Check out the latest issue today and subscribe!
Home Blog
Security Solutions Issue 115 Out Now!
Check out the latest issue today and subscribe!
The Dark Side of GenAI: Safeguarding Against Digital Fraud
Angus McDougall, Regional Vice President, Asia Pacific & Japan at Entrust
In 2023, YouTube users in Singapore were served an unusual advertisement that featured an interview between Loke Wei Sue, a newscaster on Channel NewsAsia, and Elon Musk, CEO of Tesla Motors and owner of X. Musk, in particular, spoke favourably about a new artificial intelligence-driven (AI) investment app that allowed users to “earn up to US$237 per hour right away”.
Loke never conducted such an interview, nor did Musk attend it. Instead, the entire advertisement was created via deepfake technology.
In Australia recently, the public has been confronted by news of high school students using deepfake images to defame their cohorts, and images of finance minister Katy Gallagher and foreign minister Penny Wong have been used in an investment scam, following a trend of using Australian politicians for online fraud.
As much as generative artificial intelligence (GenAI) has created exciting new opportunities, it has unfortunately also caught the attention of fraudsters. In fact, in this brave new digital-first world, fraudsters have more tools than ever—and it’s set to cost. Globally, online payment fraud losses are predicted to increase from US$38 billion in 2023 to US$91 billion in 2028.
The rise of the GenAI fraudster
In the past, organised criminal enterprises had more resources and, thus, posed a higher threat to businesses. However, with GenAI, even the most amateur fraudsters now have easy access to more scalable and increasingly sophisticated types of fraud.
The evidence is in the data. According to Onfido, an Entrust company, 71.7% of fraud caught between 2022 and 2023 in APAC were considered “easy” or less sophisticated. The remainder was classed as “medium” (28.24%) or “hard” (0.05%)—but the level of sophistication is growing. In the last six months, “medium” and “hard” frauds have grown to 36.4% and 1.4% respectively.
How fraudsters are using GenAI deepfakes
GenAI programmes have made it easy for anyone to create realistic, fabricated content. Take deepfake videos, for example. Fraudsters have started using such videos to try and bypass biometric verification and authentication methods.
This type of attack has surged in recent years. Comparing 2023 with 2022, there’s been a 3,000% increase in deepfake attempts globally. Compounding the situation is the growing popularity of “fraud-as-a-service”, where experienced fraudsters offer their services to others.
Document forgeries
When it comes to document forgeries, there are four types that fraudsters create: physical counterfeits (fake physical documents), digital counterfeits (fake digital representations of documents), physical forgeries (physically altered or edited versions of existing documents), and digital forgeries (digitally altered or edited versions of existing documents).
Businesses operating in Asia-Pacific are more likely to see higher document fraud rates (9%) when compared to Europe (3.1%) and North America (5.1%), with the most attacked document types being ID cards (51%) and Tax IDs (29%). This heightened number of digital forgeries can be attributed to the emergence of websites such as OnlyFakes, an online service that sells the ability to create images of identity documents.
Synthetic identity fraud
Next, synthetic identity fraud is a type of fraud where criminals combine fake and real personal information, such as national ID details, to create new identities. They can then use these fake identities to open accounts, access credit, or make fraudulent purchases.
What GenAI does is to generate fake information at scale. Fraudsters can use AI bots to scrape personal information from online sources, including online databases and social platforms, which can then be collated to create synthetic identities. Synthetic identity fraud is so effective that it is predicted to create total losses of US$23 billion by 2030.
Phishing
Finally, phishing is a type of social engineering attack often used to steal user data. Fraudsters may reach out to individuals via email or other forms of communication requesting they provide sensitive data or click a link to a malicious website, which may contain malware.
Again, GenAI tools allow fraudsters to create sophisticated and personal social engineering scams at scale. For example, they could use AI tools to write convincing phishing emails or for card cracking. In fact, according to recent research, GenAI was one of the top tools used by bad actors in 2023. wormGPT, in particular, is a malicious AI tool designed to automate the creation of convincing, personalised fake emails and other malicious content.
Combatting GenAI fraud with AI
We are entering a new phase of fraud and cyberattacks. As such, the best cyber defence systems of tomorrow will need AI to combat the speed and scale of attacks—think of it as an “AI versus AI showdown”.
With the right training, AI algorithms can recognise the subtle differences between authentic and synthetic images or videos, which are often imperceptible to the human eye. Machine learning, a subset of AI, plays a crucial role in identifying irregularities in digital content. By training on vast datasets of both real and fake media, machine learning models can learn to differentiate between the two with high accuracy.
Securing digital identities against fraud
As AI-driven attacks continue to rise, businesses must consider AI-powered, identity-centric solutions that protect the integrity and authenticity of digital identities. Such solutions can help combat phishing and credential misuse with biometrics and digital certificates, neutralise deepfakes with AI/ML-driven identity verification, and authenticate customers or employees via trusted digital onboarding. These capabilities will help businesses reduce fraud exposure and stay compliant with standards and regulations.
As we look to the future, it is essential to embrace these innovations not just as a means of defence but as a proactive strategy. With identities protected and the potential for fraud diminished, we pave the way for a secure, more trustworthy digital ecosystem.
CHECK POINT SOFTWARE ANNOUNCES NEW CEO & REPORTS STRONG 2024 SECOND QUARTER RESULTS
Nadav Zafrir, renowned Cyber Security leader, will assume CEO role December 2024
Gil Shwed, Founder & CEO, will transition to Executive Chairman
Check Point® Software Technologies Ltd. (NASDAQ: CHKP), today announced its financial results for the second quarter ended June 30, 2024, and the appointment of Nadav Zafrir as Check Point Chief Executive Officer.
Second Quarter 2024:
- Total Revenues: $627 million, a 7 percent increase year over year
- Security Subscription Revenues: $272 million, a 14 percent increase year over year
- GAAP Operating Income: $209 million, representing 33 percent of revenues
- Non-GAAP Operating Income: $265 million, representing 42 percent of revenues
- GAAP EPS: $1.74, a 3 percent increase year over year
- Non-GAAP EPS: $2.17, an 8 percent increase year over year
“I’m excited to share great news. Check Point delivered an outstanding second quarter as customers continued to embrace the AI driven, cloud delivered Infinity Platform to achieve the highest levels of security,” said Gil Shwed, Check Point founder and CEO. “The success of Infinity during the quarter was underscored by its double-digit growth and significant deals with Fortune Global 500 organisations.”
New CEO Appointment:
For the past 10 years, Nadav Zafrir has been a co-founder and managing partner at Team8, a global venture creation and venture capital fund. Team8 establishes and invests in companies focused on cyber security, Data & AI, Fintech and digital health. He built, invested and chaired 17 cyber security companies in addition to dozens of other technology companies he has consulted and mentored. He previously served 25 years in the IDF, retiring as a Brigadier General. Since 2019, he has served as Chairman of the Board of SolarEdge Technologies, a Nasdaq traded smart energy company. Mr. Zafrir will assume the CEO role in December 2024 and will join Check Point’s Board of Directors upon shareholder approval at Check Point’s next Annual General Meeting. Gil Shwed will become Executive Chairman of the Board.
“We are concluding a thorough CEO search process after examining candidates from around the world and found the perfect individual. Nadav has been a key leader in the global cyber security ecosystem for over a decade. Having lived in New York and Tel Aviv, he became one of the most respected figures within the global CISO community. He established and led multiple cyber security companies and partnered with the world’s largest security vendors. I admire his achievements and leadership skills and I am excited about his appointment, and believe he is the right leader to take Check Point to new heights,” concluded Mr. Shwed.
“I am honoured to join Check Point, a pioneer that shaped modern cyber security, and a hotbed for entrepreneurship,” said Nadav Zafrir. “Over the last decade, I’ve collaborated with global cyber security leaders and teams, witnessing firsthand their incredible efforts to safeguard global networks from sophisticated attackers. I am in awe of the work of security practitioners and their organisations deserve the best security. In our turbulent world, on the brink of another acceleration point as AI redefines our lives, cutting-edge cyber security is more critical than ever. Check Point is uniquely positioned to lead development of the next stage of security for our complex world. I look forward to working with the company’s accomplished leadership team and Gil to write the next chapter in Check Point’s growth,” concluded Mr. Zafrir.
Financial Highlights for the Second Quarter of 2024:
- Total Revenues: $627 million compared to $589 million in the second quarter of 2023, a 7 percent increase year over year.
- GAAP Operating Income: $209 million compared to $221 million in the second quarter of 2023.
- Non-GAAP Operating Income: $265 million compared to $263 million in the second quarter of 2023.
- GAAP Taxes on Income: $36 million compared to $41 million in the second quarter of 2023.
- GAAP Net Income: $197 million compared to $202 million in the second quarter of 2023.
- Non-GAAP Net Income: $246 million compared to $238 million in the second quarter of 2023.
- GAAP Earnings Per Diluted Share: $1.74 compared to $1.70 in the second quarter of 2023, a 3 percent increase year over year.
- Non-GAAP Earnings Per Diluted Share: $2.17 compared to $2.00 in the second quarter of 2023, an 8 percent increase year over year.
- Deferred Revenues: As of June 30, 2024, deferred revenues were $1,818 million compared to $1,774 million as of June 30, 2023, a 2 percent increase year over year.
- Cash Balances, Marketable Securities and Short-Term Deposits: $3,058 million as of June 30, 2024, compared to $3,515 million as of June 30, 2023.
- Cash Flow: Cash flow from operations of $200 million compared to $191 million in the second quarter of 2023.
- Share Repurchase Program: During the second quarter of 2024, the company repurchased approximately 2.1 million shares at a total cost of approximately $325 million. On July 11, 2024, the company announced that the board of directors authorized a $2 billion expansion of the company’s on-going share repurchase program. Under the extended share repurchase program, Check Point will be authorized to continue repurchasing its shares up to $325 million each quarter.
To follow this and other Check Point news visit:
- LinkedIn: https://www.linkedin.com/company/check-point-software-technologies
- YouTube: http://www.youtube.com/user/CPGlobal
- Blog: http://blog.checkpoint.com/
- X (Formerly known as Twitter): http://www.twitter.com/checkpointsw
Paris 2024 Olympics: Hacktivists Plotting Major Cyber Disruptions, Warns Radware
Radware has issued a critical alert, indicating that hacktivists are preparing to unleash sophisticated DDoS attacks on the Paris 2024 Olympics.
Rising Cyber Threats
Radware’s cyberthreat intelligence team has identified that hacktivists are targeting the digital infrastructure of the upcoming Paris Olympics. The primary targets include high-visibility platforms such as ticketing, streaming, and betting services, aiming to create widespread disruption and advance political motives.
A Look Back at Previous Games
Cyberattacks have plagued previous Olympics, with the 2016 Rio Games experiencing large-scale DDoS attacks peaking at 540 Gbps, powered by IoT botnets. The Tokyo 2020 Olympics faced an unprecedented 450 million attacks. As geopolitical tensions escalate, the Paris 2024 Games could see even more severe disruptions.
Recent Developments
In June 2024, Russian hacktivist groups HackNeT and the Cyber Army of Russia Reborn conducted DDoS attacks on various French websites, including those of the La Rochelle International Film Festival and the Grand Palais. These groups, linked to the Kremlin, described these attacks as “training exercises” for larger disruptions planned during the Olympics.
Strategic Targets
Hacktivists are expected to target several key areas:
- Olympics logistics: Ticketing systems, venue access control, and hotel booking platforms.
- Media streaming: Official Olympics streaming services and major broadcaster platforms.
- Sports betting: Online betting services for Olympic events.
- Financial services: Payment processors involved in Olympics transactions.
- Tourism and hospitality: Airline booking systems, hotel reservation platforms, and travel websites.
- Olympics-specific services: Official mobile apps and volunteer coordination systems.
Impact Potential
Any downtime, even brief, could lead to significant media uproar and operational chaos, risking public safety, diplomatic relations, and the Olympic brand’s integrity. The ongoing Russia-Ukraine conflict and Middle Eastern tensions further intensify the situation.
Enhanced Attack Techniques
Hacktivists are now equipped with advanced AI tools, such as CAPTCHA-solving technologies, to enhance the volume and effectiveness of their attacks, making traditional defences less effective.
Proactive Defense Strategies
Radware advises organisations to adopt comprehensive DDoS protection strategies, including:
- Hybrid DDoS protection combining on-premise and cloud solutions.
- Behavioural-based detection for precise anomaly identification.
- Real-time signature creation to counter new threats.
- A well-prepared cybersecurity emergency response team.
- Intelligence gathering on active threat actors.
Additionally, Radware recommends thorough network and application inspections, along with advanced web application security measures, to mitigate risks and protect against evolving threats.
See the full report here: threat intelligence report
Secure Code Warrior Introduces Industry-first Solution that Measures Developers’ Security Competencies for Code Commits
New SCW Trust Agent facilitates a Secure-by-Design approach for enterprises; equips security leaders with unparalleled visibility into their organisations’ software security posture.
Secure Code Warrior, the global, developer-driven security leader, today announced the availability of SCW Trust Agent – an industry-first solution that assesses the specific security competencies of developers for every code commit. This innovative offering enables CISOs and application security (AppSec) teams to embrace a Secure-by-Design approach with deeper visibility into their organisations’ software development security posture.
The launch of SCW Trust Agent follows the company’s rollout of SCW Trust Score, the first industry benchmark that quantifies the security posture of organisations’ developer teams. Both innovations apply over 20 million learning data points collected from 250,000 developers around the world. These deliver quantitative mechanisms that, when paired with Secure Code Warrior’s agile learning platform, become an integral part of an organisation’s secure software development lifecycle.
“At Secure Code Warrior, we are unlocking new value for CISOs by giving them an easy-to-deploy solution to measure the health of code commits and visibility into the hundreds of source code repositories in their organisation,” said Pieter Danhieux, Co-founder and CEO, Secure Code Warrior. “Our innovations are putting organisations in a better position to bridge the visibility gap between a developer’s skill sets and quality of code produced without sacrificing development velocity.”
SCW Trust Agent works seamlessly with any Git-based code repository including GitHub, GitLab, Atlassian Bitbucket and more. With every commit, it looks to see if the developer making it has the prescribed secure code skillset in the commit’s programming language. It uses this information to give a rating on the health of that commit and aggregates these ratings across all of your repositories.
SCW Trust Agent delivers greater control and flexibility for developer gatekeeping. It allows administrators to set up policies and criteria, ensuring developers meet a baseline set of standards and expectations before developing code. For any gaps in developer skills, they can reference the SCW agile learning platform to upskill their language specific knowledge and competencies.
Overall SCW Trust Agent delivers:
- Improved Security Controls: Customise policy configuration based on the sensitivity of project requirements
- Comprehensive Visibility: Actionable insights into the security posture of every commit across all of your code repositories
- Developer-Led Security at Scale: Deliver projects securely at speed – allowing application security teams to focus on the most sensitive security reviews
For more information on SCW Trust Agent, visit: www.scwtrustagent.com
Introducing Tedee – The new innovation making keyless entry easy!
We look at the latest in keyless entry from Tedee. This easy-to-install smart lock is the ideal solution for a wide range of applications including keyless entry upgrades, rental properties, multi-residential developments and small business access control. Be sure to check out the new Tedee range at the Security Expo taking place at Darling Harbour in Sydney from the 21st to the 23rd of August.
For more information on Tedee visit Tedee.com
To register for a free attendee pass to the Security Expo visit https://securityexpo.com.au/
Property fund manager ISPT deploys digital access technology
Australian commercial real estate firm ISPT is enhancing their employee experience by providing cutting-edge digital technology to access all corporate spaces and amenities -allowing use of a smart phone or watch to unlock doors, access meeting rooms and lockers, as well as ‘unlocking’ digital hardware such as printers.
This ‘street-to-seat’ employee badge technology is powered by HID Mobile Access, and provisioned by onUgo. It will be deployed at ISPT’s Sydney hub initially, with further roll-outs to follow in Melbourne, Brisbane and Perth.
ISPT deployed HID Mobile Access® through its technology partner onUgo, to enable employee badges in digital wallets at ISPT’s office in George Place, Sydney. This is ahead of a larger portfolio implementation that has commenced across a number of ISPT’s flagship office precincts nationally.
This allows employees and tenant communities the convenience and flexibility of using their smartphones and smart watches to access all corporate spaces, amenities and services seamlessly without the need for traditional swipe card access.
ISPT is the first commercial real estate firm in Australia to deploy HID’s employee badge in a digital wallet. The deployment signifies a leap forward in ISPT’s commitment to leveraging cutting-edge technology to enhance workplace efficiency, security and employee satisfaction.
In addition to 24 York St and 345 George St at George Place, HID’s solution has also been deployed at ISPT’s 477 Pitt Street in the heart of Sydney’s Tech Central with additional precincts in Melbourne, Brisbane and Perth to follow.
Aligned with ISPT’s goal of harnessing advanced property technology (PropTech) to provide exceptional experiences for tenant partners, HID Mobile Access — along with the best-in-class technology integration by onUgo — provides seamless, contactless street-to-seat access. By leveraging HID’s innovative approach to simplifying building access management, onUgo enables ISPT and its tenant partners to enhance workplace efficiency, security and end-user experience for all their employees.
Key benefits of HID’s employee badge in digital wallet
- Enhanced security: The employee credential in digital wallet solution employs advanced encryption and security protocols to ensure that access to ISPT’s premises is both safe and secure.
- Unprecedented convenience: Employees can now access office spaces, meeting rooms, printers, lockers and other facilities with just a tap of their smartphone or smart watch, eliminating the need for physical badges and access cards.
- Sustainability: By transitioning to digital credentials, ISPT underscores its commitment to environmental sustainability, reducing the need for plastic card production and disposal.
- Future-ready security and identity infrastructure: This initiative supports ISPT’s broader vision and long-term plan to create a technologically advanced, efficient and flexible working environment that meets the evolving needs of its workforce.
“Our partnership with HID and technology partner onUgo is a testament to ISPT’s commitment to innovation and to providing best in class experiences for our tenant partners. By adopting HID Mobile Access, we are not only enhancing the security and efficiency of our operations across our office portfolio, but also offering our tenant partners a level of convenience and flexibility that is critical in today’s fast-paced and technology-driven world. This is just the beginning of our journey towards creating a more connected, innovative and sustainable experience within our office communities,” said Nicole Ward, Head of Portfolio (Office) for ISPT.
“We are proud to partner with both ISPT and onUgo in revolutionising access control within the commercial real estate sector in Australia. Our mobile access solutions, delivered to market by highly skilled technology partners, are designed to offer unparalleled security and convenience and we are excited to see how ISPT will leverage this technology to benefit their tenant partner’s operations,” said Steve Katanas, regional head of mature markets, ANZ, Physical Access Control Solutions, HID.
Commvault appoint first ‘AI officer’
Data resilience leaders Commvault have made an interesting appointment, securing Pranay Ahlawat to the role of CTO and AI Officer.
Reporting to Chief Product Officer Rajiv Kottomtharayil, Ahlawat will oversee Commvault’s product vision and development lifecycle, focusing on helping customers ‘advance cyber resilience, including through modern AI technologies’ according the the media release.
Ahlawat brings to Commvault a rich background in AI, cloud and infrastructure software, business strategy, product development, and operations. Prior to joining Commvault, Ahlawat held leadership roles at Boston Consulting Group (BCG), advising software and Software as a Service (SaaS) companies on cloud and infrastructure. He also globally led the product innovation and engineering topic at BCG and the firm’s thinking on the impact of Gen AI on software development.
“Organisations today are facing unprecedented levels of cyber threats and attacks and require innovative solutions that can help them stay ahead of bad actors and get the most value out of their data,” said Ahlawat. “I’m thrilled to join Commvault and help build the next generation of cyber resilience solutions that address customers’ most critical security challenges.”
“Pranay brings a wealth of industry expertise on how AI is evolving and revolutionising business operations,” said Kottomtharayil. “Commvault is excited to leverage his industry knowledge to transform our approach to AI, building advanced solutions that enhance our Data Management and Cyber Recovery Platform.”
Behind the scenes: The essential work of security officers in ensuring public safety
Scanlon Foundation Research Institute new publication release
July 2024
Faraz Tahir counted himself lucky to have come to Australia. In truth, Australia was lucky to have him. He was grateful to Australia. Today… our nation remembers his bravery….” (Prime Minister, Anthony Albanese)
The security sector is often maligned for its failings. Yet, it is playing an increasingly important role in ensuring public safety and security alongside the police and military – something that is increasingly more evident from recent media coverage.
This new essay reflects on the contributions of this growing industry through the lens of social cohesion. How does public safety facilitate social cohesion and how does the protection of public spaces build social connection and community strength?
While the impetus for these reflections arose some time before the April Bondi Junction stabbings, the attack underscored the importance of the security sector in ensuring public spaces are open, accessible and safe. Australia’s security officers are crucial to these efforts.
Sometimes it takes an incident as grave as the Bondi Junction incident to highlight the unseen work of the men and women who are increasingly bearing the responsibility for keeping us safe. Many of these individuals are new Australians, carrying out their work with dedication in the place they have decided to call home. Their work makes a crucial contribution to our social cohesion and, as we have seen recently, often involves considerable risk.
Today on Wednesday 24 July 2024 – International Security Officers’ Day, let us recognise the work of security officers all across Australia.
About the Author
Trish Prentice is a qualitative researcher with a particular interest in social cohesion. She has worked in Australia and overseas in the government, academic, corporate and not-for-profit sectors, including in Cairo, Egypt, working for an organisation specialising in Arab-West Understanding and in Geneva, Switzerland for a human rights group with United Nations Special Consultative status. Trish holds degrees in Education and Law and has managed research projects in Indonesia, Singapore, Pakistan and Australia. She has written on a variety of topics for academic and general audiences. Trish joined the Scanlon Foundation Research Institute in 2020.
A note of thanks
As part of International Security Officers’ Day, the Scanlon Foundation Research Institute would like to highlight the work of the Australian Security Industry Association Ltd (ASIAL), who were featured in our essay. ASIAL is the peak body for security professionals, representing over 162,000 licensed personnel in Australia, and this year is calling on the community to acknowledge the vital role security officers play in keeping us safe. These professionals protect hospitals, defence bases, shopping centres, offices, concerts, airports, and more. As first responders, their swift actions can be life-saving, and their professionalism ensures a safer environment for everyone. Security officers contribute positively to our community every day. Join the Scanlon Institute and ASIAL in thanking these often-unsung heroes, either in person or via social media using the hashtag #thankyousecurityofficers.
To find out more about the Scanlon Foundation Research institute visit www.scaloninstitute.org.au or email info@scaloninstitute.org.au
The Growing Threat of Cyber Warfare to Critical Infrastructure
Russia’s invasion of Ukraine and the resulting prolonged conflict has caused reverberations around the globe. While fighting continues across swathes of country, increasingly intense battles are also occurring online.
Evidence is emerging that established hacking groups have taken sides with one country or the other. They are using their knowledge and skills to wage a campaign of cyber warfare designed to cause disruption and losses.
In some cases, select groups have been reported to be effectively operating as a weaponised wing of each nation’s military and being paid for their efforts. Activities are being undertaken at a scale rarely seen before in global history.
The targets for these motivated hackers tend to be the critical infrastructures of both countries. Everything from water and electricity grids to communications networks and healthcare facilities are coming under sustained attack.
As an example, the Australian Government’s CISC cyber department recently shared a case study detailing that in the hours before Russian military operations started in Ukraine, US satellite company Viasat, which provided satellite communication capability to Ukraine, was the target of a cyber sabotage event. Targeting ground infrastructure, Russian linked entities deployed ‘wiper’ malware against Viasat modems and routers, quickly erasing all the data on the system, which disrupted Ukraine’s communication capabilities.
As a result, governments and private-sector organisations on both sides are on constant alert. They understand the severe ramifications of a successful cyberattack and the flow-on impact it can have for citizens.
Different attitudes ‘down under’
When it comes to awareness of attacks by organised hacking groups in Australia, however, it tends to be a different story. While recently introduced critical infrastructure protection legislation may help to address this, there is still clearly room for improvement.
One of the key challenges faced by many organisations that run critical infrastructure is the legacy nature of their control networks. As well as core IT networks, most are also likely to have older operational technology (OT) networks that actually control the industrial infrastructure.
While they are happy to secure their IT resources, many operators can be reluctant to put similar measures into their OT networks. This is often because these operational networks have been designed and are managed by industrial engineers that have typically been in place for a considerable number of years. In addition, also due to the sensitive nature of the OT delivered services such as nuclear power, air traffic control and broadcasting, a few seconds of delay caused by a security hop or a false positive can have a disastrous impact.
Historically, even though most of these environments were air-gapped and not connected to the public Internet, we have still seen a number of successful attacks across the years ranging from Stuxnet in 2010 which was perpetrated via USB key insertion, to supply chain attacks, physical compromise and insider threats.
But now with the advent of IT/OT convergence whereby many organisations are unlocking digital transformation efficiencies by managing their OT networks via their IT nework (or even via the Internet in some cases) the attack surface floodgates have opened up.
OT and connected systems, including corporate networks, will likely be of enduring interest to malicious cyber actors. OT can be targeted to access a corporate network and vice versa, potentially allowing malicious cyber actors to move laterally through systems to reach their target. Even when OT is not directly targeted, attacks on connected corporate networks can disrupt the operation of critical infrastructure providers. Adoption of Industrial IoT in critical infrastructure also leads to a growing integration of third-party inputs for information, data sharing and data analytics.
Examples of this include cyber criminals attacking US critical infrastructure targets such as drinking water utilities across multiple states, critical infrastructure assets providing power and water to US military sites, and ransomware of critical infrastructure energy targets such as Colonial Pipeline.
Tighter restrictions
In recognition of these risks the Australian Government recently amended the Security of Critical Infrastructure (SOCI) Act 2018 to widen the definition of what is deemed to be critical infrastructure by including 11 new industry verticals ranging from supermarkets to broadcasting.
Organisations that now fall within these parameters are required to meet more stringent security measures to protect their infrastructures due to new requirements of mandatory cyber incident reporting requirements, submission of a documented annual risk management program signed off by the board of directors and details their identified gaps in their cyber posture along with mitigation strategies. And, most importantly, these entities now need to adodpt and comply to a recognised cybersecurity framework such as NIST, ISO or at the very least maturity level one of the Essential Eight.
Those entities deemed ‘significant’ by the government will also need to establish a incident response plan and test their resiliency by undertaking regular tabletop exercises and vulnerability assessments to determine their level of preparedness for an attack.
Whilst the SOCI Act brings more awareness to the threats faced by critical infrastructure, the legacy bastions responsible for the OT networks are traditionally very adversarial towards IT and cyber teams due to concerns noted above and as such a brighter spotlight will need to be shone on the risk of not implementing a diligent approach to securing their industrial control systems. There also needs to be ongoing educational awareness of IT-Cyber-OT across the respective teams, so that they can start to understand each other better in order to deliver a more unified security posture across the organisation.
As a follow up to the Risk Management Program (RMP), we would ideally like to see guidelines more specific to addressing the physical operational networks such as segmenting the networks to reduce lateral movement by an attacker, minimum levels of firmware and patching, and more security controls deeper into the OT network to tighten the exposed gaps and provide greater visibility.
From our experience of dealing with the critical infrastructure industry and with the current compliance frameworks, we feel that these entities would benefit from a more specific critical infrastructure cyber security framework more exacting to their environments and challenges. Think something like a more advanced Essential Eight for example with a more realistic understanding of industrial control systems and SCADA management systems that power OT networks along with the burgeoning Industrial Internet of Things technologies that are starting to see mainstream adoption.
Exabeam and LogRhythm Complete Merger and Announce New Company Details
The combined organisation will empower customers with a best-of-breed, AI-driven security operations platform fortified with high-integrity data ingestion
In a strategic move set to define the future of the cybersecurity landscape, Exabeam, delivering industry-leading AI and automation for accelerated threat detection, investigation, and response (TDIR), and LogRhythm, renowned for its high-integrity, trusted data ingestion, today announced the successful completion of their previously announced merger. The merger combines unparalleled technological innovation with reliable data to create an AI-driven security operations platform that delivers the most efficient and accurate security information and event management (SIEM) and user and entity behaviour analytics (UEBA) solutions in the industry.
Moving forward, the company will leverage the best of both organisations to create a best-of-breed cybersecurity vendor relentlessly focused on empowering security analysts, security engineers, and CISOs with the tools, intelligence, and guidance needed to safeguard their organisations against cyberthreats. The company will retain the Exabeam name and refresh the visual brand to represent the merging of two industry leaders and honour the legacy of the long-established LogRhythm brand.
Exabeam has also unveiled its product roadmap and strategy, highlighting the proven, cloud-native AI-driven Exabeam Security Operations Platform that will serve as the foundation of its future product offerings. On-premises LogRhythm SIEM customers will benefit from the powerful analytics offered through the Exabeam platform to combat sophisticated and credential-based attacks. The company remains committed to quarterly launches to its cloud-native and on-premises SIEM offerings as demonstrated by LogRhythm since July 2022. By integrating AI-driven automation with reliable data, this strategy aims to streamline security operations and accelerate TDIR, empowering security teams to focus on quickly and effectively mitigating complex threats.
Leadership Team
The new leadership team, composed of experienced executives from both companies, will drive Exabeam’s strategic direction and operational excellence:
Christopher O’Malley – Chief Executive Officer
Steve Wilson – Chief Product Officer
Kevin Kirkwood – Chief Information Security Officer
Allwyn “Olly” Lobo – Chief Development Officer (Cloud-native SIEM)
David Rizzo – Chief Development Officer (Self-managed SIEM)
Barry Capoot – Chief Financial Officer
Joanne Wong – Chief Marketing Officer
Matt Sarafian – Chief People Officer
Chris Cesio – Chief Revenue Officer
Peter Harteveld – Chief Value Creation Officer
“We are on the brink of a revolutionary shift in cybersecurity. By merging cutting-edge, AI-driven technology from Exabeam with the unmatched data integrity of LogRhythm, we are setting a new, unparalleled standard for security operations,” said O’Malley, CEO of Exabeam. “Together, our combined expertise, innovation velocity, and vision will propel AI-driven cybersecurity solutions to new heights. Unlike the tech conglomerates that have left customers exposed in the critical battle against cyberattacks, our unwavering focus remains on empowering the true heroes of security. ”Good enough” is not enough in the mission-critical matter of security operations. Today, we are proud to deliver a best-of-breed SIEM and UEBA experience purposefully and tenaciously focused on customer success.”
“Our team is stacked with expertise from both organisations that will accelerate our ability to deliver customer value. The Exabeam Security Operations Platform offers a comprehensive, foundational solution adaptable to any business – whether leveraging cloud infrastructure, adopting a hybrid model, or staying on-premises,” said Wilson, Chief Product Officer of Exabeam. “By augmenting LogRhythm SIEM with Exabeam’s New-Scale AI-driven features, including UEBA and Exabeam Copilot, we will offer incredible new value to existing LogRhythm customers. New and existing Exabeam customers alike can look forward to continued innovation as we optimise our product, training, and service synergies. Together, our team will continue to address the ever-advancing threats created by the introduction of AI and empower our customers’ security operations teams to be more efficient and effective.”
“We see tremendous opportunity within TDIR, SIEM, and UEBA and believe that together LogRhythm and Exabeam are better positioned to capture this growing market by offering their customers the comprehensive solutions they need to help protect their organisations from ever-evolving cyberthreats,” said Chip Virnig, a Partner at Thoma Bravo. “We look forward to Exabeam’s continued growth and innovation, powered by the combined company’s differentiated AI-driven security operations platform and loyal global customer base.”
Supporting Analyst and Customer Quotes:
Dayforce
“Exabeam’s cutting-edge technology and customer focus have fuelled the strong, collaborative relationship I have had with Exabeam over the last ten years,” said Colin Anderson, CISO Dayforce. “I am excited for Exabeam’s announced merger and look for this partnership to accelerate the innovative product roadmap and build on best-in-class service capabilities. Best wishes to Exabeam as they embark on this new chapter of continued success and growth.”
BECU
“We are incredibly pleased with the value we’ve seen from Exabeam solutions in securing our data and gaining the necessary visibility needed to protect our organisation. Exabeam has been a true and trusted partner for BECU.” said Jamie Schademan, Director Cyber Platform Security. “Congratulations to everyone involved in the merger and this next phase of growth for the company. We look forward to continued cybersecurity excellence and innovation from the Exabeam team.”
Enterprise Management Associates
“The merger of Exabeam and LogRhythm will undeniably improve the security operations landscape. With their combined strengths and product leadership the new organization is well equipped to tackle the challenges of modern security operations, offering a robust defense against sophisticated threats,” said Chris Steffen, Research Vice President – Information Security, Enterprise Management Associates. “This merger not only enhances the value proposition for customers, but also sets the stage for continued innovation and growth in the cybersecurity market.”
Institute of Chartered Accountants in England and Wales (ICAEW)
“As a long-time customer of LogRhythm, I’ve always been impressed with their commitment to innovation and delivering reliable security solutions. The merger with Exabeam opens a new horizon for us. In the accounting and finance sector, where data integrity and security are critical, we’re excited to see how this new powerhouse will push the boundaries of what’s possible. The advanced tools from this merger will enhance our security operations and help us stay ahead of sophisticated cyberthreats,” said Jason Harris, IT Security Manager at Institute of Chartered Accountants in England and Wales (ICAEW).
J.P. Morgan Securities LLC acted as exclusive financial advisor and Goodwin Procter LLP acted as legal advisor to Exabeam on the transaction. Kirkland & Ellis LLP acted as legal advisor to LogRhythm on the transaction.
To learn more about the go-forward organisation, read the blog from Exabeam Chief Executive Officer, Christopher O’Malley.
International Security Officers’ Day (24 July) – an opportunity to say ‘thank you’ to Security Officers for helping to keep us safe
This Wednesday, 24 July 2024 – International Security Officers’ Day – the Australian Security Industry Association Ltd (ASIAL) is calling on the community to acknowledge the role performed by security officers 24/7 in keeping us safe.
A vital part of Australia’s national security mix, Security Officers perform an important frontline role protecting hospitals, defence bases, shopping centres, offices, concerts and sporting events, as well as licensed premises, airports, critical infrastructure and more.
The tragic events that unfolded at Bondi Junction Westfield on 13 April 2024 highlighted the dangers faced by frontline Security Officers who 24/7 perform a vital role in keeping the community safe.
As first responders, their fast thinking and swift actions can mean the difference between life and death in many instances. Their professionalism and measured actions in often challenging environments help create a safer environment for everyone.
Security Officers Maddison Fitzgerald, Taha Iskandar, Deniz Colak and Mansoor Khalid are representative of the 162,535 licensed security personnel across Australia who are making a positive contribution 24/7 to protect our community.
A global security industry initiative originating in Australia and now in its ninth year, International Security Officers’ Day is a day to acknowledge the contribution of the 25 million private security personnel across the globe.
At its core, the day is about acknowledging the often unsung and unrecognised security professionals.
ASIAL CEO Bryan de Caires said: “On 24 July, we are calling on business, government, and the wider community to acknowledge the thousands of frontline Security Officers across the country who work 24/7 to keep us safe by saying, ‘thank you’.”
“It only takes a moment to say ‘thank you’ to the Security Officers at your workplace, local shopping centre, club or pub, or when you go through airport security screening. Or you can acknowledge them through your social media network using the hashtag #thankyousecurityofficers,” said ASIAL CEO Bryan de Caires.
With growing demand for the services provided by the security industry across all sectors of the economy, International Security Officers’ Day is a day to say ‘thank you’ to those who help to keep us safe.
How do I get involved?
Celebrating International Security Officers’ Day is simple. As an individual, you need only acknowledge any security officers you see on the day. Simply smile at that person and say thank you. It’s that simple!
If you run a security company, there are a range of things you can do:
- Send an email to your staff acknowledging the day and merely thank them for their service;
- You could organise a morning tea or make a site visit to say thank you in person;
- If you are a company that uses security staff, a simple smile and a thank you is all it takes;
- Send an email out to your staff asking them to participate by doing the same;
- Download the International Security Officers’ Day Thank you poster for distribution around your office or via your communications channels;
- Post photos of your security officers being acknowledged to ASIAL’s or your own Facebook page;
- Copy the social media artwork provided, and share the #thankyousecurityofficers on your social media network.
- Mention International Security Officers’ Day in a press release.
Download the poster Download the poster with print marks
Download social media artwork Download ISOD certificate of appreciation
International Security Officers’ Day pins 2024
International Security Officers’ Day pins are available for purchase at a cost of $27.50 + GST for 10 pins (delivery in Australia only). Click here to purchase>
International Security Officers’ Day Logos
Click to download
A global security industry initiative, International Security Officers’ Day is now celebrated in a wide variety of counties across the world including Australia, Bangladesh, Canada, China, New Zealand, Hong Kong, Macau, India, Ireland, Italy, Singapore, Sri Lanka, United Kingdom, USA, Suriname and Thailand.
The long term goal is to build enough support around the world to petition to the United Nations to formally declare 24th July, each and every year as International Security Officers’ Day to recognise the contribution made by the often nameless and unseen thousands of security officers in helping to keep us safe.
They don’t do it for the rewards, and they certainly don’t do it for public praise.
So help us say thank you and show your appreciation by supporting International Security Officers’ Day by saying thank you and using #thankyousecurityofficers on social media.
Listen to the Security Insider Podcast with Jason Brown, one of the founders of International Security Officers’ Day.
Press the subscribe button to subscribe on Apple Podcast, Android Podcast, Blubrry Podcasting, RSS and Google Podcasts.
For more information on International Security Officers’ Day contact ASIAL on 1300 127 425, email contactus@asial.com.au or visit www.asial.com.au/ISOD.
Escalating Cyber Threats in Cloud Environments: Insights from Google Cloud’s “Threat Horizons” Report
As cloud adoption continues to surge, the security landscape becomes increasingly complex. Google Cloud’s “Threat Horizons” report sheds light on emerging cyber threats targeting cloud infrastructures, highlighting the critical need for robust security strategies. This detailed analysis provides valuable insights for security professionals seeking to safeguard their cloud environments.
Surge in Advanced Persistent Threats (APTs)
The report identifies a notable increase in Advanced Persistent Threats (APTs). These sophisticated, prolonged cyberattacks are typically state-sponsored and aim to steal sensitive information or disrupt operations. Security teams must prioritise advanced threat detection mechanisms to identify and mitigate these stealthy intrusions.
Supply Chain Attacks: A Growing Concern
One of the most significant findings in the report is the rise in supply chain attacks. Cybercriminals are increasingly targeting third-party software and services to infiltrate broader networks. This tactic allows attackers to compromise multiple organizations simultaneously, amplifying the potential damage. To counter this, rigorous vetting and continuous monitoring of third-party vendors are imperative.
Zero-Day Exploits: A Persistent Threat
The report highlights a surge in zero-day exploits, which leverage unknown software vulnerabilities. These attacks leave systems exposed until a patch is developed and deployed. Rapid identification and response to zero-day exploits are crucial to minimising their impact. Security professionals should invest in technologies that enhance their ability to detect and respond to these emerging threats.
Insider Threats: An Overlooked Risk
Insider threats, whether intentional or accidental, pose a significant risk to cloud security. The “Threat Horizons” report underscores the need for robust internal security measures and continuous monitoring. Implementing strict access controls, conducting regular security training, and fostering a security-aware culture are vital steps in mitigating insider threats.
Ransomware: A Persistent Menace
Ransomware continues to be a major threat in cloud environments. These attacks involve encrypting an organisation’s data and demanding a ransom for its release. The report indicates that ransomware attacks are becoming more sophisticated and targeted. Security teams must ensure that their defences include robust backup and recovery plans, as well as comprehensive endpoint protection.
Proactive Security Measures: Key Recommendations
The “Threat Horizons” report offers several key recommendations for enhancing cloud security:
- Advanced Threat Detection and Response: Leveraging AI and machine learning technologies can enhance real-time threat detection and response capabilities. These tools can help identify and mitigate threats before they cause significant damage.
- Comprehensive Security Strategies: A holistic approach to security is essential. This includes robust identity management, data protection, and network security measures. Ensuring that all aspects of security are addressed reduces the likelihood of vulnerabilities being exploited.
- Strengthened Supply Chain Security: Implementing strict security standards for third-party vendors and conducting regular audits can help secure the supply chain. Clear agreements on security practices and continuous monitoring are critical components.
- Incident Response Preparedness: Developing and regularly updating incident response plans is crucial for minimising the impact of security breaches. Conducting regular drills ensures that teams are prepared to respond effectively.
- Employee Education and Training: Continuous education on cybersecurity best practices can help prevent insider threats and reduce human error. A well-informed workforce is a strong defence against many types of cyberattacks.
A Collective Effort for Enhanced Security
The findings from Google Cloud’s “Threat Horizons” report underscore the importance of a proactive and comprehensive approach to cloud security. As cyber threats continue to evolve, it is essential for security professionals to stay informed and implement advanced security measures. By fostering a culture of vigilance and preparedness, organisations can better protect their cloud environments and ensure resilience against emerging threats.
Five top access control trends shaping the future – HID report
ID and physical access control organisation HID has unveiled the 2024 State of Physical Access Control Report, highlighting five pivotal trends that are revolutionising the future of access control.
Produced by IFSEC Global in partnership with HID, the report encompasses insights from over 1,200 security professionals worldwide, depicting an industry undergoing significant transformation. With Australia’s market for access control technologies anticipated to grow by more than 8% from 2024 to 2032, according to IMARC, this is a critical moment for the industry.
“Like so many other aspects of technology, access control is evolving to meet the changing needs of the market. As AI, automation, and smart, interconnected technology become the new standard for buildings and facilities, it is rational that secure and convenient access control technologies become smarter in tandem,” says Steve Katanas, Regional Head of Physical Access Control Solutions, ANZ at HID.
Conducted between November 2023 and January 2024, the survey reveals five emerging trends:
1. Mobile Access and Digital IDs Set to Become Ubiquitous
While physical IDs remain prevalent, mobile access credentials and digital IDs are rapidly gaining traction. The report indicates that nearly 2 in 5 organisations (39%) now actively use mobile identities, with respondents identifying touchless/contactless solutions (48%) and mobile access (44%) as the two largest trends shaping the access control industry.
2. Open Standards Driving the Smart Buildings Phenomenon
Open standards have become crucial for more integrated security solutions, where physical access control data informs not only access decisions but also optimal building utilisation. Nearly half of the organisations (48%) have systems to monitor building usage, and 43% of respondents cited smart buildings and flexible workspaces among the top three trends. Integration with other business functions was also noted by one in three respondents (32%) as a key trend.
3. Sustainability Gaining Influence on Business Decisions
Sustainability is increasingly influential in access control, with nearly two-thirds (63%) of respondents stating that those responsible for sustainability are consulted or have some influence when upgrading access control systems.
4. The Rise of Artificial Intelligence for Analytics Use Cases
Artificial Intelligence is becoming more prevalent in physical access control as technologies and expertise advance. About 38% of respondents are considering incorporating AI/machine learning into their access control solutions, though an equal percentage remains uncertain of the benefits. Only 23% have no plans to integrate AI technologies.
5. Growing Role of Biometrics, Especially Contactless Solutions
The biometrics market is expanding rapidly, with projections estimating the global market will reach $136.18 billion by 2031. The facial recognition market alone is expected to grow to $16.74 billion by 2030, up from $3.83 billion in 2020, reflecting a CAGR of 16% from 2021 to 2030.
Read the full report here.
SentinelOne® and Aon Collaborate to Enhance Strategic Cyber Services for Insureds
SentinelOne (NYSE: S), a global leader in AI-powered security, and Aon plc(NYSE: AON), a leading global professional services firm, today announced a strategic collaboration through which Aon will leverage SentinelOne’s Singularity Platform to help gather internal security data from SentinelOne’s clients to more effectively profile and mitigate cyber risk.
SentinelOne will team with Aon in both its cyber brokerage process, which is facilitated by its global eSubmission and self-attestation patented platform Cyber Quotient Evaluation (CyQu), and through its industry-leading Stroz Friedberg global Incident Response service. This effort will serve to enhance the client value proposition of making better data-driven decisions and help organisations manage and mitigate cyber risk by providing more visibility into insurability drivers and cyber exposures.
Combining SentinelOne’s cutting-edge Singularity Platform with Aon’s incident response prowess, organisations will now have access to a comprehensive suite of tools and services to proactively defend against, detect and swiftly respond to cyber incidents of all magnitudes.
“This alliance fortifies the shared capabilities of two leaders in the cybersecurity space and marks a significant milestone in our collective mission to combat evolving cyber threats with unparalleled expertise and innovative solutions,” said Christopher Bruno, Head of Strategic Alliances, Cyber Solutions, Aon. “Bringing together SentinelOne’s AI-powered threat detection and response technology with Aon’s extensive experience in managing and guiding clients through the most complex of breaches, will empower clients to navigate the challenging threat landscape with confidence and resilience.”
The combined solution will enhance the placement process with more verifiable risk data that helps to prioritise remediation activities and enhance the organisation’s security posture.
“SentinelOne is thrilled to collaborate with Aon on risk mitigation initiatives that will save time and money for our clients,” said Barnaby Page, VP IR and Cyber Risk, SentinelOne. “Aon’s proactive CyQu self-attestation platform and incident response services, based on the SentinelOne Singularity Platform, can improve validation of cyber exposures for our mutual clients.”
2024 ASIAL Conference Program Announced
The Security ASIAL Conference is set to be a great success in 2024. The program will include a compelling lineup of experts and academics who will share their insights on how to protect your business, brand reputation, and crucial assets along with mitigating risk and vulnerability.
The Security ASIAL Conference is your annual opportunity to receive timely updates and insights from the organisations shaping today’s security landscape in a program carefully curated by the industry’s peak body.
Drawing on a distinguished panel of industry experts, the two-day program will run from 21 – 22 August 2024.
As security threats evolve and become more complex, the elevated role performed by security professionals is pivotal to the success of any organisation. The Security ASIAL Conference brings together thought leaders and security professionals to provide a forum to network, collaborate and discuss strategies to meet future challenges head on.
For more information or to register for the conference click here
HID and Inner Range extend partnership with new readers
HID® has announced an extended partnership with Inner Range which will offer Inner Range customers a new range of SIFER credentials compatible with wallet-enabled readers, leveraging HID’s signature line of access control readers, HID Signo®.
“The sheer opportunity to further deepen collaboration with our partners excites us. Mobile access is rapidly becoming a dominant force in reshaping the physical access security industry, and we are glad to be able to extend the mobile access in wallet solution to Inner Range to solidify its position as an integrated access control solutions provider globally,” said Steve Katanas, Regional Head for HID Physical Access Control Solutions, ANZ.
Katanas added, “Inner Range customers will get all the benefits of adding mobile credentials in Apple or Google Wallet (and other OEM wallets in the near future), designed for the future of workplace. I’m excited by the potential of this technology partnership, as we continue to collaborate on future projects, enabled with HID’s secured, sustainable and future-proof identity solutions.”
By leveraging HID’s wallet-enabled readers, Inner Range enriches its reader product portfolio. This provides customers with the added choice of integrating HID mobile credentials in wallets, enabling employees, tenants, and visitors to access office spaces, meeting rooms, printers, lockers, and other facilities with a simple tap of their smartphone or smartwatch near the Inner Range SIFER-enabled readers, powered by HID Signo. The in-wallet solution powered by HID Mobile Access offers an industry-leading user experience while employing advanced encryption and security protocols to ensure secure access to facilities.
“We are delighted with the success of our recent collaboration with HID. At Inner Range, providing our customers with a seamless user experience is a core objective for our security solutions. Adding SIFER credential support to the HID Signo reader achieves this perfectly and provides significant opportunity for Inner Range and our channel by offering future-proof solutions that incorporate both our technologies,” said Gabriel Daher, VP and GM of Inner Range.
Daher continued, “This strategic partnership is a significant milestone that underscores our commitment to leveraging cutting-edge technology to deliver exceptional value to our customers. We are excited to share this groundbreaking news with our current and prospective clients, confident that it will exceed their expectations. As we continue to strengthen our alliance with HID, we are eager to embark on future projects that promise to harness the full potential of HID technology, with details to be revealed in due course.”
