criminal will help you decrypt the data after payment.

Usually, ransomware contains extraction capabilities that make it easy for criminals to access and steal critical data like log-in credentials. As a result, stopping the attack can be a serious business, and the government has already initiated the proper steps to curb the menace.

The Security of Critical Infrastructure Act 2018 will be helpful in this area. Once passed, the law will require different organisations to report any ongoing and current cyber incidents to the government, allowing it to create a consolidated picture of the attacks' nature and activity level.

But before the legislation comes into effect, you must implement the correct best practices to secure your systems from ransomware and deter threat actors.

Cybersecurity Best Practices to Protect Against Ransomware

Ransomware can be deployed in different forms, and the implications vary. So there's no standard procedure used by business to ward off criminals. Fortunately, the following primary steps will help protect your business from ransomware attacks:

Don't click on that link! – This is pretty straightforward, but most people forget it. Avoid clicking links or opening documents from unknown email addresses. This should be included in the staff training schedules as well.
Zero trust model – Migrating to the zero-trust approach enhances your network visibility and control. This encompasses steps like traffic evaluation, asset prioritisation, adaptive monitoring, and microsegmentation.
Keep secured backups – There's no honour among thieves, and paying the ransom doesn't mean a cyber-attacker will keep their promise. With secure, up to date data backups, you'll quickly resume operations.
Establish endpoint and email protections – To prevent unsuspecting staff from making common mistakes, ensure all emails are scanned and deploy endpoint protection and firewalls.
Implement a strong password policy – Simple and guessable passwords are among the most significant vulnerabilities, but a well-defined and comprehensive password policy will reduce the risk.
Partner with a cybersecurity expert – A reliable IT security partner will address all your vulnerabilities and risks while you focus on core functions.

CyberUnlocked is your trusted Australian-based cybersecurity partner with all the technology and expertise to help you navigate the murky waters. Speak to us to discover our comprehensive cybersecurity services.

Protecting Australian Cybersecurity Assets

Fri, 18 Jun 2021 22:41:56 GMT

Protecting Australian Cybersecurity assets - CyberUnlocked works with ACSC, AUCyberscape and IOTAA

CyberUnlocked is a Network Partner of ACSC and collaborates on cyber security issues with the Joint Cyber Security Centres. The Australian Cyber Security Centre (ACSC) leads the Australian Government’s efforts to improve cyber security.

ACSC is part of the Australian Signals Directorate (ASD), and performs the following functions in performing their role to help make Australia the most secure place to connect online.

Monitors cyber threats across the globe and when there is an incident provide advice to individuals, businesses and critical infrastructure operators
Provides guidance on cyber protection through their Mitigation Strategies
Works with business, government and academic partners and experts like CyberUnlocked in Australia and overseas to investigate and develop solutions to cyber security threats
Has a national footprint of Joint Cyber Security Centres (JCSC) to collaborate with industry, government and academic partners on current cyber security issues.
Work with law enforcement authorities to fight cybercrime.

CyberUnlocked is fully aligned with the ACSC mission - Cyber security is everyone’s responsibility. Let’s work together to make Australia the most secure place to connect online.

CyberUnlocked joins ‘Cybersecurity & Network Resilience’ workstream of the Internet of Things Australia Alliance (IOTA)

IoT Alliance Australia (IoTAA) is the peak industry body representing the Internet of Things (IoT) in Australia. Its purpose is to accelerate IoT innovation and adoption within Australia through collaboration across industry, government, research and communities.

CyberUnlocked recognises the importance of securing the contribution IoT will have to the future of Australia and the world by connecting data, devices, people, processes and things to the Internet. CyberUnlocked is a member of the ‘Cybersecurity & Network Resilience’ workstream at the IOTA. This workstream develops security guidelines for IoT service elements, including data protection.

This workstream purpose is to:

Provide an IoT interpretation of current and future regulatory security proposals
Develop and maintain security guidelines for IoT
Maintaining the IoT sectors reference guide to global market regulation

CyberUnlocked is part of Australia’s national cyber security digital ecosystem AUCyberscape

AUCyberscape is Australia’s first national cyber security digital ecosystem, showcasing Australian cyber capability and the abundance of Aussie-owned companies that are putting the region on the map as a global hub for innovation in cyber security technology.

The delivery of AUCYBERSCAPE is a partnership between the Australian Cyber Security Growth Network (AustCyber), Insurance Australia Group (IAG) and the State and Territory Governments of the Australian Capital Territory, New South Wales, Queensland, South Australia, Tasmania, Victoria and Western Australia.

CyberUnlocked through its contribution to AUCyberscape is looking forward to building Australia’s cyber security capabilities.

Cybersecurity Vulnerabilities in 2021

Fri, 11 Jun 2021 22:28:57 GMT

Overview of the Cybersecurity Vulnerabilities in 2021

Technology has incalculably transformed the 2021 business landscape. Task automation, artificial intelligence, IoT (the Internet of Things), and cloud computing are now more advanced than ever. As a result, companies operating under coronavirus-induced remote structures are getting considerable value.

However, the continuously advancing technology also comes with increased cybersecurity risks and threats targeting both established and growing companies.

Common Cybersecurity Vulnerabilities

Here are the common cybersecurity loopholes and threats for organisations in 2021:

Cloud Threats

In the current remote workspaces, it's near impossible for distributed teams to manage their tasks and maintain constant communication without leveraging SaaS platforms and cloud applications. But this rapid migration has come with a plethora of cybersecurity challenges and threats.

Common issues with cloud usage include poor storage configuration, limited control and visibility into devices and apps, deleted or incomplete data, vulnerable could apps, and cloud phishing attempts.

Credential Theft

Threat actors are now stealing victims' credentials or identity to access all their private and professional accounts. This allows them to reset passwords, lockout the owner, access devices on the network, download sensitive data, and wipe backups and data entirely.

Attackers leverage the highly efficient yet inexpensive phishing scams to access systems and data. They may also search for your employees' social media pages for contact information that may help them access critical information.

Ransomware

Ransomware is among the most reported incidences in this highly connected and digitised era. Cyber attackers use this malware to access organisation and personal files and encrypt them, then demand payment to authorise the victim's access. Staff may unknowingly download the malware through downloadable apps, email attachments, malicious websites, and social media links.

The compromised files are now the hostage, and they'll benefit from your need to recover your digital assets. Besides the financial loss, this could damage your reputation and compromise your data.

Endpoint Threats

Remote workstations have a higher risk of endpoint threats. On-site workers' endpoint devices are usually safe from external threats using established firewalls and closed networks. This perimeter security is mostly missing at home, and attackers have realised that staff work without the vital cybersecurity layer.

Poorly secured VPNs, unpatched remote computers, and cloud solutions that lack multi-factor authentication are the most vulnerable endpoints used by attackers to access unsecured systems.

Mobile Menace

The coronavirus pandemic period has also seen a substantial surge in mobile threats, a trend that cybersecurity leaders expect to last. These threats range from exclusive software capable of snooping on encrypted messaging apps to attackers exploiting vast security vulnerabilities in Android devices.

Architectures that lack mobile-focused security solutions can be at significant risk, and hackers might use vast loopholes to access their "de-perimeterised" networks.

With all these threats and vulnerabilities constantly targeting businesses in Australia and globally, companies must deploy robust cybersecurity tools and effective policies.

How to Navigate The 2021 Cybersecurity Threat Landscape

The following best practices will protect system and data and keep your IT functions ahead of the constantly advancing cyber threats:

Minimise data transfers – It may be hard to limit the transferring of files across devices, but you can always pay attention to the devices containing sensitive data and limit transfers from them.
Download source verification – Before downloading anything, staff should continually evaluate the source or website from which they're downloading to detect false links and malicious sites.
Regular updates are vital – Software developers constantly update their solutions with advanced security capabilities to beat adept hackers. So always update your software to boost security.
Use encryption where possible – Encryption is a great way to limit access by unwanted individuals. But where it's not possible, you can leverage the password protection alternative.
Always stay vigilant – Use reliable breach monitoring tools to detect suspicious activity and inconsistencies in your data. These solutions offer real-time data theft prevention.
Have a comprehensive plan – Hackers are an intelligent lot, and breaches always happen. That's why it's essential to have a company-wide, codified strategy to limit the damage extent and reverse the harm.

You're in Safe Hands

The constant changes in the tech landscape aren't new, but the phenomenon has certainly reached unprecedented heights right after the novel coronavirus hit the headlines. However, the advancement has come with lots of cybersecurity challenges and risks for businesses of all sizes.

You don't have to struggle through the risks alone. CyberUnlocked is here to relieve you of the burden. Reach out so we can begin working on your cybersecurity plan.

Risk Assessments By CyberUnlocked

Fri, 04 Jun 2021 22:20:39 GMT

Risk Assessment Services By CyberUnlocked

Cybersecurity risk assessments involve understanding, controlling, managing, and mitigating your organisation's cyber risks. It's a vital component of your data protection and risk management strategy.

As organisations continue to leverage information systems and technology for daily business operations, the potential risks increase, most of which didn't exist prior.

The process is complex, especially if you have limited ICT knowledge. Fortunately, CyberUnlocked can help you manoeuvre the challenges through personalised cybersecurity guidance and risk assessment services.

Forms of Risk Assessment Services

CyberUnlocked offers the following Risk Assessment Services:

External Vulnerability Scan

Resources that can be publicly accessed over the internet are constantly at risk of attacks. So you must scan your systems continuously. CyberUnlocked offers comprehensive checks for your business data at the surface, deep, or in the dark web.

We test for data leakages and the areas vulnerable to attacks such as DDoS (Distributed Denial-of-Service attack) and flaws in SSL (Secure Sockets Layer) or TLS (Transport Layer Security) implementation.

Cyber Risk Assessment

We can boost your organisation's cyberattack preparedness by benchmarking your cybersecurity structure against the recommended NIST cybersecurity framework. You'll get a budget-friendly, enhanced action plan that can reduce vulnerabilities, handle common risk, align with NIST, and enhance your security posture.

Our framework covers the following:

Identification of your company assets
Protecting the assets
Detecting events and anomalies
Responding with an effective mitigation plan
Recovering systems and data, then making improvements
Aligning with NIST and ACSC Essential Eight

Internal Vulnerability Scan

Though some systems don't expose services or ports to the internet, they still have weaknesses identified and addressed via internal network vulnerability assessments. CyberUnlocked will address vast attack scenarios that evade external vulnerability scanners and offer an all-inclusive report on vulnerabilities within your network.

We also identify wrongly configured software, common mistakes, and any ignored security best practices.

Website and Web Application Vulnerability Scans

We conduct web application vulnerability scans to identify cybersecurity loopholes on your website and web applications. Threat actors can use numerous weaknesses to access your assets, attack users, or compromise your organisation's web server.

We look out for common exploits like sensitive data exposure, SQL injection, directory traversal weaknesses, and cross-site scripting. We also evaluate your hosting infrastructure's misconfigurations.

Cloud Workload Susceptibility Assessments

More organisations and business establishments rely on cloud computing services like Azure, Google Cloud, and AWS for web-based and internal applications. These solution providers offer advanced tools to secure your data, but you also need a constant evaluation of your threat environment.

CyberUnlocked experts will continually assess your cloud workloads for the ultimate system visibility and identify vulnerabilities in real-time.

Penetration Tests

Contrary to common misconception, vulnerability assessments and penetration testing are two different concepts. The processes are related, but they serve distinct purposes. Both small and established entities are at risk, and our comprehensive penetration test can identify and highlight particular exploits. This improves your security and serves compliance purposes.

Supply Chain Risk Assessment

Cybercriminals are increasingly targeting less-secure companies in the supply chain as a means to launch an attack on better-prepared organisations. Identifying risks and vulnerabilities associated with your suppliers, manufacturers, distributors, and retailers is becoming as important as keeping your own organisation secure.

The primary reason is that businesses lack robust processes for identifying and successfully managing evolving supply chain risks.

CyberUnlocked offers external vulnerability assessments on vendors or partners to identify any potential risks.

Compliance Reporting

Every industry has specific regulations and standards that bind organisations. Violations usually result in heavy penalties or even complete shut-downs. Businesses that partner with government organisations and those in particular industries like finance or healthcare will find our compliance reporting helpful. We cover regulations such as GLBA, HIPAA, CMMC, NIST CSF, and PCI DSS.

Our Continuous Monitoring Risk Assessment Approach

CyberUnlocked acknowledges risk management as a continuous process. Our approach focuses on ongoing monitoring and regular risk re-assessment to offer visibility on how the enhancements impact your system. We also evaluate your system for any new cyber threats, risks, and weaknesses.

Why partner with CyberUnlocked?

Every agency promises comprehensive risk assessments, but not all of them offer unmatched services as CyberUnlocked does. Our risk assessments are flexible to match your needs, and we leverage a prioritised strategy that focuses on what matters. We also insist on constant monitoring and continuous improvement that offer measurable benefits to your security structure.

Reach out, and we'll answer your questions.

How CyberUnlocked Manages Data Privacy & Compliance

Sun, 23 May 2021 23:24:31 GMT

The margin for error in business is razor-thin when it comes to compliance and data security. Especially in light of the many compliance systems — FINRA, HIPAA, PCI-DSS, CMMC, and more — it's more important than ever that you confidently manage your compliance practices.

The fact is that as technology changes so do the regulations that govern it. Whether you have to stay compliant with PCI, HIPAA, or another set of strict regulations, you need the right technology and support to keep up with changing regulations.

CyberUnlocked can help.

We’re often asked how we meet our cybersecurity and data privacy compliance obligations. While some customers see compliance and regulation as a burden to the business, the fact is that meeting local compliance regulations is a good way to kill two birds with one stone – you both reduce your organisation’s cybersecurity risks, while also avoiding hefty fines and charges resulting from non-compliance.

What Are The Compliance Obligations That I Need To Meet?

The compliance systems you’re subject to will depend on the country (and even state) in which you operate, as well as which industry you’re a part of.

Compliance In Australia

For businesses in Australia, the potential reputational and financial risks associated with cybersecurity and data breach incidents are very real. Regulators closely monitor data protection and privacy law compliance on a global basis, as do tech-savvy customers.

That’s why cybersecurity is no longer just an IT issue — it must be proactively managed by organisations and their boards across all aspects of a business’ operations. It involves all parts of a business: people, processes and technology.

In February 2018 the mandatory data breach notification regime was introduced in Australia as part of the Privacy Act 1988 (Cth), making businesses publicly accountable for “eligible data breaches” where the access, disclosure, or loss of data is likely to result in “serious harm” to the relevant individuals.

In Australia, while there is no specific cybersecurity compliance that must be met, the government’s cybersecurity experts have identified eight fundamental mitigation strategies designed to help limit an organisation’s exposure to the vast majority of cyber threats, known as “The Essential Eight.”

The Essential Eight Maturity Model is a set of prioritised mitigation strategies developed by the Australian Cyber Security Centre to assist businesses in addressing and eliminating cybersecurity vulnerabilities. These strategies are drawn from the Strategies to Mitigate Cyber Security Incidents, the main ones being the Essential Eight.

In a nutshell, it’s a rather simple rubric that you can follow to make sure that all your bases are covered when it comes to cybersecurity. In addition to listing the technical aspects of cybersecurity that you should address and verify, it also provides a system by which to rate your adherence to the system.

Meant to help businesses better track how well they are following the Essential Eight Maturity Model, these levels are clearly defined in line with each of the Eight strategies. The maturity level definitions are as follows:

Maturity Level One: Partly aligned with the intent of mitigation strategy.
Maturity Level Two: Mostly aligned with the intent of mitigation strategy.
Maturity Level Three: Fully aligned with the intent of mitigation strategy.

The eight strategies included in this rubric are a subset of the Australian Cybersecurity Centre’s 37 Strategies to Mitigate Cybersecurity Incidents and form a strong baseline of protection.

As a Network Partner of the Australian Cybersecurity Centre, CyberUnlocked has the expertise and know-how to get organisations to meet the ACSC’s mitigation strategies. All our cybersecurity packages are designed to meet the Essential Eight mitigation strategies.

Compliance In The United States

In the US, compliance is much more complicated. There is no single overarching regulation, so it depends on where you operate, and in what field.

Industry-Specific Compliance

Healthcare: The Health Insurance Portability and Accountability Act (HIPAA) was introduced in 1996 and amended by High Tech Act 2013. It applies to the operations of members and vendors in the healthcare industry, in order to maintain the security of Protected Health Information (PHI). HIPAA becomes more complicated because it changes on a state-by-state basis. That means that you have specific breach notification regulations, depending on which state you operate in.
Financial Services: The Gramm-Leach-Bliley Act (GLBA) of 1999 was an attempt to update and modernise the financial industry. It was brought into effect during the Obama administration. GLBA requires financial institutions offering consumers loan services, financial or investment advice, and/or insurance, to fully explain their information-sharing practices to their customers. Firms must allow their customers the option to "opt-out" if they do not want their sensitive information shared.
Defence Contractors: Introduced in November 2020, The Cybersecurity Maturity Model Certification (CMMC) is the DoD’s way of certifying its contractors’ abilities to protect the Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) shared within the supply chain. CMMC builds upon the requirements set out by Defense Federal Acquisition Regulation Supplement (DFARS), Code Of Federal Regulations (CFR) and National Institute of Standards and Technology (NIST) guidelines (namely, 1300 901 835 of the latter). The DoD has implemented a basic set of cybersecurity controls through DoD policies and DFARS. These rules and clauses apply to the safeguarding of contractor/supplier information systems that process, store or transmit CUI. These security controls must be implemented at both the contractor and subcontractor levels based on information security guidance developed by the National Institute of Standards and NIST Special Publication 1300 901 835, "Protecting Controlled Unclassified Information in Non-federal Information Systems and Organisations". U.S. DoD contractors or their subcontractors who collect, store, or transmit Covered Defense Information (CDI) or CUI must comply with NIST regulation 1300 901 835 and DFARS 1300 901 835.

General Business & Other Compliance Systems

Data Privacy In Business: T he Federal Trade Commission Act (FTCA) of 1914 is one of the oldest legislations in the country. It is primarily concerned with ensuring businesses do not misrepresent their privacy and data security. The FTC wields very broad power and oversees business across the country. For an example of how serious FTCA issues can be, consider that, in 2019, Facebook paid $5 billion to the FTC for failing to achieve an acceptable level of accountability and transparency. Education: The Family Educational Rights and Privacy Act (FERPA) of 1974 regulates the access to educational information and records by public entities such as potential employers, publicly funded educational institutions, and foreign governments.
Children’s Privacy: The Children's Online Privacy Protection Act (COPPA) of 1998 imposes certain requirements on operators of websites or online services directed to children under 13 years of age and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.
Financial Transactions: The Payment Card Industry Data Security Standard (PCI-DSS) applies to your business if you handle cardholder information for debit, credit, ATM, e-purse, POS, and prepaid cards. PCI requires card issuers and holders to retain an audit trail history for a time period that’s consistent with its effective use and legal regulations. It’s necessary to undergo PCI compliance auditing to ensure your customers' data is protected during credit or debit card transactions. If your business is non-compliant, banks and credit card institutions can impose fines anywhere from $5,000 to $500,000. Bank fines are based on the research they perform to remediate your non-compliance. Credit card institutions impose fines as a punishment for non-compliance, and they may enforce a timeline of increasing fines.
Security Standards: Founded in 1901, The National Institute of Standards and Technology (NIST) is a non-regulatory federal agency within the U.S. Department of Commerce. NIST provides invaluable guidelines for maintaining adequate cybersecurity standards. While NIST regulations were once used to oversee the DoD contracting sector, they have recently been replaced with CMMC. However, NIST cybersecurity standards remain a reference for many businesses in a range of industries. In addition to other resources, NIST's Cybersecurity Framework consists of standards and practices to promote the protection of critical IT infrastructure.

State Specific Compliance Systems

California: The California Consumer Privacy Act (CCPA) took effect on January 1, 2020. This privacy act dictates consumer rights and company responsibilities in relation to collected consumer data. The law, AB 375, allows any California consumer to demand to see all the information a company has saved on them, as well as a full list of all the third parties that data is shared with. The law also allows consumers to sue companies if the privacy guidelines are violated. It’s important to note that consumers can take legal action, even if no breach has occurred.
Illinois: The Biometric Information Privacy Act (BIPA), enacted on October 3, 2008. guards against the unlawful collection and storing of biometric information. Noncompliance fines can be steep — Facebook settled for $650 million as a result of alleged violations of BIPA.
New York: In effect since March 21, 2020, the New York SHIELD Act is designed to make sure that organisations do their due diligence to protect the private data they access that belongs to residents of New York state. This means implementing a range of cybersecurity safeguards, and, in the event of a failure, facing severe non-compliance fines.

Privacy & Compliance Trends Around The World

GDPR: The General Data Protection Regulation (GDPR) is an internet privacy law that affects all internet business worldwide. All businesses, small or large, and even entrepreneurs who do business on the Internet with consumers located in the European Union need to be aware of how the law affects them. It doesn't matter if your company is inside the EU, or anywhere else in the world. If you do business with anyone in the countries covered by GDPR, you must comply with it.
Privacy As A Right: As the world has become more and more digitised, countries around the world have begun to see digital information privacy as a basic human right. Personally identifiable information (PII) — any data that could potentially identify a specific individual — is gaining protection via similar laws and legislation in virtually all developed countries worldwide.
Compliance In The Workplace: As compliance has become an expected part of business processes, related roles in the workplace have become more common. You can expect to see “Data Protection Officer” positions become a regular part of the business world as data compliance regulations continue to evolve.
Compliance As Competition: Maintaining compliance and security isn’t just a matter of avoiding fines and consequences — doing so actually adds value to an organisation as well. As consumers become more knowledgeable about the importance of their data privacy, they will seek out companies that have better track records in terms of data security and compliance.

The Raising Stakes Of Noncompliance

As the worldwide data privacy culture develops, penalties for noncompliance are becoming more severe:

In Singapore and Brazil, monetary fines are scaled according to the infringer’s revenue.
In Switzerland and South Africa, those held responsible for data breaches can face criminal sanctions, in addition to conventional fines and consequences.

The Future Of Cybersecurity & Compliance

As both technology and data privacy compliance systems evolve, it’s important to look ahead and consider what steps you will need to take to keep up:

Data Inventory Management: You have to make sure you know where data is stored, where it is accessed from, and who has access to it. Each and every part of this chain could trigger legal obligations. Take inventory of your servers, data centres, vendors, and staff members based on their permissions and access levels. This reduces the data that can be stolen in a breach.
Data Centralisation: Separate data in separate departments can be difficult to manage while maintaining compliance. It’s smarter to centralise your data, eliminate redundancies, and reduce your storage requirements (and associated costs).

Common Compliance Mistakes You Need To Avoid

Don’t Over-promise: It can be easy to over-promise when developing your privacy notice. If you say you’ll comply with every single system, then you have to. Failure to comply with a given system that you promised you would leaves you open to an audit by the FTC.
Avoid Inconsistency: Don’t make the mistake of constantly changing the way you assess and manage your cybersecurity. A given organisation may start with daily penetration tests, then move to vulnerability scanning, and so on. While this may be effective, it doesn’t look good to regulators. They want to see systematic improvements with processes and practices that are consistent across the entire organisation.
Maintain Detailed Documentation: As mentioned above, be careful about what you include in your privacy notice. Anything you do include needs to be documented and demonstrated in your organisation so that you can provide it for regulators when requested.
“Check-Box” Compliance: Many organisations make the mistake of thinking compliance can be simplified into a basic checklist. They perform a risk assessment, focus on any identified areas, and then assume they are compliant. It’s wiser to approach compliance from a “zero-trust” mindset — assume nothing is compliant until it can be confirmed otherwise. This comprehensive model for compliance management will yield much better results.
Overlooking Your Supply Chain: Don’t forget about your supply chain — all your vendors and business associates that access your client data are subject to the same compliance systems that you are. For example, Business Associate Agreements (BAAs) are an important part of HIPAA compliance for your practice. These contracts should clearly outline a Business Associate's responsibilities regarding your PHI and can pose a serious liability risk if the BAA isn't negotiated effectively. Any outside entity or individual that is charged with receiving, maintaining, creating, or transmitting PHI is considered a Business Associate and needs to have a BAA of their own in place with your practice.

Why Should You Partner With CyberUnlocked For Compliance And Cybersecurity Support?

The CyberUnlocked team offers expertise in industry regulations in Australia, New Zealand, the United States and Europe.

As your security risk assessment partner, we'll assist in your compliance efforts with industry regulations like HIPAA, CMMC, PCI DSS, GDPR, and more. We will help you avoid hefty fines and charges due to non-compliance.

Our comprehensive compliance reporting program involves reviewing your internal and external IT infrastructure to detect potential risks and creating a summary of the findings, followed by the development of a mitigation strategy.

We take a holistic view of your IT, digital and cloud assets across the company. Our Cybersecurity Assessment service looks at all your assets, providing you with much-needed visibility into the state of your security and compliance.

How Do Our Compliance Support Services Work?

As your partner in compliance, we work with you to not only to develop a plan of action but also to implement it. We follow a risk-based approach to compliance management, with service features including:

Multi-stakeholder improvement and training to ensure everyone involved understands how to maintain compliance in their work.
We help you develop, update and implement consistent cybersecurity policies.
We help you write your privacy notices, ensuring you do not overextend your organisation, as well as that you follow through on your commitments.
We ensure all levels of your hierarchy understand compliance, from the receptionist to the C-Suite.
We implement a reasonably flexible third-party risk-management program, which includes your supply chain and vendors.

With our help, you’ll develop and follow a robust Incident Response Plan:

We ensure external firms (legal, forensic cybersecurity, and more) are available when you need them.
We help you document the incident for future reference.
We help you determine to what extent you are required to disclose a breach.

CyberUnlocked Will Help You Manage Your Compliance

As you can see, failing to manage compliance is damaging and expensive. That’s why you shouldn’t bother trying to oversee your compliance personally. You’re too important in your actual role in your business to split focus and risk overlooking something.

Let CyberUnlocked take care of it for you. Don’t put your compliance at risk — CyberUnlocked’s team of compliance experts are available to manage it for you.

Are Weak Passwords Putting You At Risk?

Wed, 05 May 2021 20:51:56 GMT

Are Weak Passwords Putting You At Risk?

Passwords protect email accounts, banking information, private documents, administrator rights, and more — and yet, user after user continues to make critical errors when it comes to choosing, protecting and managing their passwords.

Passwords are as tricky to create and manage as they are vital to your daily life, both in and out of the office. Passwords grant you access to your email accounts, your office systems, and programs, your banking information, your social media, etc.

World Password Day falls on May 6th this year, and the CyberUnlocked team likes to mark the annual day as an ideal time to remind all business owners of the importance of protecting company data with selective and secure passwords.

Your life essentially runs on passwords — but are you aware of how important they really are?

Why Are Your Passwords So Important?

Despite the fact that passwords are the most direct way to access a user's private information, most passwords in use today are not considered to be strong or complex enough – and even if they are, they aren't updated often enough.

57% of people who have already been scammed in phishing attacks still haven’t changed their passwords, and 71% of accounts are protected by passwords used on multiple websites.

Is it the same for you?

What Are The Top 3 Ways To Keep Your Passwords Strong and Safe?

Don’t be one of the 23 million account holders still using “1300 901 835”. Follow these guidelines to make sure your passwords are strong:

Password Strength

Commonly, passwords are required to include uppercase letters, lowercase letters, numbers, and special characters.

Consider using a passphrase—which is when you combine multiple words into one long string of characters—instead of a password. The extra length of a passphrase makes it harder to crack.

For a more secure passphrase, you're encouraged to combine multiple unrelated words to create the passphrase, for example, "goldielittlelamb3pigs." Use these tips to figure out a passphrase that works for you:

Use a line from your favourite movie or book
Think of a Line From a Song
Choose 4 random words
Create a mathematical formula

Password Managers

These programs store all of your passwords in one place, which is sometimes called a vault.

Some programs can even make strong passwords for you and keep track of them all in one location, so then the only password or passphrase you have to remember is the one for your vault.

The downside of using a password keeper program is if an attacker cracks your vault password, then he or she knows all of your passwords for all of your accounts. But many IT professionals agree, the benefit of a password manager far outweighs this risk.

Multi-Factor Authentication

Multi-Factor Authentication is a great way to add an extra layer of protection to the existing system and account logins. 45% of polled businesses began using MFA in recent years.

By requiring a second piece of information like a randomly-generated numerical code sent by text message, you're better able to ensure that the person using your employee's login credentials is actually who they say they are. Biometrics like fingerprints, voice or even iris scans are also options, as are physical objects like keycards.

Don’t Underestimate The Importance Of Your Passwords

In the end, creating, updating, and managing strong passwords can be frustrating, but it's incredibly important. Privacy and security are major concerns for personal users and businesses alike these days, and so users have to be sure that they aren't making it easy for hackers to access their private data.

As you can see, managing passwords can be a complicated and time-consuming task, and that’s just one aspect of effective cybersecurity defence. You don’t have to handle it all on your own — the CyberUnlocked team of cybersecurity experts is available to help you make sure you have the best solutions and processes in place to keep your business secure.

Get in touch with our team to learn more.

Your Trusted MSP Cyber Security Partner

Tue, 04 May 2021 11:40:15 GMT

Your Trusted MSP Cyber Security Partner

Small managed service providers (MSPs) don't have the resources, talent, and tools to ensure a robust cyber security infrastructure like their established counterparts. But they're equally at risk, hence need the same, if not higher, level of protection to ward off threat actors.

What's more, most businesses at this level still struggle with expanding their revenue generation and always seek new ways to bring in more income. A managed security service provider comes through for small MSPs who wish to strengthen their data and network security and increase revenue by outsourcing compliance and security services.

How are MSSP Services Helping MSPs?

To be your clients' adequate outsourced security expert, you need sufficient cyber security expertise and advanced tools for effective performance. As such, you want a provider you can trust to secure your sensitive data and networks effectively.

MSSP service providers have helped numerous organisations address their revenue stream challenges. As such, they understand the bottlenecks and have advanced tools to help you grow your business. You'll get the right services, tools, and support to help you sell, implement, and deliver advanced security solutions for digital assets.

This substantially increases your revenue flow. Since you'll be relieved to address core business, you'll increase your productivity, transform your customer experience, and improve satisfaction. All these enable long-term customer retention.

Benefits of an MSSP Partnership

MSSP services typically replace or augment your company's in-house security team. Partnering with an experienced MSSP lets you access a top-shelf cryptographic platform to help you secure data, identity, and digital assets.

Managed service providers are benefiting from MSSP services in the following ways:

Specialist expertise – Apart from limited cyber security headcount, organisations must also obtain specialised expertise to address an incident. MSSP services help you retain the insights and provide them to your clients as needed.
24/7 monitoring – Attacks pop in any time, whether or not you're on duty. MSSPs understand this and offer round the clock SOC for protection, detection, and response to threats.
Security maturity – Most growing MSPs lack sufficient cyber security maturity to deliver to their customers effectively. MSSP partnerships can ensure rapid deployment of an effective cyber security solution with the required maturity level.
System configuration and management – An expert hand and eyes are required to configure and manage cyber security solutions and maintain their effectiveness. Your partnership will relieve you from the cost and process of hiring an in-house talent for expert security management.
Lower overall ownership costs – MSSP solutions support high scalability and multi-tenancy. This allows managed service providers to provide the same solution and support to multiple customers, distributing the overall cyber security infrastructure costs across their clientele.
Compliance support – Cyber security regulations are getting more complex by the day, and new legislation (like CMMC and GDPR) continue to join the existing ones (like PCI DSS and HIPAA). An MSSP will aid data collection and help you generate reports to demonstrate compliance after a potential attack or during audits.

Why Partner with CyberUnlocked?

If you're an MSP looking to partner with a reliable MSSP agency, then CyberUnlocked should be your preferred service provider. We understand the struggles of MSPs in identifying new revenue streams. Fortunately, you have the opportunity to generate additional monthly revenue without hiring in-house security experts.

We'll stand by you through every step, offering you expertise and tools to grow your business. Our partner program is designed to allow MSPs to provide white-labelled cyber security offerings to their customers.

We offer the ultimate transparency through our straightforward pay per user framework and go out of our way to share our deep industry knowledge and experience with our clients. This way, you'll quickly diversify your security and compliance offerings and deliver high-value solutions to clients. As your trusted cyber security partner, we'll also support you through pre-sales, sales, and assessments.

Reach out today if you have questions.

Security Risk Assessment Framework for Different Vulnerabilities

Wed, 28 Apr 2021 00:28:46 GMT

Security Risk Assessment Framework for Different Vulnerabilities

One of the major setbacks of the fast-paced digital transformation experienced in recent years is the tragic rise in cybersecurity threats. Cybercriminals are getting more innovative and sophisticated by the day, often devising new, complex means of launching their attacks. And contrary to the beliefs of many, these criminals mostly target small and mid-size businesses (SMBs), knowing that they pay little to no attention in bolstering their security posture. The rate of vulnerability is so high that 43% of all data breaches target SMBs. Astonishing, huh!

But what should you do as an SMB not to contribute to this mind-blowing statistic? Simple! It all begins with conducting a comprehensive security risk assessment to unmask all vulnerabilities. CyberUnlocked works hand-in-hand with MSPs and direct businesses all across the globe to provide security solutions required to prevent cyber-attacks and remain compliant with industry regulations. But for now, let's focus on how we conduct a security risk assessment to determine defects and vulnerabilities.

Business Vulnerability Assessment Procedures

Our risk assessment procedure on business vulnerabilities focuses on analysing different processes, functions, and systems to develop a security framework that suits your organisation. After considering such factors as scope, size, and complexity, we embark on conducting business-specific risk assessments using the following techniques:

Vulnerability Scanning

It's a no-brainer; your computer's network infrastructure is the easiest way for hackers to gain unauthorised access to your systems and files. That's why one of the essential assessments that our cybersecurity experts conduct is vulnerability scanning. This involves using potent tools and expertise to inspect and identify potential risk areas that cybercriminals can exploit to steal or compromise your sensitive data.

We may conduct the vulnerability scanning on your internal and external IT infrastructure or your managed service provider to uncover all the methods hackers can use to exploit your networks, computers, or communication equipment. After scanning for such vulnerabilities as default configurations, coding bugs, known flaws, and potential paths to sensitive data, we generate a detailed report that's useful in identifying opportunities to improve your security posture.

Ethical Hacking

Ethical hacking, aka, penetration testing is the act of legally breaking into your network, system, or web application to gauge your preparedness/defences for a cyberattack. This simulated attack aims to notice and exploit all the weak spots that real hackers may use to compromise your system.

And the logic here is simple; if we can manage to hack into your system, another party with ill intentions can too. After completing the penetration testing, our cybersecurity experts will share their findings with your IT department or managed service provider. We can then use the information collaboratively to implement the security upgrades necessary to seal all the discovered vulnerabilities during the test.

Automated Scanning

Let's be honest; some security vulnerabilities require more than just human creativity and intuition to unmask, thanks to their complexity levels. Thankfully, no matter how hidden a risk may seem, it can't hide from our cybersecurity team, who leverage the most advanced automated scanners to point out everything.

Our automated scanning techniques are meant to supplement the above-discussed vulnerability scanning. They help in conducting hundreds of routine tests that would take humans ages to complete. We primarily perform automated scanning to detect web and cloud application vulnerabilities such as SQL injection, command injection, insecure server configuration, cross-site scripting, etc. Afterwards, we create an unbeatable action plan for beating the security risks before they become an incident.

Compliance Reporting

There's no secret that evaluating your firm's security status is influential in developing a strategy for sealing all the loopholes that cybercriminals may leverage to wreak havoc. On top of that, it also helps in complying with regulations set by government agencies and regulatory bodies.

As your security risk assessment partner, we'll also help you remain compliant with industry regulations like HIPAA, CMMC, PCI DSS, GDPR, etc., to avoid hefty fines and charges due to non-compliance. Our compliance reporting program involves reviewing your internal and external IT infrastructure to detect potential risks and creating a summary of the findings, pending the development of a mitigation strategy.

CyberUnlocked is Your Go-To Security Risk Assessment Partner!

Are you ready to conduct an all-inclusive security risk assessment for your business to seal all the potential cyber-attack weak links? Our highly experienced and self-motivated CyberUnlocked team is more than willing to help you develop a customised security risk assessment framework to fish out all business-specific vulnerabilities. The assessment outcome can help you protect sensitive data assets while enhancing productivity, saving on costs, and increasing the bottom line. Request your FREE assessment today to get started!

Security Bulletins

What Australia’s New AI Plan Means

What Australia’s New AI Plan Means

React2Shell: What You Need To Know About This New Server-Side React Risk

React2Shell: What You Need To Know About This New Server-Side React Risk

Beyond the Keyboard: How AI Is Becoming an Active Player in Cybercrime

Beyond the Keyboard: How AI Is Becoming an Active Player in Cybercrime

CyberUnlocked Insights: Featured in TechPartner.News

CyberUnlocked Insights: Featured in TechPartner.News

Compliance is Now Just Part of the Job

The Difficulty: Knowing Your Limits

You Don’t Have to Be a Lawyer and a Techie

The Way Forward for Opportunity

The Smarter Approach

Penetration Testing Explained: A Guide for Australian Organisations

Penetration Testing Explained:

A Guide for Australian Organisations

CyberUnlocked chair AI Governance Summit 2025

Building Trust in AI:

﻿ Reflections from the AI Governance Summit 2025

Sarah McAvoy Featured on Techpartner, “Waiting until an incident is in progress is too late"

New Ransomware Reporting Rules in Australia: Insights from Sarah McAvoy’s TechPartner.News Feature

Channel Meets Security Sydney 2025

CyberUnlocked at Channel Meets: Security, Sarah McAvoy Joins Compliance Panel

Cyber Security Compliance: Everyone’s Starting Line is Different

Cyber Security Compliance: Everyone’s Starting Line is Different

Why SMB1001:2025 Is a Game Changer for SMBs

Why SMB1001:2025 Is a Game Changer for SMBs

Sarah McAvoy at Intergy Consulting for crucial cyber security posture and mitigate risks of cyber-attack

Sarah McAvoy at Intergy Consulting for crucial cyber security posture and mitigate risks of cyber-attack

Genea Cyber Attack: Key Lessons and Essential Cyber Security Strategies for Healthcare

Genea Cyber Attack: Key Lessons and Essential Cyber Security Strategies for Healthcare

Understanding the Australian Threat Landscape with Sarah McAvoy & Intergy Consulting

Understanding the Australian Threat Landscape with Sarah McAvoy & Intergy Consulting

Introduction of the Cyber Security Bill 2024

Introduction of the Cyber Security Bill 2024

Cyber Security is Everyone's Business - Cyber Security Awareness Month 2024

Cyber security Awareness Month 2024: Cyber Security Is Everyone’s Business

Are You Prepared for the Privacy Act Amendments?

Are You Prepared for the Privacy Act Amendments?

How LockBit's Attack on OracleCMS Unfolds a Cautionary Tale

Major Ransomware attack on a Australian Call Centre!

The Invisible Threat: Why You Need Cyber Supply Chain Risk Management?

Cyber Supply Chain Risk Management

Is your hotel room as safe as you think?

The Key to Your Privacy: How Secure Is Your Hotel Room, Really?

Essential Cyber Security Tips for Charities and Not-for-Profits

Essential Cyber Security Tips for Charities and Not-for-Profits

Social Engineering Masterstroke: What is deepfake?

The Art of Deception : Spotlight on Deepfake and Its Social Engineering Masterstroke

CyberUnlocked setting new standards in cyber security on Ticker News

CyberUnlocked setting new standards in cyber security on Ticker New s

Sarah McAvoy and CyberUnlocked Win 2023 Australian Women's Small Business Champion Award

Sarah McAvoy and CyberUnlocked Win 2023 Australian Women's Small Business Champion Award ﻿

Join our founder Sarah McAvoy at the CBD Sydney Chamber facilitating a Small Business Cyber Security Panel Discussion

Join our founder Sarah McAvoy at the CBD Sydney Chamber facilitating a Small Business Cyber Security Panel Discussion ﻿

5 Must-Dos During Cyber Security Awareness Month

Beware of Scammers This Tax Time - Essential Cyber Security Tips

New Tool Exploits Microsoft Teams - How to Defend Your Business?

How Can I Reduce My Cyber Liability Insurance Premiums?

9 Essential Questions to Safeguard Your Business When Adopting Generative AI

Are You Taking Advantage of the Business Deductions for Cyber Security?

What should you do to ensure you don't miss out on these deductions?

Why Regular Vulnerability Scanning and Penetration Testing is Crucial for Your Business

What is Vulnerability Scanning?

Penetration Testing

The Benefits of Regular Vulnerability Scanning and Penetration Testing

Key Takeaway

ISO 27001 vs SOC 2: Which Certification is Right for Your Organisation?

What Changed In The 2022 update of ISO27001 and ISO27002?

Still Using Norton or McAfee? Here's Why You Need to Upgrade Your Cyber Security

A Rapidly Changing Tactical Landscape

The Limitations of The Legacy Providers

The Importance of ‘Next Generation’ Threat Detection

Responding in Real Time

Transitioning to A More Effective Solution

How Cyber Security Assessments Can Save Your Business From a Data Breach

What Does ChatGPT Mean for the Future of Cyber Security?

The Business Owner’s Guide to Ransomware: To Pay or Not to Pay?

5 Ways Hackers Are Exploiting Our Mental Shortcuts

Reflections from the AI Governance Summit 2025

Sarah McAvoy and CyberUnlocked Win 2023 Australian Women's Small Business Champion Award

Join our founder Sarah McAvoy at the CBD Sydney Chamber facilitating a Small Business Cyber Security Panel Discussion