Check out the latest issue today and subscribe!
Home Blog
Security Solutions Issue 115 Out Now!
Check out the latest issue today and subscribe!
Ghost in the Router: China-Backed UNC3886 Exploits Juniper Networks in New Cyber Espionage Campaign
A newly discovered cyber espionage campaign by China-linked hacking group UNC3886 has compromised outdated Juniper Networks routers, according to Mandiant, Google Cloud Security’s threat intelligence division. The attackers deployed custom malware, using advanced techniques to bypass built-in security protections and maintain stealthy, long-term access.
UNC3886’s Attack and Malware Techniques
Mandiant’s investigation found that UNC3886 has been targeting end-of-life Juniper MX routers running outdated Junos OS versions. By leveraging custom malware, the attackers gained root access to these devices, modifying system processes to evade detection.
Key findings include:
- Custom Malware Deployment: Mandiant identified six distinct backdoors based on the TINYSHELL framework, designed for persistent access and remote control of compromised devices. The malware includes scripts to disable logging, making it difficult for security teams to detect anomalies.
- Exploitation of Junos OS Security Features: UNC3886 was able to bypass Junos OS’s Veriexec security mechanism by injecting malicious code into legitimate system processes. This technique, tracked as CVE-2025-21590, enabled them to execute arbitrary commands undetected.
- Expansion Beyond Edge Devices: Historically, UNC3886 has targeted virtualisation and network edge devices. However, this latest campaign demonstrates a shift towards internal networking infrastructure, including core ISP routers, significantly expanding their potential reach and impact.
Mandiant and Juniper Networks’ Response
Mandiant collaborated with Juniper Networks to analyse the malware and assess its impact. Juniper has since released security updates, as well as a refreshed version of the Juniper Malware Removal Tool (JMRT), designed to scan for and eliminate the malware.
Security Recommendations for Organisations
Mandiant urges organisations to take immediate steps to secure their network environments:
- Upgrade Juniper Devices to the Latest Versions: Outdated hardware and software present critical vulnerabilities. Organisations should ensure their routers run supported, patched versions of Junos OS.
- Run Security Scans with JMRT: The latest JMRT release includes detection capabilities for UNC3886’s malware. Running the tool’s Quick Scan and Integrity Check is essential after upgrading devices.
- Implement Strong Authentication Controls: Use multi-factor authentication (MFA) and role-based access control (RBAC) to limit exposure to unauthorised access.
- Improve Network Visibility and Logging: Organisations should enhance their monitoring systems to detect unusual behaviour and review administrative activity regularly.
- Adopt a Proactive Security Posture: Threat actors continuously evolve their tactics. Engaging with a security intelligence provider like Mandiant can help organisations stay ahead of emerging cyber threats.
The Growing Threat to Network Infrastructure
UNC3886’s ability to infiltrate core networking devices highlights the evolving threat landscape, where espionage groups seek long-term access to global communications infrastructure. As networking hardware increasingly becomes a target, organisations must prioritise cybersecurity investments to protect against sophisticated, nation-state-backed adversaries.
Mandiant continues to investigate this campaign and advises any potentially impacted organisations to seek professional threat-hunting services to assess and mitigate risks.
Exabeam Named Triple Winner in 2025 Cybersecurity Excellence Awards
Exabeam Secures Top Honors in SIEM, AI Security Solution, and Most Innovative Cybersecurity Company
Exabeam, the leader in intelligence and automation for security operations, has been recognised as a triple winner in the 2025 Cybersecurity Excellence Awards. Exabeam earned top honours in the Most Innovative Cybersecurity Company, AI Security Solution, and Security Information and Event Management (SIEM) categories. These awards recognise the company’s continued leadership in security operations and its commitment to delivering AI-driven intelligence that helps organisations detect, investigate, and respond to threats with unprecedented speed and accuracy.
The Cybersecurity Excellence Awards honour organisations and products that demonstrate excellence, innovation, and leadership in cybersecurity. Winners are selected based on the strength of their nominations and peer recognition within their respective market segments.
While the cybersecurity industry is flooded with AI buzzwords and empty promises, Exabeam delivers real AI-driven intelligence—helping security teams outmaneuver adversaries with faster, smarter, and more precise threat detection, investigation, and response (TDIR).
Setting a New Standard in Security Operations
Winning across three categories reinforces the company’s relentless drive to revolutionize security operations and put the power back into the hands of defenders.
Most Innovative Cybersecurity Company: With features and enhancements added every month for the cloud-native New-Scale Security Operations Platform and every quarter for the self-hosted LogRhythm SIEM platform, Exabeam ensures security teams always have access to the latest innovations in AI-driven threat detection, investigation, and response—delivering continuous improvements, future-ready capabilities, and a reliable cadence of updates that outpaces competitors still relying on low-value, infrequent product releases.
AI Security Solution: As adversaries weaponise AI, Exabeam is leading the charge with advanced AI and automation – enabling security teams to detect, investigate, and respond to threats with unmatched speed and accuracy.
Security Information and Event Management (SIEM): The New-Scale Security Operations Platform sets a new benchmark for modern security operations, delivering hyper-fast query performance, automated investigations, and behavioural analytics that uncover threats others miss.
“At Exabeam, customer success is our priority. Security teams need solutions that don’t just keep up with the speed of cyberthreats but help them get ahead. These awards validate our relentless commitment to delivering AI-driven security operations that empower defenders to detect, investigate, and respond to threats faster and with greater accuracy. And the best part? We’re just getting warmed up.” – Chris O’Malley, Exabeam CEO.
“Innovation is in the Exabeam DNA. From pioneering behavioural analytics to leading with AI-driven automation and OpenAPI Standard adoption, we push the boundaries of security operations. These awards reinforce our commitment to delivering cutting-edge solutions that redefine how security teams fight cyberthreats.” – Steve Wilson, Exabeam Chief Product Officer
“Innovation and AI is in the Exabeam DNA. From pioneering machine learning for behavioural analytics to AI agents for the SOC, we push the boundaries of security operations. These awards reinforce our commitment to delivering cutting-edge solutions that deliver real intelligence and real security value.” – Steve Wilson, Exabeam Chief Product Officer
As cyberthreats evolve, Exabeam remains committed to helping organisations detect, investigate, and respond to threats faster, with greater precision, and at scale. With a proven track record of industry leadership, continuous product innovation, and customer-focused advancements, Exabeam ensures security teams can stay ahead of adversaries and protect their organisations with confidence.
Radware and CHT Security partner on cyber defence
In response to the rising tide of cyberattacks targeting Taiwan, cybersecurity firm Radware has partnered with CHT Security to enhance the country’s cyber resilience. The two companies have signed a managed security service provider (MSSP) agreement, further strengthening their collaboration to deliver AI-powered application security solutions.
CHT Security, a subsidiary of Chunghwa Telecom and one of Taiwan’s leading MSSPs, will integrate Radware’s Cloud Application Protection Services into its product portfolio. The partnership aims to provide a one-stop security solution, offering businesses across Taiwan advanced defenses against increasingly sophisticated cyber threats. CHT Security also employs Radware’s on-premises DefensePro® DDoS Protection to safeguard its clients against distributed denial-of-service (DDoS) attacks.
Rising Cyber Threats in Taiwan
The agreement comes at a critical time, as cyberattacks against Taiwan continue to escalate. A recent Radware threat advisory revealed that pro-Russian hacktivist groups—including NoName057(16), RipperSec, and the Cyber Army of Russia—have launched a wave of DDoS attacks targeting over 50 organizations, including government agencies, financial institutions, and airports.
Additionally, the rapid evolution of network technology and continuous software updates have widened security gaps, leaving businesses vulnerable to zero-day exploits, ransomware, and data breaches.
AI-Driven Defence Solutions
To combat these threats, Radware’s Cloud Application Protection Service employs AI-powered algorithms, behavioural-based detection, and automation to guard against over 150 known attack vectors. This includes threats outlined in the OWASP’s Top 10 Web Application Security Risks and API vulnerabilities. The solution also offers a comprehensive suite of security features, such as a web application firewall (WAF), bot detection, API protection, and application-layer DDoS mitigation.
CHT Security’s General Manager Jeff Hung emphasised the importance of the collaboration, stating, “By combining Radware’s cutting-edge technology with CHT Security’s extensive expertise and 24/7 security operations centre (SOC), we can provide organizations with multi-layered protection against the most advanced cyber threats.”
Expanding Cybersecurity Reach in Taiwan
CHT Security serves a diverse clientele, including government agencies, financial institutions, healthcare providers, and critical infrastructure sectors. With over 300 large enterprises, 40,000 small and medium-sized businesses, and more than one million individual customers under its protection, the company plays a crucial role in Taiwan’s cybersecurity landscape.
Radware’s Vice President of Sales for the Asia-Pacific region, Yaniv Hoffman, expressed enthusiasm for the expanded partnership: “With cyberattacks becoming more frequent and complex, security teams are under immense pressure. By joining forces with CHT Security, we aim to strengthen Taiwan’s cybersecurity posture and help businesses secure their critical assets more effectively.”
Industry Recognition
Radware’s expertise in cybersecurity continues to earn global recognition. Industry analysts from firms such as Forrester Research, Gartner, IDC, and KuppingerCole have acknowledged the company as a leader in application and network security.
As Taiwan faces growing cybersecurity challenges, the collaboration between Radware and CHT Security represents a strategic move toward a more resilient digital infrastructure, ensuring businesses can operate securely in an increasingly hostile threat environment.
Security Industry Embraces Mobile Credentials, Biometrics and AI, New Trends Report From HID Finds
Latest State of Security and Identity Report reveals a shift toward software-driven solutions and artificial intelligence in 2025
As organisations navigate an increasingly complex threat landscape, security leaders are making strategic shifts toward unified platforms and emerging technologies, according to the newly released 2025 State of Security and Identity Report from HID. The comprehensive study gathered responses from 1,800 partners, end users, and security and IT personnel worldwide, and reveals a significant transformation in how businesses are approaching security, with mobile credentials and artificial intelligence emerging as key drivers of innovation.
“The security industry is at a pivotal moment where the integration of modern technology with existing infrastructure is no longer optional—it’s imperative,” said Ramesh Songukrishnasamy, Sr. VP of Engineering at HID. “The fact that 73% of security leaders now prioritise software-driven unified solutions shows we’ve moved beyond traditional siloed approaches. Organisations are demanding platforms that can scale with their needs while providing actionable intelligence.”
Key findings from the report include:
A marked increase in mobile credentials and biometrics adoption, signaling a shift away from traditional access methods
The rapid rise of mobile credentials, with 61% of security leaders identifying their proliferation as a top trend, signals a significant shift away from traditional access methods. Nearly two-thirds are either deploying or planning to deploy mobile solutions. Concurrently, demand for biometric technologies such as fingerprint, iris, and facial recognition is on the rise: about 35% of respondents currently use biometric technology, while 13% plan to, indicating significant growth potential in this segment.
Growing demand for unified security management solutions that streamline operations
As organisations diversify security technology today, many security leaders (67%) are making moves to adopt software-driven security solutions, citing that unifying multiple data collection methodologies would be “somewhat” or “very important” (73%) to their organisation.
Strong preference for open platforms that facilitate seamless integration
Interoperability has become synonymous with progress across the security industry over the last few years, and the trend continues as more than half of security professionals reported open solutions as being “extremely” or “very” important to their organisations.
Strategic focus on converging platform solutions rather than standalone products
Nearly two thirds of organisations and 73% of integrators and consultants report a shift toward software-driven security solutions that bridge physical and digital functions like video surveillance, access control, and intrusion detection into a more unified platform.
Significant channel transformation driven by digital innovation
The security channel is undergoing significant transformation driven by digital innovation. While 77% of channel partners believe they are adapting well to these changes, growing end-user demand for AI, cloud solutions, IoT integration, and advanced analytics is reshaping service expectations. To thrive, the channel must continuously evolve and adapt to meet the evolving needs of the market and keep pace with digital transformation within the security sector.
Accelerated adoption of AI agents to enhance security operations
AI agents are being rapidly adopted to enhance security operations. Use cases are proliferating across access control, identity management, video, and security management platforms. Key benefits cited include improved efficiency and speed of security processes (50%) and enhanced real-time data analysis capabilities (47%).
Continued emphasis on sustainability in security decision-making, budget allowing.
Sustainability is still a key factor in security decision-making, with 75% of security leaders now factoring it into their solution selection process. However, sustainability is not the most critical factor when selecting new solutions as security and cost-effectiveness are still the highest priority for 80% of integrators and consultants.
The full report includes additional global data and further analysis. Read it in its entirety here.
Check Point Software Technologies Partners with Cardano to deliver Real-Time Threat Prevention Security Solution for Web3 and Blockchain
Unlocking Web3: How Real-Time Security Can Drive Blockchain Adoption
Check Point Software Technologies Ltd. (NASDAQ: CHKP), a pioneer and global leader of cyber security solutions and public crypto currency platform Cardano have announced a groundbreaking partnership to develop and deliver the first comprehensive real-time security solution for blockchain. This collaboration aims to leverage Check Point’s industry-leading cyber security expertise and Cardano’s robust blockchain infrastructure to create a secure environment for Web3 applications.
Addressing the Growing Security Risks in Blockchain and Web3
As blockchain technology continues to gain traction across industries, last week’s $1.5 billion Bybit hack was a stark reminder that security remains a critical challenge hindering widespread adoption. Cyber threats in the Web3 space have escalated, with hackers exploiting vulnerabilities in smart contracts, digital wallets, and decentralised finance (DeFi) platforms among others. In 2024 alone, cybercriminals stole over $2.2 billion from blockchain-based projects, marking a 21% year-over-year increase in stolen funds, according to the Chainalysis 2025 Crypto Crime Report.
The rise of institutional blockchain adoption has further emphasised the urgent need for enhanced security measures. Institutional investment in cryptocurrency markets reached a record-breaking $70 billion in 2024, with over 58% of hedge funds now holding digital assets, up from just 36% in 2021. Despite this growth, security concerns remain a primary barrier, preventing businesses from fully integrating blockchain into their operations. According to a Deloitte 2020 Blockchain Survey of financial service industry leaders, concerns about cyber security is the biggest (71%) obstacle to the acceptance of digital assets.
How Cardano is Enhancing Security with Check Point’s Real-Time Threat Prevention
Recognising the pressing need for robust security, Cardano has integrated Check Point’s real-time security solutions to safeguard its blockchain infrastructure. Cardano, which has about $27.83-billion worth of assets and is known for its focus on sustainability, scalability, and transparency, is taking a proactive approach to cyber security by implementing real-time threat detection and prevention mechanisms.
Funding for the Check Point – Cardano initiative was provided by Project Catalyst, which empowers the Cardano community to propose, evaluate and vote on value-added projects to drive wider adoption. Recognising the critical need for a holistic security solution, the Cardano ecosystem expressed overwhelming support for the initiative.
Check Point’s advanced security framework provides continuous monitoring and proactive defence against evolving cyber threats. By leveraging real-time threat intelligence, Cardano’s ecosystem can detect and mitigate attacks before they cause significant damage. This ensures that smart contracts, digital assets, and user transactions remain protected, reinforcing trust among institutional and retail users alike.
How Check Point’s Real-Time Security Works for Blockchain and Web3
Unlike traditional security solutions that primarily focus on pre-deployment measures such as smart contract audits, Check Point’s real-time security approach offers continuous, end-to-end protection for blockchain network transactions. Key features of Check Point’s blockchain security solution include:
- Real-Time Threat Intelligence: Continuous monitoring of transactions and smart contracts to detect malicious activity before execution.
- AI-Powered Anomaly Detection: Identifies suspicious behaviour and potential vulnerabilities using artificial intelligence and machine learning.
- On-Chain and Off-Chain Protection: Secures both blockchain-based transactions and the surrounding digital ecosystem, including wallets, dApps, and DeFi platforms.
- Automated Response Mechanisms: Proactively blocks threats, preventing unauthorised access and fraudulent transactions in real-time.
By integrating these security measures directly into the Cardano blockchain, Check Point ensures that every transaction is monitored by state-of-the-art AI-powered security engines, providing a higher level of confidence for businesses, developers, and institutional investors looking to leverage blockchain technology.
Industry Leaders on the Importance of Real-Time Blockchain Security
“The collaboration between Check Point and Cardano is poised to drive widespread adoption of blockchain technology by addressing the most significant barrier to entry: security. By providing a comprehensive, real-time security solution, we aim to instil confidence in institutional players and large-scale enterprises, encouraging them to build and innovate on the Cardano network,” says Dan Danay, Head of Web3 at Check Point Software Technologies.
“The partnership between Check Point and Cardano represents a significant step forward in the quest for a secure and resilient Web3 ecosystem. As we work together to develop and implement innovative security solutions, we can look forward to a more robust and secure block chain in the future,” says Kriss Baird, General Manager for Cardano’s Catalyst.
As blockchain technology evolves, the need for real-time security solutions will only grow. By working together, Check Point and Cardano are setting a new industry standard for blockchain security, paving the way for a safer, more scalable Web3 future.
For more information, visit Check Point Software Technologies Ltd. (www.checkpoint.com)
Trump Administration suspends CIA cyber offensives against Russia, raising security concerns
Recent reports from Google Cloud Security and other sources including Radware have revealed alarming trends in state-sponsored cybercrime, underscoring Russia’s increasing reliance on cybercriminal networks for espionage and warfare. The findings raise fresh concerns about the Trump administration’s directive to the CIA to halt offensive cyber operations against Russian targets.
With officials in the White House ordering the CIA to stand down on certain cyber activities targeting Russia, this decision, which some intelligence officials viewed as a rollback of U.S. cyber deterrence efforts, coincided with Moscow’s escalating cyber activities against Ukraine, NATO allies, and Western institutions.
While Australia ramps up its defences against state-based hacktivism, there is real concern that the actions of the Trump administration will only empower Russian activists (and other states such as the DPRK and Pro-PRC forces for example) to cast their nets further.
The Google Cloud Security report, which focuses on state-sponsored cybercrime, highlights how Russia’s intelligence agencies—particularly the GRU (military intelligence), FSB (security services), and SVR (foreign intelligence)—increasingly rely on cybercriminal tools and networks to conduct cyberwarfare. By leveraging ransomware, stolen credentials, and malware sourced from the dark web, these agencies have effectively blurred the line between cybercrime and state-sponsored espionage.
Key findings from the report indicate:
- The GRU-backed group APT44 (Sandworm) has deployed ransomware-based disruptive malware against Ukrainian and NATO systems, utilising tools sourced from cybercriminal marketplaces.
- Russian intelligence groups have employed off-the-shelf cybercrime tools like DARKCRYSTALRAT and RADTHIEF to facilitate attacks while maintaining plausible deniability.
- The GRU-affiliated UNC2589 group used wiper malware such as SHADYLOOK and PAYWIPE to target Ukrainian government infrastructure in the lead-up to the 2022 invasion.
Pundits are already suggesting that Trump’s directive to the CIA to curb cyber operations against Russia will leave the U.S. vulnerable to cyber threats. The decision comes amid broader scrutiny of Trump’s relationship with Russian President Vladimir Putin and accusations of reluctance to confront Moscow over its cyber aggression.
Scaling back cyber operations will allow Russian cybercriminals and intelligence agencies to operate with greater impunity. Critics argue that the lack of an aggressive U.S. cyber posture will only embolden Moscow to intensify its cyber activities, including interference in Western elections and cyberattacks against critical infrastructure.
The latest Global Threat Analysis Report rom cybersecurity firm Radware adds further context to these concerns, highlighting the dramatic rise in hacktivist cyber activity, particularly Distributed Denial-of-Service (DDoS) attacks linked to geopolitical conflicts. According to Radware:
- Web DDoS attacks surged 550% in 2024, with 78% of global incidents targeting EMEA (Europe, Middle East, and Africa).
- Network-layer DDoS attacks more than doubled since 2022, with telecommunications and finance sectors being the primary victims.
- The total number of claimed hacktivist DDoS attacks increased by 20% over 2023, with Ukraine, Israel, and the U.S. among the top targets.
- Pro-Russian hacker NoName057(16) was the most active threat actor, claiming responsibility for 4,767 DDoS attacks in 2024.
The report underscores the evolving cyber threat landscape, where politically motivated cyberattacks are increasingly tied to global conflicts. Hacktivist groups, often aligned with state interests, have leveraged AI-powered tools to expand their reach and impact.
State-Sponsored Cybercrime Extends Beyond Russia
While Russia remains the most prolific adopter of cybercriminal infrastructure, the Google Cloud Security report also identifies similar tactics used by China, Iran, and North Korea:
- Iran’s UNC5203 group has deployed Russian-developed RADTHIEF malware against Israeli nuclear research targets.
- China’s UNC2286 has merged espionage with ransomware tactics, masking state-backed hacking activities.
- North Korea’s APT38 and APT43 continue to fund espionage and weapons development through cybercrime, particularly cryptocurrency theft.
Implications for U.S. Cyber Policy
The findings from the Google and Radware reports, coupled with Trump’s decision to curb CIA cyber activities, highlight the growing challenges in countering state-sponsored cybercrime. Experts warn that adversaries like Russia are increasingly integrating cybercriminal operations into national security strategies, making it imperative for the U.S. and other countries to bolster cyber defence and deterrence capabilities.
South Australia’s Southern Cyber Strengthens Security with a Check Point Software Prevention-First Strategy
Check Point Software Technologies Ltd (NASDAQ: CHKP), a pioneer and global leader of cyber security solutions, today announced that Adelaide-based Southern Cyber, a leading provider of cyber security solutions, has reinforced its commitment to delivering world-class cyber security by implementing a prevention-first strategy.
“As cyber security challenges grow, businesses must invest in solutions that prioritise manageability, seamless integration, and operational efficiency,” said Matt Payze, Senior Consultant at Southern Cyber. “Many security tools are overly complex, creating unnecessary hurdles. To strengthen security, tools must be easy to manage and adopt a prevention-first approach, ensuring robust protection and streamlined operations.”
As part of a program designed to enhance its security and operational resilience, Southern Cyber sought solutions that aligned with its security philosophy. The company placed a strong focus on cloud security, remote workforce protection, email security, and mobile endpoint hardening to better safeguard business operations and client data.
To address these security needs, Southern Cyber selected Check Point’s advanced security suite, including Check Point Harmony Email and Collaboration, Harmony Endpoint, Quantum Spark, Harmony SASE (Secure Access Service Edge), and Harmony Mobile. These solutions, managed through Check Point’s Infinity Portal, enable seamless and centralised security management.
The benefits delivered include:
- Harmony Email and Collaboration provides protection against phishing, business email compromise (BEC), ransomware, and malware, securing platforms such as Microsoft 365, Google Workspace, and Slack.
- Harmony Endpoint offers a prevention-first approach to security, protecting endpoints with automated posture management, data loss prevention, and advanced threat detection.
- Harmony Mobile safeguards corporate data by securing employees’ mobile devices against cyber threats.
- Harmony SASE ensures secure cloud access with zero-trust controls, visibility into SaaS applications, and enhanced data security.
- Quantum Spark delivers enterprise-grade security for small and medium-sized businesses, integrating Wi-Fi 6, 5G, SD-WAN, and IoT protection.
“We chose Check Point for its prevention-first strategy, offering proactive protection and unmatched operational efficiencies that align with our business ethos,” said Payze. “Check Point’s architecture and APIs seamlessly integrate with Microsoft 365, providing robust data loss prevention and ensuring sensitive information is protected while enabling efficient collaboration.”
Enhanced Security and Operational Efficiency
By consolidating multiple security tools into the Infinity Portal, Southern Cyber has significantly improved operational efficiency, reducing the complexity of managing various security platforms. The robust reporting capabilities within Check Point’s solutions also enable Southern Cyber to demonstrate compliance with stringent information security frameworks.
“Harmony SASE helps protect our mobile workforce, whether in the office, at customer sites, or working remotely,” said Payze. “It ensures encrypted data transfer and a trusted internet address for secure access to our systems. At the same time, Harmony Endpoint allows us to safeguard both our own mobile devices and those of our customers.”
The seamless integration between Check Point’s security solutions has also enhanced Southern Cyber’s security posture, providing comprehensive protection for endpoints, mobile devices, and cloud environments. Payze also emphasised the value of Check Point’s AI-driven cloud security capabilities, which have strengthened the company’s ability to detect and mitigate cyber threats proactively.
A Trusted Security Partnership
By implementing Check Point’s prevention-first security strategy, Southern Cyber has fortified its defences while streamlining operations and regulatory compliance. The company has gained improved threat visibility, proactive threat mitigation, and greater efficiency in managing its cybersecurity landscape.
“There are substantial advantages in working with an innovative and reputable security vendor such as Check Point,” Payze added. “The support we’ve received has been phenomenal, and we look forward to continuing this partnership to maintain the highest level of cyber security for our customers.”
Women in Security – Opportunities & Challenges
In this episode of the ASIAL Security Insider podcast, we explore the evolving landscape for women in the security industry.
We are joined by Hayley Van Loon, Deputy CEO of Crime Stoppers International and Managing Partner, Asia Pacific at Harod, and Claudia Nave, an analyst within the Digital Forensics and Threat Intelligence team from NBN Co, to discuss important issues like career opportunities, challenges, and pathways to success.
Fastly Research Reveals 93% of Organisations Working to Reduce CISO Liability Risk
Increasing CISO involvement in strategic decisions at the board level and improving legal support for cybersecurity staff among the corporate policy changes
Following a year that thrust Chief Information Security Officer (CISO) accountability into the spotlight, research from Fastly, Inc. (NYSE: FSLY), a leading global edge cloud platform provider, reveals that 93% of organisations made policy changes over the preceding 12 months to address concerns about increased personal liability for CISOs. This includes two in five organisations (41%) increasing CISO participation in strategic decisions at the board level.
In late 2023, newly adopted regulations such as the SEC rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies as well as other headlines have put an increased focus on corporate accountability for data breaches, raising an increased concern of CISO liability. To reduce this risk, 38% of Fastly research respondents have promised “increased scrutiny of security disclosure documentation from supervisory agencies” while 38% have improved legal support for cybersecurity staff, including liability insurance, and corporations have allocated more resources to security in the past year.
While these steps are a positive development, Marshall Erwin, CISO at Fastly, questions whether these changes go far enough to protect organisations and their cybersecurity personnel.
“It’s encouraging to see the vast majority of companies making changes to liability disclosure given the inevitability of another worldwide outage that will put CISO accountability back into the spotlight. However, while investing in legal protection is an important step, this change is often more about shielding organisations from legal risk rather than fostering meaningful accountability to drive better security practices,” says Fastly CISO, Marshall Erwin. “Proper accountability requires moving beyond liability insurance and disclosure edits. For meaningful change, we need to view accountability as a positive force to incentivise better security. For that, we need better, clearer standards from regulators and enforcers that distinguish between unavoidable incidents and avoidable ones resulting from truly deficient security practices.”
Shared responsibility, not a single point of failure
Fastly’s research also found that nearly half (46%) of organisations are unclear about who holds ultimate responsibility for cybersecurity incidents whilst only 36% have clearly delineated roles and responsibilities within their teams. The research points to a significant gap in how organisations internalise responsibility and translate regulatory guidance into meaningful improvements to security postures.
Marshall Erwin added, “CISOs do not make the final call on every decision. When it comes to security risks, the question a board should be asking is, ‘Are we aligning the budget to address the risks the CISO has communicated to us?’ This is where accountability should start – at the senior leadership level, with clear communication and alignment of resources.”
This responsibility doesn’t just fall on one person – it requires clear communication at every level of the organisation to understand how and why cybersecurity risks should be mitigated and how efforts should be aligned to reduce exposure.
Creating better standards
The report underscores the need for the industry to prepare for the next high-profile incident with stronger frameworks for accountability that incentivise meaningful actions, rather than just compliance measures. As regulatory standards continue to evolve, organisations should recognise that CISO liability is not a threat but an opportunity to solidify security postures and drive long-term change across organisations.
About the research
This research surveyed 1,800 key IT decision makers with an influence in cybersecurity, in large organisations spanning multiple industries across North, Central and South America, Europe, Asia-Pacific and Japan. The interviews were conducted online by Sapio Research in September 2024 using an email invitation and an online survey.
To access the full set of data and understand how businesses are consolidating tools and changing their spending habits in the wake of high-profile cybersecurity incidents, visit here.
A10 Networks Expands Cybersecurity Horizons with WAAP Innovation
In a rapidly shifting cybersecurity landscape, where APIs and web applications are prime targets for attackers, A10 Networks has reinforced its position as a leader in enterprise security with the acquisition of ThreatX Protect. This strategic move introduces a powerful web application and API protection (WAAP) solution to A10’s growing cybersecurity portfolio, addressing the pressing need for comprehensive, behaviour-based threat mitigation.
ThreatX Protect stands out in the cybersecurity space with its ability to analyse behavioural patterns, providing real-time risk assessment and proactive threat neutralisation. With businesses increasingly relying on AI-powered applications, protecting these digital assets is critical. ThreatX Protect’s capabilities align seamlessly with A10 Networks’ vision, complementing existing solutions like AI firewalls and DDoS threat intelligence.
A10’s focus on hybrid security strategies ensures that enterprises can deploy protections across diverse environments, whether in the cloud, on-premises, or hybrid infrastructures. The addition of ThreatX Protect enhances the A10 Defend portfolio, offering customers an integrated security approach to combat API-driven vulnerabilities, bot attacks, and next-generation cyber threats.
CEO Dhrupad Trivedi highlighted the acquisition’s impact, stating, “Our strategic focus is on helping enterprises secure their applications and networks from the growing number of threats today, as well as protecting the emerging AI use cases of the future.”
Beyond its immediate technical advantages, this acquisition signals a broader industry trend: cybersecurity firms are doubling down on API security as the next frontier in cyber defence. As enterprises continue to adopt digital-first strategies, securing application interactions at every level has become mission-critical.
Why cloud-based Video Surveillance is the future for SMBs
By Matt Fishback, Business Development Manager, AWS, Milestone Systems
In today’s competitive market, security remains a critical concern for small-to-medium businesses (SMBs) in Australia. Traditional on-premises video surveillance systems, while effective, often come with high upfront costs and ongoing maintenance burdens. As businesses evolve and the demand for flexible, scalable solutions grows, cloud-based video surveillance systems are emerging as a smart alternative which is often more cost-effective.
Here’s why cloud solutions are reshaping the future of security for SMBs.
Lower upfront costs, higher long-term value
Cloud-based video surveillance systems present a significant advantage over traditional on-premises solutions when it comes to upfront costs. By moving to a cloud solution SMBs can avoid big investments in hardware, infrastructure and installation. Therefore, instead of making large capital expenditures, businesses can adopt a predictable operating expense model through cloud subscriptions, spreading costs over time.
Over the long term, this shift to the cloud also removes the need for ongoing maintenance and costly hardware upgrades, as these updates happen automatically. As such, a reduced financial burden will help SMBs to focus on other parts of the business and growing their operations – as well as freeing up finances for investing in other strategic initiatives.
Maintenance-free and always up-to-date
As mentioned above, one of the standout benefits of cloud-based systems is the near-elimination of maintenance and upgrade costs. In contrast to traditional systems, which require regular hardware maintenance, software updates and eventual replacements, cloud systems are managed entirely by the service provider. This means automatic updates and maintenance are included in the subscription, ensuring that businesses always have access to the latest features and security patches. There’s no need for on-site IT personnel, specialised technicians or third-party services to come out to the premises, making cloud-based systems a hands-off, low-overhead solution for SMBs.
Additionally, cloud-based systems offer built-in network security measures, continuous monitoring, and compliance with industry standards. Regular backups and disaster recovery plans ensure that businesses are protected from data loss, without the need to invest in costly cybersecurity solutions. This high level of security, typically reserved for larger enterprises, is now available to SMBs at a fraction of the cost.
Seamless scalability as your business grows
As small businesses expand, their security needs grow with them. Cloud-based systems make scaling relatively pain-free (at least for security systems). Whether a business is adding new cameras, more users or new locations, cloud infrastructure adjusts instantly without the need for new hardware or complex installations. The flexibility of the cloud allows businesses to adapt quickly to changing demands and ensures that scaling doesn’t come with expensive IT investments.
Another key benefit is access to advanced features like AI-powered analytics, which can be deployed on-demand without upgrading physical hardware. Cloud-based systems give SMBs the ability to tap into cutting-edge technology that would otherwise be financially out of reach, ensuring companies stay ahead of the curve as they grow.
Hybrid solutions for a smooth transition
For businesses already using on-premises systems, the switch to cloud-based surveillance can seem daunting. However, hybrid solutions provide a bridge between old and new technologies. By combining cloud-based features with existing on-premises infrastructure, businesses can migrate gradually and without disruption. This also removes the burden of ripping out an old system all in once go, so cameras and other hardware can be replaced over time as they reach end-of-life.
This hybrid approach also allows integrators to tackle challenges like data integration, bandwidth requirements and security concerns in a phased manner.
Working closely with cloud service providers, integrators can also optimise network configurations and implement robust security protocols to ensure seamless integration. Comprehensive training and support are important here, and vendors working closely with their partners will make it easier for end-users to adopt new cloud-based systems while maintaining their current operations.
Advanced security features for peace of mind
Cloud-based video surveillance systems provide a level of security that traditional systems often lack. Advanced features such as end-to-end encryption for data in transit and at rest, multi-factor authentication, and automated security updates ensure that businesses are protected against modern cyber threats.
In addition, cloud-based systems offer enhanced redundancy and disaster recovery capabilities, keeping critical data safe and accessible even in the event of hardware failure.
Comprehensive audit trails and access logs also improve accountability, making it easier for businesses to comply with data protection regulations. These advanced features provide SMBs with enterprise-level security at a cost that fits their budget.
Real-time monitoring
Real-time monitoring and alert capabilities in cloud-based systems provide business owners with instant situational awareness. Automated alerts sent to mobile devices enable rapid responses to potential security threats, even when business owners are off-site. With advanced AI algorithms, these systems can distinguish between routine events and genuine security risks, reducing false alarms and allowing businesses to focus on verified threats.
By providing real-time insights and proactive alerts, cloud-based systems not only improve security but also optimise resource allocation. SMBs can allocate their time and personnel more efficiently, leading to better business outcomes.
Measuring ROI
For small businesses, the return on investment (ROI) in cloud-based video surveillance is easily measurable. Direct financial benefits include reduced hardware and IT maintenance costs compared to traditional systems, and businesses can also benefit from enhanced security that prevents potential losses and downtime.
Additionally, integrating cloud-based systems with other business operations such as point-of-sale systems or access control helps streamline processes, improve customer service, and allows business owners to make data-driven decisions that contribute to overall business efficiency. The potential for improved productivity and reduced operational costs further enhances the value of cloud-based solutions.
Operational efficiencies that drive savings
Cloud-based video surveillance systems provide operational efficiencies that suit many business conditions. With centralised management, businesses can monitor multiple locations from a single interface, reducing the need for on-site personnel. Automated updates and maintenance minimise system downtime and free up IT resources for other critical tasks.
By integrating cloud-based video systems with other business tools, SMBs can also unlock valuable insights and streamline operations. These efficiencies translate directly into cost savings, allowing businesses to improve productivity and make the most of their resources.
Cloud-based video surveillance is a strong option for small-to-medium businesses. With lower upfront costs, seamless scalability, advanced security features, and significant operational efficiencies, cloud-based systems offer a compelling value proposition for businesses looking to modernise their security infrastructure and grow with confidence.
Gallagher Security releases PIV-ready High Sec Controller 7000 designed with cyber security at the heart
Global security manufacturer, Gallagher Security has today announced the release of the latest addition to its award-winning controller product range, with the release of the High Sec Controller 7000 (High Sec C7000).
Providing customers with the confidence that Gallagher will continue to meet the highest standards of countries in the Five Eyes Alliance and ensure they’re meeting their compliances with confidence and a future-proofed vision, the High Sec C7000 has been designed with all the features of the recently released C7000 Enhanced, a FIPs approved micro, and cyber security at the heart.
The High Sec C7000 also incorporates all the core functions of the award-winning C7000 Standard variant released less than 18 months ago, while expanding them in key areas to deliver customers enhanced reliability, resilience, redundancy, and enhanced cybersecurity.
Gallagher Security Product Manager, Jim Rayner who led production on the High Sec C7000 says, “While the Controller 7000 Standard already has excellent cybersecurity functionality, the High Sec C7000 goes a step further, with higher security government and commercial applications firmly in mind.”
He adds, “We’re increasingly seeing an appetite for large users who need solutions that are certified to be used on critical national infrastructure. These are not necessarily government sites, but also commercial enterprises seeking to mitigate risk to ensure business continuity. These users are wanting devices that are PIV-ready to get that extra level of security – they want to get ahead of emerging threats.”
The High Sec C7000 is built with FIPS compliant components and is PIV-ready on release to comply with U.S. Federal Government standards for new products, and it meets Class 5 standards which require monitoring of cabling between device and controller for Australia and New Zealand high security customers including government, defence, prisons, and data centres.
The High Sec C7000 is currently undergoing the relevant compliance testing for CAPSS and AACS from the UK’s National Protective Security Authority (NPSA), and FIPS 201 (US Federal Government standards).
Providing End Users with industry-leading protection against attacks on firmware in the supply chain and a platform ready for the future, Gallagher’s C7000 product range are IP based controllers that can manage all localised access control, intruder alarms, perimeter security, business automation and logic needs for an organisation.
Able to operate independently from the Command Centre server, the C7000 product range ensures predefined responses to monitored events, site safety, and continuity, and features a highly scalable system design, able to scale from single door systems to global systems with up to 10,000 controllers per server.
The release of the High Sec C7000 takes Gallagher’s Controller 7000 product range to a total of four, including the C7000 Single Door, C7000 Standard, and C7000 Enhanced variants.
Dealing with Blast Incidents
In this episode of the ASIAL Security Insider podcast, we look at the realities of preparing for and dealing with Blast Incidents.
Our guest is Don Williams, a recognised leader in the field of bomb safety and security. In addition to being the author of Bomb Safety and Security, the Manager’s Guide, available through Amazon, and the current Managing Director of Layer 3 Services, Don has over 45 years of experience in dealing with explosives, beginning with 20 years as an army bomb technician, and then another 25 years working for a wide range of roles including corporate and government clients as well as events.
We discuss the history of bomb attacks in Australia, the types of businesses that should be most concerned about bomb attacks, the long-term impacts that need to be considered and planned for when dealing with blast events and the role security staff play in the management of a bomb incident.
Cyber Threats Escalate in 2024 as AI and Geopolitics Fuel DDoS Surge
A new report from Radware highlights an alarming rise in cyberattacks throughout 2024, with web-based distributed denial-of-service (DDoS) incidents increasing by a staggering 550%. The company’s 2025 Global Threat Analysis Report attributes this surge to geopolitical instability, expanding digital attack surfaces, and the increasing use of AI to automate and scale cyberattacks.
DDoS Attacks Grow in Size, Duration, and Sophistication
Radware’s data shows that both network-layer and application-layer DDoS attacks became more intense in 2024. Key findings include:
- Longer, larger DDoS campaigns – The average network-layer DDoS attack lasted 37% longer than in 2023, while attack volume grew by 120%.
- Geopolitical motivations drive web DDoS attacks – Hacktivist activity fuelled a 550% increase in Layer 7 (L7) web-based DDoS attacks, with EMEA bearing 78% of global incidents.
- Industries under siege – The financial sector saw the steepest rise in attacks, with a 393% increase in DDoS volume, followed by transportation (375%) and e-commerce (238%).
- North America faces API and web app threats – The region suffered 66% of all web application and API attacks, with vulnerability exploitation as the most common attack method.
According to Pascal Geenens, Director of Threat Intelligence at Radware, the rapid advancement of AI is playing a major role in these developments. “AI-driven attack automation is lowering the skill threshold required to launch large-scale cyber campaigns. Combined with ongoing geopolitical conflicts, this is creating a perfect storm of persistent and more dangerous threats.”
Hacktivist Groups and State-Aligned Actors Drive Cyber Conflict
Hacktivism continued to be a dominant force in the cyber threat landscape, with a 20% rise in claimed DDoS attacks. Telegram-based intelligence collected by Radware reveals:
- Ukraine was the most targeted nation, experiencing 2,052 claimed DDoS attacks.
- Israel and the U.S. were also prime targets, with 1,550 attacks against Israel and an uptick in attacks targeting American entities.
- Government institutions bore the brunt of attacks, accounting for 20% of all hacktivist activity.
Several well-known hacker groups led the charge, including:
- NoName057(16) – The most active, claiming 4,767 DDoS attacks.
- RipperSec, Executor DDoS, and Cyber Army of Russia Reborn, all of which conducted significant attack campaigns.
Expanding Attack Surfaces Create New Challenges
Beyond DDoS, attackers continued to exploit vulnerabilities in digital infrastructure. Web application and API attacks grew by 41%, with more than a third of malicious traffic leveraging known exploits. Meanwhile, Layer 7 DNS DDoS attacks surged, with DNS flood queries rising 87% year-over-year—financial services bore the brunt of these attacks, followed by healthcare and telecom.
“Organisations are facing a constantly evolving threat landscape,” warned Geenens. “Security teams must move beyond static defences and adopt adaptive, AI-driven strategies to counter these increasingly sophisticated attacks.”
Radware’s full 2025 Global Threat Analysis Report is available for download
The Global Impact of U.S. Trade Tariffs: Perspectives from Key Industries
Daniel Kohut, Vice President, Industry Strategy, Blue Yonder
As of February 11th, the Trump administration has announced worldwide tariffs of 25 percent on aluminium and steel imports, which form a major part of Australia’s economy.
The Trump administration’s proposed increase in tariffs on imports in other areas—ranging from 60% to 100% for China, for example—is sending shockwaves through industries worldwide, particularly in the Asia-Pacific region. With China serving as a global manufacturing hub, companies are grappling with rising costs, supply chain reconfigurations, and market volatility. Industry leaders from manufacturing, automotive, industrials, high tech, and life sciences share their perspectives on the implications of these tariffs and the strategies companies must adopt to mitigate risks.
Blue Yonder’s industry leaders across manufacturing, automotive, industrials, high tech, and life sciences share their perspectives on the implications of these tariffs and the strategies companies must adopt to mitigate risks.
In most cases the economic impacts are likely to be severe, and advanced technologies and business operational changes such as risk and scenario modelling and inventory planning will become critical to ensure business continuity.
APAC manufacturing: Navigating Supply Chain Shifts
Manufacturers in the Asia-Pacific region, many deeply integrated with China, will experience cost increases as tariffs take effect. To offset these challenges, businesses may relocate production to Vietnam, Thailand, or Malaysia. However, shifting supply chains can strain existing infrastructure and labour markets, while also increasing logistical costs. Companies will require enhanced visibility into sourcing, inventory, and compliance, with cloud-based supply chain platforms and advanced risk modelling emerging as critical tools for managing disruptions.
Automotive: Balancing Cost Pressures and Supply Chain Adaptability
The global automotive industry faces rising production costs due to increased tariffs on imported components. Automakers may respond by reshoring production closer to domestic markets, boosting local manufacturing jobs but also raising labour costs. In countries such as Mexico and Korea, the auto industry could face economic disruptions if tariffs impact cross-border trade. To counteract cost pressures, automakers are likely to enhance inventory planning, diversify suppliers, and invest in scenario modelling to navigate shifting demand and supply chain complexities.
Industrial manufacturing: Managing Rising Costs and Global Competitiveness
For industrial manufacturers reliant on raw materials like steel and aluminium, tariffs will squeeze profit margins unless costs are passed on to consumers – increasing the already high rates of inflation in many countries, Australia included. Companies may look to domestic sourcing, albeit at a higher cost, and rethink their supply chain strategies to minimise disruption. While U.S.-based manufacturers could gain an advantage in the short term, increased tariffs may also reduce competitiveness in global markets due to potential retaliatory measures. Strategic planning, cost optimisation, and government advocacy will be key to sustaining competitiveness.
High tech & semiconductors: Navigating Supply Chain Realignments
Since 2017, semiconductor and electronics companies have been shifting production from China to alternative hubs like Mexico, Vietnam, Taiwan, and Malaysia. China’s retaliatory restrictions on key minerals for rechargeable batteries and chips further complicate global supply chains. Evidence of state-sponsored cyber-attacks on Australian rare earths mining company Lynas suggest that this highly competitive market will remain closely guarded and volatile. High-tech manufacturers must optimise their network design, strengthen collaboration across multi-tier suppliers, and recalibrate inventory strategies to mitigate risks and enhance resilience.
Life sciences: Addressing Critical Supply Chain Risks
The life sciences sector, with its highly globalised supply chain, faces critical challenges as tariffs drive up costs for raw materials in pharmaceuticals and medical technology. Many materials have few alternative sources, making local production unfeasible and leading to potential shortages of essential drugs and medical supplies. Relocating suppliers or manufacturing sites in this industry requires extensive regulatory approvals, often taking 18 months or longer. Rising costs will ultimately be passed on to consumers through higher healthcare prices and insurance premiums, exacerbating existing challenges in patient care. The Trump administration’s crackdown on pharmaceutical imports (and indeed black market imports) from Canada will only exacerbate this problem.
A shifting trade landscape: Preparing for Long Term Adaption
Across industries, companies must rethink supply chain strategies, invest in digital tools for visibility and risk management, and prepare for long-term shifts in trade dynamics. Tariffs are not just a cost issue—they reshape global competitiveness, requiring businesses to adopt agile and proactive approaches to remain resilient in an increasingly protectionist environment. While the Trump administration is still very much in the early days of its second term, these changes are already playing out on the world stage. It is critical for companies to adapt rapidly and effectively.
Cybercrime: A National Security Threat That Can No Longer Be Ignored
Google’s Threat Intelligence Group has released a new report underscoring the rising threat of cybercrime to national security. The findings make a compelling case for policymakers to treat cybercriminal activity with the same urgency as state-sponsored operations, as the lines between the two continue to blur.
Cybercrime as a Geopolitical Tool
The report reveals how cybercriminal tactics are increasingly being co-opted by nation-states to further their strategic interests. The so-called “Big Four” cyber players—Russia, China, Iran, and North Korea—are leveraging financially motivated cyber operations for both espionage and economic gain:
- Russia: Facing military and economic pressure following the invasion of Ukraine, Russia has turned to cybercriminals for espionage and disruptive operations, using their expertise and resources to advance state objectives.
- China: Groups like APT41 have seamlessly integrated ransomware with intelligence-gathering efforts, creating a murky overlap between financially motivated attacks and state-sponsored cyber-espionage.
- Iran: Economic struggles have driven Iranian threat actors to rely on ransomware and hack-and-leak tactics, generating revenue while simultaneously destabilising adversaries.
- North Korea: Cybercrime has become a primary revenue stream for the regime, with cryptocurrency heists funding missile development, nuclear ambitions, and the country’s operational expenses, all while sidestepping international sanctions.
Ben Read, Senior Manager at Google Threat Intelligence Group states: “The vast cybercriminal ecosystem has acted as an accelerant for state-sponsored hacking, providing malware, vulnerabilities, and in some cases full-spectrum operations to states. These capabilities can be cheaper and more deniable than those developed directly by a state. These threats have been looked at as distinct for too long, but the reality is that combating cybercrime will help defend against state-backed attacks.”
A Growing and Destabilising Force
Cybercrime is no longer just a financial nuisance—it is a destabilising force that threatens critical infrastructure and public safety. In 2024, Mandiant Consulting responded to nearly four times more incidents attributed to financially motivated actors than to state-backed groups. This shift highlights how cybercrime has evolved into a key national security issue.
The effects of cyberattacks go far beyond financial losses. When hospitals fall victim to ransomware, patient care is jeopardised. When power grids are attacked, entire communities face significant risk. The erosion of public trust in essential services is an alarming consequence that policymakers can no longer afford to overlook.
A Call for Urgent Action
The growing convergence of cybercrime and state-sponsored hacking underscores the need for a stronger, more coordinated response. The report calls for international cooperation to tackle this evolving threat, recognising cybercrime as a national security priority on par with conventional military and intelligence threats.
Addressing this challenge requires a shift in mindset: cybercrime is not just a problem for corporations and financial institutions—it is a direct threat to national stability. As cybercriminal groups continue to evolve and integrate with state-backed operations, governments worldwide must adopt robust strategies to counteract their influence, disrupt their networks, and safeguard critical infrastructure.
“Cybercrime has unquestionably become a critical national security threat to countries around the world. The marketplace at the centre of the cybercrime ecosystem has made every actor easily replaceable and the whole problem resilient to disruption. Unfortunately, many of our actions have amounted to temporary inconveniences for these criminals, but we can’t treat this like a nuisance and we will have to work harder to make meaningful impacts,” said Sandra Joyce, VP, Google Threat Intelligence.
Cybercrime is no longer an isolated concern—it is a global crisis demanding immediate and decisive action.
