fbpx

Category Archives

Category Name: Cyber

Fortifying Commonwealth Systems through Compliance with AS 4811- 2022 and PSPF 12, and Embracing Proven Screening Strategies

1. Introduction With insider threats posing a significant challenge in the Health industry, it is imperative to establish rigorous user screening processes that align with Australian Standard 4811-2022 and Protective Security Policy Framework (PSPF) 12, ensuring the security and integrity of commonwealth systems – such as the My Health Record system. This article highlights the […]


HR tech trends of 2024: Four key areas to watch

Cyber Security Risk Audits start to look at the HR workforce.  A recent study out of Cylab, 69% of respondents had more than 5 malicious, high-concern insider incidents. 44% of businesses had more than 10 incidents. 11% had more than 100 incidents, such as financial fraud, sabotage, data theft, or workplace violence. In 2021 this trend won’t stop. Cyber security is always going to be […]


Cyber threats keeping CEOs up at night

Exploring what the right cybersecurity path forward looks like when people are involved.  70,604 cyber security professionals were asked to respond to the question, ‘What Keeps You Awake at Night’, with the option to select one of three possible answers.​ a. Third Parties​ b. Insider Threats​ c. Nation State Actors 55% of cyber professionals are worried about their own staff, their own colleagues. This echoes what Terry Halvorsen, the former CIO of the US Department of Defense, said in recent Sydney conference: “The single threat to your system is people. Some of it is not even malicious. People ask what keeps me up at night? It’s people.” He then recommended business leaders to spend their cyber budget on people – before tech. That is an important statement from a person who controlled a USD 42 Billion annual  budget.    Background: Low hanging fruit are external people.   The typical corporate network topography is wide and that means a lot of potential entry points if left unsecured or vulnerable. The work from home (WFH) trend has exacerbated  this. The last thing any senior leader needs is the fallout from a major security breach or attack. We are seeing near daily headlines littered with cyber breach incidents and  ransomware of well-known brands. Closer to home they might even be third party supply chain partners.    Internal threats can cost many times more than an external attack.   Cyber professionals are aware that staff are normally, by default, accessing sensitive networks and information from anywhere, for the foreseeable future. The climate in which potential internal breaches – negligence or intentional – is elevated. Tech solutions try to secure all the hardware that the internal user accesses. This is difficult when  trusted employees WFH and use unsecured home computers, home printers, home USB sticks etc. Other tech solutions include user behaviour motioning software to detect and  alert when internal people are in the corporate network system and doing the wrong thing.    The role of trust cybersecurity     […]


Personnel security is fundamental to good business.

Personnel security is fundamental to good business. Most personnel strive to conduct themselves in an ethical and professional manner. However, it would be negligent to ignore the risk of someone deliberately causing harm or exploiting their positions of trust. The ‘trusted insider’ represents a real and enduring risk to everyday business practices. It is an [...]

Critical Infrastructure entities must now hunt for spies.

Critical Infrastructure entities must now hunt for spies. Preemployment screening does not hunt for spies. The PSPF does. We do.   Meet Bruce. He works for your critical infrastructure company. He is like many workers in Australia: born in another country, studied at a great university there but then moved here to make a life […]


Security Awareness and Cyber Awareness briefings for every candidate

Security Awareness briefings for every candidate … for free! It is important for employers to know and understand that candidate’s background is not filled with unmitigated risk. However, new employees to the organisation might not fully understand or comprehend the employer’s security posture and culture. That’s where a security & cyber awareness mini course comes […]


How do I prevent a malicious insider threat?

How do I prevent a malicious insider threat? 1:3 data breaches are due to malicious trusted insiders. 90% of senior managers are worried about the insider threat.   A malicious insider's system access and knowledge of business processes can make them hard to detect. But there are practices you can put in place to reduce [...]

Critical Infrastructure: Public Submissions React to Trusted Insider Risk Mitigation Options.

                  Trusted insiders are potential, current or former employees or contractors who have legitimate access to information, techniques, technology, assets or premises. Trusted insiders can intentionally or unknowingly assist external parties in conducting activities against the organisation or can commit malicious acts of self-interest. Such action by […]


“The scheme should screen”. Why a Cyber Security Accreditation or Certification scheme needs to include personnel suitability assessments.

The Australian Government is developing our nation’s next Cyber Security Strategy as part of its commitment to protecting Australians from cyber threats. The new strategy will be a successor to Australia’s landmark 2016 Cyber Security Strategy, which set out the Government’s 4 year plan to advance and protect our interests online backed by a $230 […]


Preemployment ‘Best Practice Guide’ for Social Media Screening.

Preemployment ‘Best Practice Guide’ for Social Media Screening. A digital footprint is the unique pattern of electronic transactions made by an individual’s publicly accessible online presence. An assessment of an individual’s digital footprint can provide insight into their life, interactions and personal views. This information may identify behaviours of concern or provide further assurance that […]


Are you Naked? Is Cyber Insurance a Must?

Are you Naked? Is Cyber Insurance a Must?   * 15% of SME’s have cyber insurance. * 1.955 million Australian businesses are not insured. * 70% percent of all businesses are unprepared for a cyber-attack. * 34% of breaches involve malicious internal actors. * 59% of orgs experience at least one malicious insider attack over […]


How we can work with IRAP Assessors.

When it comes to personnel and IT, it’s a high-risk environment right now.   9 in 10 data breaches involve trusted insiders – mainly to due to negligence 1 in 5 data breaches are caused by malicious employees 1 in 5 lie on their job resumes 1 in 5 had misrepresented their qualifications 3 in […]


Security Expert: “In general, the greatest data security risk is posed to organizations by insiders, as they have access to sensitive information on a regular basis, and may know how that information is protected.”

Joseph Steinberg is a cybersecurity expert and entrepreneur who founded the information security companies, Green Armor Solutions and SecureMySocial. He invented several popular cybersecurity technologies in use today, writes a column on cybersecurity for Inc., and is the author of several books on information security. Q. “In general, the greatest data security risk is posed […]


Phone Call: What is your security strategy?

  A Hypothetical one Sided Phone call between friends, goes something like this: Caller A: So, what’s your security strategy? Caller A: What do I mean? Well, IBM says 44.5% of breaches are caused by malicious trusted insiders. Not fat fingers, not clicking on a wrong hyper-link, not accidents, not Russian hackers. Intentional. Caller A: So let me […]


Digital Innovation: Australia’s $315b opportunity.

​Digital Innovation: Australia’s $315b opportunity. The new report from Alpha Beta for CSIRO/Data61, called “Digital Innovation: Australia’s $315b opportunity” identifies eight strategic areas where Australian businesses can succeed in creating new digital products or services. These opportunities are precision healthcare, digital agriculture, data-driven urban management, cyber-physical security, supply chain integrity, proactive government, legal informatics and […]


91% are doing background checks. This is why.

In an Ohio-based Employers Resource Association* survey… 91 percent are using background checks. That seems high. But what s.p.e.c.i.f.i.c.a.l.l.y. does that mean? A Google search? Police check? Facebook search? LinkedIn page view? A 2 minute call to the a previous boss? But more importantly, what do you do when you receive an adverse result? To […]


Security Expert: An insider with malicious intent who works for your organisation has already bypassed the majority of your security features without having to do anything other than log on to their desktop.

Marc Weaver Databasable is an IT consultancy firm that provides database administration support and specializes in moving your databases and applications into the cloud. Founded by Marc Weaver in 2015, databasable uses his vast employment experience from large financial institutions in London, Sydney, and New York. “Obviously a data security breach from an outsider will result […]


Security Expert. Insiders can also face external circumstances which make them feel desperate. Inside threat monitoring is usually shared with HR.

  GREG MANCUSI-UNGARO ​@BrandProtect Greg Mancusi-Ungaro is responsible for developing and executing the BrandProtect market, marketing, and go-to-market strategy. A passionate evangelist for emerging technologies, business practices, and customer-centricity, Greg has been leading and advising world-class marketing initiatives, teams, and organizations for more than twenty-five years. Prior to joining BrandProtect, Greg served in marketing leadership roles at […]


Security Expert: The malevolent insider is the greatest threat to any company as these individuals are operating from a position of trust.

CHRISTOPHER BURGESS ​@burgessct Christopher Burgess is the CEO, President and co-founder of Prevendra. He is an author, speaker, advisor, consultant, and advocate for effective security strategies, be they for your company, home, or family. “The most serious threat to a company’s data security is the…” Insider threat, which comes in two forms: The malevolent insider is […]


Security Expert: Efforts to mitigate the insider threat, such as additional security controls and improved vetting of new employees.

STEVE DURBIN @stevedurbin Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of focus include the emerging security threat landscape, cyber security, BYOD, the cloud, and social media across both the corporate and personal environments. Previously, he was Senior Vice President at Gartner. “As data breaches increase, many will be the […]


Security Expert: well-executed inside job will always wreak the most havoc and inflict the most pain: ‘trust but verify’ your insiders’ backgrounds.

JAMES GOODNOW @JamesGoodnow James Goodnow is a brilliant, creative, compassionate attorney and a technology aficionado in Phoenix, Arizona who’s been named one of America’s Techiest Lawyers by the ABA Journal, the official publication of the American Bar Association. Apple actually selected him as the first lawyer to be featured in one of its commercials, and also […]