CISO BRISBANE
EXCLUSIVE CONTENT

CSO Michael Poezyn says the explosion of AI, while transformative, is a cause of concern for CISOs

With more than 20 years of experience in cybersecurity, Michael Poezyn’s passion and wealth of experience has made him a valued and well-respected member of the gaming software solution provider’s leadership team and a trusted consultant within his field.

When it comes to the cybersecurity challenges Poezyn concerns himself with, the age-old issues of Ransomware, Insider Threats, DDoS attacks remain top of mind. However, as we have seen in 2023, the explosion of AI and the pace at which this sector is growing and becoming freely available, is a massive concern.

“We have seen in the news that companies are having to block AI tools like ChatGPT, as with the increased use of these tools, the proliferation of IP distribution is large. Such an example is the stance Samsung had to take due to employees freely distributing company IP via the tool,” Poezyn says.

“With the fear of many companies not wanting to be left behind due to this AI revolution, we are seeing many companies pushing the use of all AI tools, but unfortunately the cyber security controls, or protections, are just not there yet.

Best-Selling Author Chirag Joshi: Optimising Cybersecurity Leadership and Well-Being

Chirag Joshi, Best Selling Author of 7 Rules to Influence Behaviour and Win at Cyber Security Awareness discusses emotional intelligence

In this week’s episode of the Business of Infosec podcast, host Michelle Ribeiro is joined by Chirag Joshi, Best Selling Author of 7 Rules to Influence Behaviour and Win at Cyber Security Awareness. They lose track of time in an organic conversation around Chirag’s journey into cybersecurity and his wealth of knowledge across different countries and industry sectors.

In the discussion this week:

• The importance of moving beyond the concept of awareness by changing the culture and encouraging everyone to act
• How the CISO role has evolved from technical to advisory and the importance of developing the skills to enable them to articulate threats in a way that translates to financials and risks
• The soft skills required for the new CISO: how to develop abilities in finance, contract management, negotiation skills, change management, and more
• The CISO role has gained tremendous importance to most businesses: what are the dos and don’ts for them to meet what’s now expected of their position?
• The importance of not being a function of “no”
• Developing emotional intelligence
• Improving your story-telling skills: good stories inspire emotions, and emotions inspire people to act

Sonic Healthcare exec: Data governance can reduce cyber risks

Rosemary Cooper, Global Information Systems – Governance, Risk and Compliance Manager for Sonic Healthcare chats with us about data governance and data ethics

In this week’s episode of the Business of Infosec podcast, host Michelle Ribeiro is joined by Rosemary Cooper, Global Information Systems – Governance, Risk and Compliance Manager for Sonic Healthcare. Together they walk through Rosemary’s journey into IT and how a strong data governance framework can dramatically reduce cyber risks.

In the discussion this week:

• What cross-sector organisations can learn from data governance in healthcare
• The CIA Triad of Data: how to get the right balance between confidentiality, integrity and availability
• Cyber gets a lot of attention but if data governance is done well risks should be reduced
• How to put data governance in the right place and give it the right authority in an organisation
• What does a weak data governance framework look like?
• What does a good data governance model look like?
• When it comes to cybersecurity, how do you know what you have in place is effective?

Australian Infosec Leaders Reveal Ransomware Weaknesses

Many organisations in Australia and New Zealand are likely to feel the pain of a ransomware attack if it occurred today

In its 2022 Annual Cyber Threat Report, the Australian Signals Directorate’s Australian Cyber Security Centre reported having received 447 ransomware cybercrime reports for the year, and stated that it was likely that ransomware remained significantly underreported, especially by victims that pay a ransom.

Ransomware disrupts business and causes reputational damage to hundreds of organisations globally.

In the 2021 financial year, the Australian Cyber Security Centre observed almost 500 reports of ransomware, an increase of almost 15 percent on the prior year. 

In late 2022, Corinium produced a report titled the State of Ransomware Readiness, ANZ, after surveying 119 cybersecurity professionals across Australia and New Zealand. This article is an exerpt from that report.

With so many successful ransomware attacks occurring annually, the ASD expects these incidents will remain a common threat in Australia and globally. As such, it is imperative that organisations in our region are prepared. 

Read the full article today!

Inside Active Directory Security, Australia, 2023

A major business technology control with massive security implications

Active Directory architecture is critical to every Microsoft-based organisation or entity that operates a network of connected infrastructure with multiple staff and
segmented or configured levels of access.

As the central set of services to manage authentication and authorisation of users and computers on a Windows network, Active Directory represents the keys to the kingdom for cybercriminals.

Active Directory is almost always targeted by threat actors looking to move laterally across a network following an initial breach.

Despite this, many Active Directory installs will be outdated, untidy and often left without proper security oversight.

Without the proper governance, Active Directory can be a major cyber security risk.

In this report we explore the topic of Active Directory security with cybersecurity leaders from Australian organisations.

Featuring commentary and insights from:

• Jamie Norton, Partner, McGrathNicol
• Stepanie Crowe, First Assistant Director General, Cyber Security Resilience, Australian Cyber Security Centre, Australian Signals Directorate
• Rob Wiggan, Cybersecurity Advisory, WTW
• TM Ching, Security Chief Technology Officer, Asia Pacific, DXC Technology
• George Abraham, Chief Information Security Officer, Novatti Group
• Sean Deuby, North American Principal Technologist, Semperis

Complete the form to download your free copy of the report!

Each year, hundreds of companies fall victim to ransomware

Last year, the Singapore Computer Emergency Response Team, SingCERT reported that throughout 2022, ransomware groups were “actively targeting high-profile targets, from critical infrastructure to entire government systems, either stealing massive databases or disrupting operations”.

The evolving sophistication and scale of the ransomware threat is one the Cyber Security Agency of Singapore says it is monitoring closely.

Organisations in Southeast Asia must be prepared, both to repel potential attacks and respond in the event of a breach.

Through a survey of 60 cybersecurity professionals from three countries, Singapore (22), Indonesia (18) and Malaysia (17) conducted between September and December in 2022, this report examines the idea of ransomware readiness, gauging the confidence among information security professionals when it comes to their ability to be prepared for, respond to and quickly recover from a ransomware attack.

Complete the form to download your free copy of the report!

Download your copy today!

Measuring DevSecOps Effectiveness, Australia

The DevSecOps Shift Has Arrived

The way applications are developed, deployed, accessed and used has changed.

Infrastructures that were once contained and relatively straightforward to encircle with security measures have become complex and multi-cloud. Applications are now operationalised in tandem with their development, live online and are updated regularly and rapidly. Just as development has been modernised with DevOps practices, securing applications is undergoing a similar shift to become DevSecOps, with security decisions and processes now embedded into the development cycle.

This report examines the processes and best practices currently being used to evaluate the effectiveness of DevSecOps practices. Through insights gathered from cybersecurity leaders within organisations using DevSecOps approaches, we discuss how security leaders measure these programs and what considerations other CISOs and cyber leaders should make to improve security in DevOps.

Download your copy today!

State of Ransomware Readiness, ANZ, 2022

Over the past decade we have seen global headlines related to high profile incidents, including the Colonial Pipeline attack of 2021, the global WannaCry, Petya and NotPetya infections of 2016 and 2017, all the way back to the CryptoLocker outbreak in 2013, to name some of the most infamous.

In 2022, the Australian Cyber Security Centre stated that ransomware remained the most destructive cybercrime, with costs beyond the ransom related to systems, productivity and customers.

Given the seriousness of ransomware and the potential impact it can have functionally, reputationally and financially, organisations in Australia and New Zealand should be prepared both to repel potential attacks and respond in the event of a breach.

Through a survey of 119 cybersecurity professionals (102 Australian, 17 New Zealand) conducted between February and August in 2022, this report examines the idea of ransomware readiness, gauging the confidence in information security professionals when it comes to their ability to be prepared for, respond to and quickly recover from a ransomware attack.

Featuring commentary from:

• Varun Acharya, Chief Information Security Officer, Healthscope
• Nivi Newar, Head of Cyber Security Strategy and Governance, University of New South Wales
• Pete Murray, Managing Director, ANZ, Veritas

Download your copy of the full report today to find out more!