CyberCX

Speaking to The New Zealand Herald this week, CyberCX's Hamish Krebs said that using an old or outdated operating system comes with an increased exposure to vulnerabilities which can be more easily exploited by malicious actors.   “Individuals and organisations – including enterprises and government – still reliant on Windows 10 should have a plan to upgrade or harden their defences – which can be difficult in an economically challenging environment where many face budget constraints," said Hamish.   If some of your organisation’s computers are stuck on outdated operating systems, he added that “steps should be taken where possible to isolate them away from the internet on secure network segments with stricter access controls."

How safe is the popular messaging app Signal? 💬 CyberCX’s Liam O’Shannessy told the ABC that many in the technical community regard Signal as one of the most secure messaging apps. WhatsApp even adopted their secure messaging protocol several years ago.   "Encrypted messaging services like Signal are generally as safe as messaging apps can get, but there are still weaknesses," said Liam, adding that “the most likely risk with sharing sensitive information on Signal will always be the recipient and whether they might screenshot or forward – even accidentally – the information you share with them.”

CyberCX's Luke Roache has told ABC News that the risks of DeepSeek AI are clear and governments should extend a ban of the app to critical infrastructure such as telecommunication networks, hospitals and airports.   "These organisations are already under constant attack by financially motivated cyber criminals and nation-state groups," said Luke.   "Given the provenance of DeepSeek and its ongoing connection to an authoritarian state, risks associated with integrity, influence and espionage mean introducing the app into any networks of national significance would be a potential boon for the strategic ambitions of the Chinese state."

Australian businesses and government departments serve as an attractive target for cyber criminals, and despite best efforts, cyber attacks continue to increase in speed, frequency and complexity.    Some of the reasons for persistent vulnerabilities in organisations include cost, resource constraints, legacy infrastructure, and misunderstandings about cyber security risks and threat levels. To combat this, the Australian Signals Directorate (ASD) developed the Essential Eight framework.    Our new guide 'Unlocking the Essential Eight' provides cyber security professionals and decision-makers within Australian businesses and public sector organisations with practical strategies, insights, and recommendations to help align your goals with Essential Eight objectives.   The threat is real, but there are things every organisation can do to significantly reduce the risk of a cyber intrusion. Download the guide to find out more: https://lnkd.in/gPHyEkbu

Alastair MacGibbon joined Gary Adshead on ABC Perth Drive this week to discuss the difference between financially motivated cyber crime and state-based cyber espionage.   Alastair said that CyberCX’s recent Threat Report shows that it takes about 404 days for organisations to discover that they have been the victim of state-based espionage, as nation state threat actors become more sophisticated.   “They are increasingly using the tools that are inside your business – this is called Living Off the Land,” said Alastair. “Last year western governments came out and talked about Volt Typhoon, this was China accused of placing the equivalent of explosives inside critical infrastructure but electronically, using this method called Living off the Land. They don’t bring in typical bits of code of malicious software that a criminal might.”

⚕️ The delivery of safe modern medicine is underpinned by secure technology, however just as healthcare is advancing its approach to technology procurement and management, cyber threat actors are enhancing their tactics.   Cyber attacks in healthcare present a myriad of challenges: disruption to the provision of healthcare, privacy breaches, and a decline in community trust of our health system more broadly.   Here are some of the key insights from our latest industry insights report - Diagnosing Cyber Threats in Healthcare 2025 ⬇️ Download your copy to find out what organisations can do to safeguard patients and their health outcomes to build a more secure, trusted, and resilient sector: https://lnkd.in/dMcWc8eP

Alastair MacGibbon welcomed The New Zealand Herald’s Madison Malone to our Auckland Security Operations Centre (SOC) this week to showcase how the facility helps protect organisations from cyber threats.   Alastair said that one of the reasons for building CyberCX’s capabilities in the private sector is that you can invest and scale in ways that governments can’t. “CyberCX both in Australia and New Zealand highlights that you can do what people thought governments would do (but) in the private sector and sometimes do it better.”   Alastair added that most people don’t understand just how toxic the cyber environment we operate in is. “The vast bulk of the time that doesn’t impact organisations – there are near misses on a daily basis – but I think the general public and a lot organisations sadly just don’t know how many threats there are.”

Speaking to The New Zealand Herald from our Auckland Office this week, CyberCX UK Chair Ciaran Martin said that the cyber threat level to private and publicly owned critical infrastructure is the highest it’s ever been.   “What we’re worried about now, what drives the cyber threats, are three things; politics, money, and technology,” he told the Herald's Madison Malone.   Ciaran added that while he didn’t want to be alarmist, Artificial Intelligence (AI) is making cyber warfare more accessible. “The way AI is working out in cyber attacks is simply it’s making them a fair bit better, but also it’s making them cheaper and easier to do,” Ciaran said, “and this is the bit I worry about right now”.   You can read more here: https://lnkd.in/dnWK7jbv

Our latest industry insights report highlights the growing risk of cyber attacks against health organisations ⚕️   The report names AI as the cyber opportunity and threat driver to watch in 2025, urging healthcare organisations to proactively engage with the upsides, while also appreciating the way that it is accelerating cyber threat actor activity.   “Just as AI has the potential to revolutionise the way we diagnose and treat ill and vulnerable people, cyber threat actors are looking at how this technology can help them accelerate and better target their efforts," said CyberCX's Healthcare Industry Lead, and report author, Megan Lane.    Discover more key findings by downloading the full report: https://lnkd.in/dMcWc8eP

Our latest edition of C-Suite Cyber explores how physical threats to executives and private individuals are increasing, driven by geopolitical shifts and extremist ideologies. Many organisations consider physical safety measures for high-profile executives or at-risk members of staff. However, there is an increasing need for physical security to be combined with cyber safety measures as malicious actors turn to online monitoring to carry out reconnaissance against possible targets.   C-Suite Cyber outlines that organisations can: ◻️ Understand your executives' threat profile and monitor for changes ◻️ Conduct regular Digital Footprint Assessments for high-profile or at-risk personnel  ◻️ Proactively brief executives about both physical and cyber security threats Read the newsletter to find out how your organisation can think about this in two dimensions, and what you should do to protect yourself: