AustCyber’s Projects Fund grant recipient truuth has been developing a digital identity platform for user identity verification, while protecting user privacy.

truuth uses technology that fragments, salts (injects false information), encrypts and shards user credentials across multiple trusted servers. The platform delivers a wide range of micro-services that improve online safety and eliminate the need to remember many different passwords, whilst ensuring no single entity has access to a user’s biometric data. The truuth platform is being deployed for enterprise customers including Macquarie Bank, NuMobile and Australian Finance Group (AFG).

“Most venture capital funds are focused on scale-ups that already have enterprise customers, while private equity is typically looking to invest A$5-10 million in Series A rounds,” said Mike Simpson, CEO & Co-founder of truuth. “AustCyber complements these by supporting early stage companies with highly innovative technology solutions.”

The truuth suite of digital identity and authentication services addresses deficiencies of current solutions such as reliance on insecure passwords. It also provides enterprises with higher levels of user authentication by using Artificial Intelligence (AI) and Machine Learning (ML) models to verify the user is present during the authentication event.

AustCyber funding support has been integral to the success of truuth.

“The Projects Fund enabled us to match funding from private investors to grow the team more rapidly and deliver our digital identity services far earlier,” said Mr Simpson. “truuth’s successes over the past 12 months would not have been possible without the assistance of AustCyber. Our participation in AustCyber forums has also opened up commercial conversations in the public and private sectors.”

The company provides a range of digital identity services including truuth KYC (Know-Your-Customer), truuth liveness, truuth faceKey and truuth biopass. These services help to safeguard against the recent and rapid rise in ‘deep fake’ identities created by artificial intelligence and machine learning algorithms which are exacerbating fraud risks.

Recent estimates by the Attorney-General’s Department indicate that identity crime costs Australia upwards of $1.6 billion each year, with the majority lost by individuals through credit card fraud, identity theft and scams.¹

This case study is featured in Australia’s Cyber Security Sector Competitiveness Plan 2020, which can be viewed here and downloaded here.

1. AustCyber (2020), trUUth: A next generation solution for digital identity and cyber security. Available at: https://www.austcyber.com/news-events/truuth-next-generation-solution-digital-identity-and-cybersecurity

Understanding how our digital world works, how it is designed to protect us and how we can keep our information safe is critical for both adults and children to learn.

The University of Adelaide (UoA)’s Computer Science Education Research Group (CSER Group) have been operating digital technologies programs for Australian teachers since 2014.

“The entire CSER program, which includes eight MOOCs on various technology curriculum related areas, has attracted over 38,000 enrolments,” said Dr Rebecca Vivian, CSER Project Lead.

This year, they partnered with AustCyber, CSIRO and Google Australia to develop free, self-paced Massive Open Online Courses (MOOCs) to build primary and secondary teachers’ confidence and capacity to integrate the learning of cyber security and awareness into the classroom.

Two new courses – one for primary teachers (K-6) and one for secondary teachers (years 7-10) – contain practical classroom activity ideas and examples of career pathways. Both courses are aligned to the Australian Curriculum (Digital Technologies and ICT Capabilities) and focus areas include data security, encryption, cryptography, networks, information systems and safety, cyber security risks and security measures, and cyber ethics.

“The Cyber Security and Awareness MOOCs for Primary and Secondary Classrooms have been live since mid 2020, with over 770 teachers enrolled to date,” said Dr Vivian. “Given there are over 288,000 teachers in Australia, we have many more to reach. Learning about cyber security not only enables students to adopt safe practices in their own use of technology, but importantly, can inspire a future cyber security workforce.”

In today’s digital world where children are exposed to social media and they consume large amounts of online content at an early age, the need for early and relevant cyber education is crucial. The UoA’s MOOCs are an important tool for building cyber awareness. Nurturing cyber literacy amongst school students also helps grow the sector’s talent pipeline by highlighting the various pathways available to students.

Over the past three years, there has been significant progress in the availability of cyber security courses and training. This momentum needs to continue to meet the growing demand for cyber security professionals, with the workforce estimated to increase to 33,500 by 2024.

Primary and secondary schools play a crucial role in ensuring this demand is met. If schools can encourage students to consider a career in cyber security, while also building early cyber skills, both the quality and number of students looking to undertake cyber security qualifications will improve.

This case study is featured in Australia’s Cyber Security Sector Competitiveness Plan 2020, which can be viewed here and downloaded here.

CyberCX has sought to provide local customers an Australian alternative to large multinational providers for complex cyber security services.

Launched in October 2019 and backed by private equity firm BGH Capital, CyberCX has brought together 15 (and counting) independent cyber security service providers over the course of the past year. Some of these providers are well known Australian names – including Shearwater, CQR, Sense of Security, TSS and Phriendly Phishing.

CyberCX’s approach to scaling – by acquiring and consolidating existing providers who have proven capabilities and prior customer bases – means the organisation has been able to develop into a large and competitive provider within a short period of time.

CEO John Paitaridis said, “CyberCX took a structured and deliberate approach to integrate its group of portfolio companies into a single organisation, building shared systems and a united mission, under a single brand”.

CyberCX’s acquisitions reflect an ambition to unite a complementary set of cyber services. As recently as October this year, CyberCX acquired the publicly listed Cloudten and Decipher Works – who specialise in cloud and identity management, respectively – to meet growing demand around cloud services driven by the COVID-19 pandemic.

“COVID-19 has accelerated enterprises’ cloud migration strategies and highlighted the need for robust identity management solutions,” said Mr Paitaridis¹.

Chief Strategy Officer Alastair MacGibbon has signalled that CyberCX will continue to scale further by expanding overseas in 2021. He said, “CyberCX plans to significantly grow our specialised cyber security workforce across the UK and US to deliver end-to-end cyber security services”.

One of CyberCX’s earliest acquisitions (CQR) had an existing presence across the UK which will help CyberCX scale its presence overseas. The organisation plans to double its cyber security workforce across New Zealand, the UK and US in the next year in an attempt to create a large, globally competitive, Australian cyber services alternative. 

This case study is featured in Australia’s Cyber Security Sector Competitiveness Plan 2020, which can be viewed here and downloaded here.

1. ARN (20 October 2020), CyberCX forks over $25M to buy Cloudten and Decipher Works

Detexian enables small and medium enterprises to manage cyber risks affecting ‘software as a service (SaaS)’ applications such as Office 365, G Suite, Salesforce and Xero.

Founded in 2018, the organisation has established offices in Australia and San Diego, and is exporting to customers in the US, New Zealand, Singapore and Latin America.

Many of Detexian’s customers are small and medium enterprises that provide solutions and services to regulated entities such as large banks, insurance companies and financial services companies. They are heavily reliant on cloud and SaaS technology and handle high volumes of sensitive financial and personal data. Detexian helps these businesses provide proof that security controls are in place at all times to protect their data and gain customer trust.

At the onset, Detexian relied on the word of mouth of their existing customers to win new ones. But the company was quick to leverage the power of digital marketing, social media and strategic alliances to scale its presence internationally.

“Our way to market is quite simple,” said Co-Founder and CEO Tan Huynh. “We have a two-fold strategy to target companies through direct digital marketing and introductions from trusted partners. We’ve also been assisted by AustCyber and The Australian Trade and Investment Commission (Austrade) to connect and meet with potential customers and partners.”

Detexian’s current target export markets are Singapore, New Zealand and the West Coast of the US as there are no issues with timezone coordination, the regulatory environments are mature and business can be conducted 100% online.

In 2020, Detexian has invested significant time and resources studying the Singapore market. “It’s ahead of our home market in terms of infosec regulatory compliance. SMEs constitute almost the entirety of Singapore enterprises, with over 80% having digital transformation strategies in place,” said Mr Huynh. “When we began to target Singapore SMEs through direct digital marketing, we instantly experienced a high degree of interest. Then, through our networks with the help of Austrade, Detexian was introduced to a number of ecosystem partners and potential channels to explore commercial opportunities in Singapore and the wider Southeast Asian region.”

The accelerated learnings have helped Detexian refine its business model to further minimise adoption barriers for both SMEs and their trusted partners such as IT consultants and MSPs who can help recommend Detexian solutions to their clients. Detexian is currently in discussions with a number of IT/security consultants and MSPs looking to expand their capabilities.

“In the wider Southeast Asian region, we are entering into strategic alliances with well-known companies with dominating positions in product verticals adjacent to Detexian. These companies are looking to progress in the value chain and jump start their offerings to provide more value-added technologies to their existing clients,” said Mr Huynh.

This case study is featured in Australia’s Cyber Security Sector Competitiveness Plan 2020, which can be viewed here and downloaded here.

Small businesses face pressure from all directions. With budgets, time and access to expertise constrained, they are constantly on the lookout for technology solutions that can make their lives easier.

Melbourne based company Cynch Security is on a mission to help small business leaders prevent a cyber security incident from becoming one of the worst days of their career.

The team has spent the past nine months helping small businesses across Australia adjust to the changes brought on by the COVID-19 pandemic.

With the shift to working from home for long periods of time, keeping a business secure is a complex undertaking and beyond the reach of those outside the cyber security industry. Attacks continue to evolve and threaten businesses that depend on technology. Advice from experts is often inconsistent and quite generalised, creating confusion and at times, apathy amongst frustrated small businesses.

All of this has resulted in a growing number of businesses concerned about cyber risk, looking for how to best manage it amongst their teams. The responsibility for managing the risk day-today often falls to senior leaders with technology operations responsibility. This may be a younger business partner, office manager or the owner themselves if the team is small enough.

Providing micro and small businesses with advice on how to implement risk interventions as businesses transitioned to remote working has been Cynch Security’s focus during the pandemic.

“COVID-19 disproportionately affected small businesses, and with increased cyber threats heading their way, we wanted to make sure we did everything in our power to support them when they needed it most,” said Co-Founder and CEO Susie Jones.

“We created an entirely new online program for business owners with remote teams to help them manage the new risks they were facing. The program was complemented by a series of blog posts, webinars and supporting resources hosted on our website.

While health risks may have peaked and businesses are now starting to take stock and look towards the future once again, cyber risks remain and continue to evolve. As small businesses navigate these changes, Cynch Security will continue to offer support.

This case study is featured in Australia’s Cyber Security Sector Competitiveness Plan 2020, which can be viewed here and downloaded here.

Canberra is Australia’s defence capital with the largest concentration of defence and national security agencies, assets, organisations, diplomatic networks and industry bodies in Australia. Consequently, opportunity exists for cyber security providers to develop custom solutions to meet defence needs.

In an Australian first, a group of innovative, sovereign cyber companies collaborated to create a successful pilot of a fully online, collective cyber training program for the Australian Defence Force (ADF).

Australian businesses Cydarm Technologies, elttam, FifthDomain, Penten and Retrospect Labs, each with expertise in niche cyber technology, came together to tailor a solution for defence on FifthDomain’s cyber training and simulation platform.

The aim of the Accelerated Defence Cyber Training (ADCT) Program echoes the current need for remotely accessible training programs, while also addressing the requirement to rapidly increase cyber skills across defence and industry.

The online training program was conducted from FifthDomain’s headquarters in Canberra, and was delivered remotely to Navy, Army and Air Force personnel across the country. 

The training was conducted in a highly realistic virtual environment with simulated exercises. Trainees were grouped into virtual teams to remediate vulnerabilities and respond to simulated and real threat actors.

Each cyber business brought their own set of capabilities to create a bespoke solution for the ADF.

Cydarm Technologies deployed their case management platform and dashboard as a command and control system to coordinate team activities and provide oversight for the mentors. Vaughan Shanks, CEO of Cydarm Technologies said, “This enabled trainees in the cyber security operations teams to collaborate on responding to incidents, using playbooks, while the mentors continually assessed their progress.”

elttam, an independent security company which specialises in high-quality offensive and defensive security services, played the role of cyber threat actors for the ADF trainees. Matt Jones, Director and Co-founder of elttam said, “We were proud to tailor realistic adversarial scenarios by employing the Tactics Techniques and Procedures (TTPs) found in real world cyber-attacks. The design and execution of each scenario was carefully tailored to give Defence participants the best experience in identifying, learning from, and defending against such cyber threats.” 

FifthDomain, the project lead and provider of the training and simulation platform, specialises in cyber operations workforce development. Matt Wilcox, CEO of FifthDomain said, “FifthDomain’s cyber ranges benefit by being able to integrate niche technologies from our partners to provide Defence the best of breed in Australian cyber innovation. Within the context of COVID-19 limitations, the sovereign, remotely accessible platform enables defence to overcome travel and supply chain challenges to successfully achieve this goal.”

Penten enjoyed the challenge of integrating their unique AI generated content and user behaviour on FifthDomain’s cyber training platform. Founder and Director of Penten Ben Whitham said, “Although this is only the first step working together, the combined solution of additional realism and automation will enhance the training outcomes, reduce the time taken to create the environments and improve the repeatability.”

Retrospect Labs co-designed and facilitated multiple cyber security exercises as part of the ADF’s Accelerated Defence Cyber Training course. Jason Pang, CEO of Retrospect Labs said, “We leveraged our unique exercise platform to remotely manage and deliver these exercises to more than 50 ADF trainees dispersed across Australia.”

Delivery of this program closely aligned with Australia’s Cyber Security Strategy 2020, released in August 2020, which commits A$1.67 billion investment over ten years and outlines a range of initiatives including the growth of the country’s cyber skills pipeline as one of its key recommendations.

This case study is featured in Australia’s Cyber Security Sector Competitiveness Plan 2020, which can be viewed here and downloaded here.