In partnership with the NSW Government and Standards Australia, AustCyber is pleased to launch the Recommendations Report of the NSW Cyber Security Standards Harmonisation Taskforce, which commenced in June last year.

The Taskforce, made up of industry leaders, government and business representatives, have compiled a comprehensive list of recommendations that span key industries, including cloud, health, defence, education and financial services.

Cyber security standards play a key role in improving the security of data, assets, systems, networks and critical infrastructure. Well-developed, practical and verifiable standards enable consistency and encourage competitiveness among developers and organisations.

“The digital age is bringing more social and economic opportunities for Australian industry, but with this increasing digital reliance also comes greater security sensitivities and risks. With the report complete, we can now begin working collectively toward implementing these key recommendations,” said Adrian O’Connell, Chief Executive Officer at Standards Australia.

The report compiled by the Taskforce highlights priority areas for standards development, implementation and importantly, outlines how standards can contribute to building a resilient cyber infrastructure across sectors. It also delves into seven priority areas across Australian industry, with specific recommendations for each.

“This is not only about creating jobs, it’s about creating an industry and one we must lead,” said Victor Dominello MP, Minister for Customer Service.

“But as we strive towards this goal we must ensure the correct privacy, security and trust settings are built in – all wrapped around with ethics. The standard to which we hold our service delivery demands nothing less.”

Michelle Price, Chief Executive Officer of AustCyber, said standards are not a panacea.

“However, if used in combination with the latest advances in technology, and embedded across global supply chains, they can assist in guiding base line cyber security requirements. This will help raise the posture of small to medium enterprise (SME), organisations and government agencies to compete in the Australian market and internationally.

“Ultimately, a globally competitive Australian cyber security sector will underpin the future success of every industry in the national economy.”

“Standards Australia is looking forward to continued collaboration with NSW Government, AustCyber, other Australian Government agencies, and the broader taskforce in building stronger cyber security for Australian businesses,” concluded Mr. O’Connell.

Next steps:

The Taskforce is developing a publicly accessible list of standards relating to cyber security that span the seven priority sectors identified in the report. This will include a website that communicates the business benefits around the adoption of standards. The intention is this will be an essential asset for boards, executives and relevant decision-makers and help embed the work of the Taskforce into the economy.

Read the Recommendations Report

Listen to Episode 7 of ‘OzCyber Unlocked’, featuring the Hon. Victor Dominello MP (NSW Minister for Customer Service), Prerana Mehta (Chief of Ecosystem Development at AustCyber) and Dr Jed Horner (Policy Manager at Standards Australia) discussing the benefit to Australia’s economy of having a common set of cyber security standards, high-level takeaways from the Recommendations Report, and how the NSW Government is building a robust cyber security ecosystem.

AustCyber’s Projects Fund grant recipient truuth has been developing a digital identity platform for user identity verification, while protecting user privacy.

truuth uses technology that fragments, salts (injects false information), encrypts and shards user credentials across multiple trusted servers. The platform delivers a wide range of micro-services that improve online safety and eliminate the need to remember many different passwords, whilst ensuring no single entity has access to a user’s biometric data. The truuth platform is being deployed for enterprise customers including Macquarie Bank, NuMobile and Australian Finance Group (AFG).

“Most venture capital funds are focused on scale-ups that already have enterprise customers, while private equity is typically looking to invest A$5-10 million in Series A rounds,” said Mike Simpson, CEO & Co-founder of truuth. “AustCyber complements these by supporting early stage companies with highly innovative technology solutions.”

The truuth suite of digital identity and authentication services addresses deficiencies of current solutions such as reliance on insecure passwords. It also provides enterprises with higher levels of user authentication by using Artificial Intelligence (AI) and Machine Learning (ML) models to verify the user is present during the authentication event.

AustCyber funding support has been integral to the success of truuth.

“The Projects Fund enabled us to match funding from private investors to grow the team more rapidly and deliver our digital identity services far earlier,” said Mr Simpson. “truuth’s successes over the past 12 months would not have been possible without the assistance of AustCyber. Our participation in AustCyber forums has also opened up commercial conversations in the public and private sectors.”

The company provides a range of digital identity services including truuth KYC (Know-Your-Customer), truuth liveness, truuth faceKey and truuth biopass. These services help to safeguard against the recent and rapid rise in ‘deep fake’ identities created by artificial intelligence and machine learning algorithms which are exacerbating fraud risks.

Recent estimates by the Attorney-General’s Department indicate that identity crime costs Australia upwards of $1.6 billion each year, with the majority lost by individuals through credit card fraud, identity theft and scams.¹

This case study is featured in Australia’s Cyber Security Sector Competitiveness Plan 2020, which can be viewed here and downloaded here.

1. AustCyber (2020), trUUth: A next generation solution for digital identity and cyber security. Available at: https://www.austcyber.com/news-events/truuth-next-generation-solution-digital-identity-and-cybersecurity

Understanding how our digital world works, how it is designed to protect us and how we can keep our information safe is critical for both adults and children to learn.

The University of Adelaide (UoA)’s Computer Science Education Research Group (CSER Group) have been operating digital technologies programs for Australian teachers since 2014.

“The entire CSER program, which includes eight MOOCs on various technology curriculum related areas, has attracted over 38,000 enrolments,” said Dr Rebecca Vivian, CSER Project Lead.

This year, they partnered with AustCyber, CSIRO and Google Australia to develop free, self-paced Massive Open Online Courses (MOOCs) to build primary and secondary teachers’ confidence and capacity to integrate the learning of cyber security and awareness into the classroom.

Two new courses – one for primary teachers (K-6) and one for secondary teachers (years 7-10) – contain practical classroom activity ideas and examples of career pathways. Both courses are aligned to the Australian Curriculum (Digital Technologies and ICT Capabilities) and focus areas include data security, encryption, cryptography, networks, information systems and safety, cyber security risks and security measures, and cyber ethics.

“The Cyber Security and Awareness MOOCs for Primary and Secondary Classrooms have been live since mid 2020, with over 770 teachers enrolled to date,” said Dr Vivian. “Given there are over 288,000 teachers in Australia, we have many more to reach. Learning about cyber security not only enables students to adopt safe practices in their own use of technology, but importantly, can inspire a future cyber security workforce.”

In today’s digital world where children are exposed to social media and they consume large amounts of online content at an early age, the need for early and relevant cyber education is crucial. The UoA’s MOOCs are an important tool for building cyber awareness. Nurturing cyber literacy amongst school students also helps grow the sector’s talent pipeline by highlighting the various pathways available to students.

Over the past three years, there has been significant progress in the availability of cyber security courses and training. This momentum needs to continue to meet the growing demand for cyber security professionals, with the workforce estimated to increase to 33,500 by 2024.

Primary and secondary schools play a crucial role in ensuring this demand is met. If schools can encourage students to consider a career in cyber security, while also building early cyber skills, both the quality and number of students looking to undertake cyber security qualifications will improve.

This case study is featured in Australia’s Cyber Security Sector Competitiveness Plan 2020, which can be viewed here and downloaded here.

CyberCX has sought to provide local customers an Australian alternative to large multinational providers for complex cyber security services.

Launched in October 2019 and backed by private equity firm BGH Capital, CyberCX has brought together 15 (and counting) independent cyber security service providers over the course of the past year. Some of these providers are well known Australian names – including Shearwater, CQR, Sense of Security, TSS and Phriendly Phishing.

CyberCX’s approach to scaling – by acquiring and consolidating existing providers who have proven capabilities and prior customer bases – means the organisation has been able to develop into a large and competitive provider within a short period of time.

CEO John Paitaridis said, “CyberCX took a structured and deliberate approach to integrate its group of portfolio companies into a single organisation, building shared systems and a united mission, under a single brand”.

CyberCX’s acquisitions reflect an ambition to unite a complementary set of cyber services. As recently as October this year, CyberCX acquired the publicly listed Cloudten and Decipher Works – who specialise in cloud and identity management, respectively – to meet growing demand around cloud services driven by the COVID-19 pandemic.

“COVID-19 has accelerated enterprises’ cloud migration strategies and highlighted the need for robust identity management solutions,” said Mr Paitaridis¹.

Chief Strategy Officer Alastair MacGibbon has signalled that CyberCX will continue to scale further by expanding overseas in 2021. He said, “CyberCX plans to significantly grow our specialised cyber security workforce across the UK and US to deliver end-to-end cyber security services”.

One of CyberCX’s earliest acquisitions (CQR) had an existing presence across the UK which will help CyberCX scale its presence overseas. The organisation plans to double its cyber security workforce across New Zealand, the UK and US in the next year in an attempt to create a large, globally competitive, Australian cyber services alternative. 

This case study is featured in Australia’s Cyber Security Sector Competitiveness Plan 2020, which can be viewed here and downloaded here.

1. ARN (20 October 2020), CyberCX forks over $25M to buy Cloudten and Decipher Works

Detexian enables small and medium enterprises to manage cyber risks affecting ‘software as a service (SaaS)’ applications such as Office 365, G Suite, Salesforce and Xero.

Founded in 2018, the organisation has established offices in Australia and San Diego, and is exporting to customers in the US, New Zealand, Singapore and Latin America.

Many of Detexian’s customers are small and medium enterprises that provide solutions and services to regulated entities such as large banks, insurance companies and financial services companies. They are heavily reliant on cloud and SaaS technology and handle high volumes of sensitive financial and personal data. Detexian helps these businesses provide proof that security controls are in place at all times to protect their data and gain customer trust.

At the onset, Detexian relied on the word of mouth of their existing customers to win new ones. But the company was quick to leverage the power of digital marketing, social media and strategic alliances to scale its presence internationally.

“Our way to market is quite simple,” said Co-Founder and CEO Tan Huynh. “We have a two-fold strategy to target companies through direct digital marketing and introductions from trusted partners. We’ve also been assisted by AustCyber and The Australian Trade and Investment Commission (Austrade) to connect and meet with potential customers and partners.”

Detexian’s current target export markets are Singapore, New Zealand and the West Coast of the US as there are no issues with timezone coordination, the regulatory environments are mature and business can be conducted 100% online.

In 2020, Detexian has invested significant time and resources studying the Singapore market. “It’s ahead of our home market in terms of infosec regulatory compliance. SMEs constitute almost the entirety of Singapore enterprises, with over 80% having digital transformation strategies in place,” said Mr Huynh. “When we began to target Singapore SMEs through direct digital marketing, we instantly experienced a high degree of interest. Then, through our networks with the help of Austrade, Detexian was introduced to a number of ecosystem partners and potential channels to explore commercial opportunities in Singapore and the wider Southeast Asian region.”

The accelerated learnings have helped Detexian refine its business model to further minimise adoption barriers for both SMEs and their trusted partners such as IT consultants and MSPs who can help recommend Detexian solutions to their clients. Detexian is currently in discussions with a number of IT/security consultants and MSPs looking to expand their capabilities.

“In the wider Southeast Asian region, we are entering into strategic alliances with well-known companies with dominating positions in product verticals adjacent to Detexian. These companies are looking to progress in the value chain and jump start their offerings to provide more value-added technologies to their existing clients,” said Mr Huynh.

This case study is featured in Australia’s Cyber Security Sector Competitiveness Plan 2020, which can be viewed here and downloaded here.

Small businesses face pressure from all directions. With budgets, time and access to expertise constrained, they are constantly on the lookout for technology solutions that can make their lives easier.

Melbourne based company Cynch Security is on a mission to help small business leaders prevent a cyber security incident from becoming one of the worst days of their career.

The team has spent the past nine months helping small businesses across Australia adjust to the changes brought on by the COVID-19 pandemic.

With the shift to working from home for long periods of time, keeping a business secure is a complex undertaking and beyond the reach of those outside the cyber security industry. Attacks continue to evolve and threaten businesses that depend on technology. Advice from experts is often inconsistent and quite generalised, creating confusion and at times, apathy amongst frustrated small businesses.

All of this has resulted in a growing number of businesses concerned about cyber risk, looking for how to best manage it amongst their teams. The responsibility for managing the risk day-today often falls to senior leaders with technology operations responsibility. This may be a younger business partner, office manager or the owner themselves if the team is small enough.

Providing micro and small businesses with advice on how to implement risk interventions as businesses transitioned to remote working has been Cynch Security’s focus during the pandemic.

“COVID-19 disproportionately affected small businesses, and with increased cyber threats heading their way, we wanted to make sure we did everything in our power to support them when they needed it most,” said Co-Founder and CEO Susie Jones.

“We created an entirely new online program for business owners with remote teams to help them manage the new risks they were facing. The program was complemented by a series of blog posts, webinars and supporting resources hosted on our website.

While health risks may have peaked and businesses are now starting to take stock and look towards the future once again, cyber risks remain and continue to evolve. As small businesses navigate these changes, Cynch Security will continue to offer support.

This case study is featured in Australia’s Cyber Security Sector Competitiveness Plan 2020, which can be viewed here and downloaded here.