Posts in Cyber Security
DP World cyber-attack
DP World cyber-attack

Photo: DP World

Late Friday 10 November, Australia’s largest port operator, DP World, suffered a serious cyber-attack. To minimise the impact of the attack, it shut down its connection to the internet, causing considerable disruption to port operations. It is gradually restoring operations, but could suffer additional pain due to industrial action.

“Even if DP World recovers from the cyberattack to full operations shortly, GuardianAustralia understands customers remain frustrated at the prospect of delays due to protected industrial action from dock workers in coming days.”

News item, Cyber Security, Supply ChainPatricia ScheltusNovember, 2023
APRA getting serious on cyber
APRA getting serious on cyber

CRN reports that APRA is losing patience with regulated entities:

"Three years ago, APRA’s information security standard CPS 234 came into force, and yet many entities are still struggling with foundational issues: ensuring third party controls are effective, making sure that systematic security control testing is in place, and regularly testing incident response plans," APRA Chair Lonsdale said.

"With the potential for serious impact to millions of Australians, our patience has run out."

Don’t forget that APRA not only focuses on regulated entities such as banks, insurers and superannuation companies, but also on the suppliers of material services to these entities.

In July, APRA also announced the new standard “CPS 230 Operational Risk Management”.

Chair John Lonsdale said “We expect regulated entities to be proactive in preparing for implementation, rather than waiting until the last minute to get ready to meet the new requirements. There will be a transition phase for existing contractual arrangements with material service providers for entities that need some flexibility.”

The key to becoming CPS 230 compliant is to start now! There is a lot to do and July 2025 will come around very quickly.

News item, Cyber Security, Regulatory CompliancePatricia ScheltusNovember, 2023
Cyber Security priorities and investments with an outcome-driven approach | The Reboot Show and TrustedImpact
Cyber Security priorities and investments with an outcome-driven approach | The Reboot Show and TrustedImpact

Often when I ask an executive if a service provider's Continuity Plan has been practised, they don't know, which is worse than having no plan. Ben Scheltus, General Manager, Continuity Matters

Readiness to detect, contain and respond to Information Security threats is measured by an organisation's state of Cyber Maturity. The Cyber Maturity journey requires strong leadership direction and sustained action - it's not a software procurement matter that can be left solely in the hands of IT departments or Information Security generalists.

An organisation's state of Cyber Maturity, at any point in time, determines its level of Cyber Resilience - which is the organisation's ability to recover from a cyber crisis when it happens.

The Reboot Show, in conjunction with TrustedImpact hosted a series of leadership discussions, for executives and board members, with 9 Cyber Security experts in Australia to unpack modern security perspectives and reflect on contemporary misconceptions.

This discussion paper summarises key insights shared by 9 Cyber Security experts including:

  • Executive responsibility for preventable crises

  • The Cyber Maturity continuum and building Cyber Resilience

  • Navigating business risks at the speed of software

  • Unique risks associated with cloud services

  • Creating engagement through training and awareness

  • TrustedImpact's Cyber Security Training and Awareness Program Pillars

  • Limitations of Penetration Testing

You can download the discussion paper here.

The expert discussions can be viewed here.

Cyber Security, News itemPatricia Scheltus2022, February