Search Results

Our Annual Upgrade and Health Check Service provides dedicated resources to update your organisation’s GoAnywhere environment to the latest version. One of our experienced local Technical Consultants will review your organisation’s upgrade strategy, conduct a Health Check of your system and consult with you on any risks and compatibility issues potentially associated with your upgrade. Review product datasheet below: RESOURCES HOME

New Cyber Laws Passed – What Australian Businesses Need to Know and Do Earlier this week, the Australian Parliament passed a suite of legislative reforms designed to enhance Australia’s cyber security. The reforms include a raft of new requirements and obligations on Australian businesses. About the Legislation Based on recommendations by the Parliamentary Joint Committee on Intelligence and Security, the new legislation addresses a number of proposals initially set out in Australia’s 2023 – 2030 Cyber Security Strategy, and spans three separate Acts: the Cyber Security Act 2024 (Cyber Security Act); the Intelligence Services and Other Legislation Amendment (Cyber Security) Act 2024; and the Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Act 2024 (SOCI Amendment Act). Mandatory reporting of ransom payments, and the introduction of a new voluntary information sharing regime, will have the most immediate impact on organisations. Mandatory reporting of ransomware payments Ransomware attacks are rife across Australia. The Australian Signals Directorate (ASD) reported that this form of cyber extortion accounted for 11% of all cyber incidents to it in 2023-2024, up from 8% in the previous year. The Government had previously pursued a ban on ransom payments. However, its position has since moderated somewhat. The Cyber Security Act only requires organisations to report ransomware payments to the Department of Home Affairs and the ASD. This new reporting obligation will commence at latest six months after the Act receives royal assent (potentially earlier by proclamation) and applies broadly to: organisations which are a responsible entity for a critical infrastructure asset; and other private sector organisations which conduct business in Australia with an annual turnover exceeding a threshold (to be specified - likely to be A$3M). Ransomware reports are required to be made within 72 hours of making a payment (not the receipt of a demand or the discovery of a ransomware attack). Difficult Decisions The requirement to report payments will need to be taken into account by Boards when considering whether to pay a ransom. The Government’s general view on ransoms continues to be that organisations should not pay them. It reasons that payments don’t guarantee the recovery or confidentiality of stolen data, but do encourage cyber attacks to proliferate. Organisations in receipt of ransom demands are left to ponder several competing considerations… Paying a ransom could potentially contravene sanctions (such as the one imposed on Aleksandr Ermakov, the individual responsible for the 2022 Medibank data breach) or anti-money laundering laws. Company Directors fulfilling the duty of care to act in the best interests of their organisation will need to balance the risks of payment - commercial damage, incentive to re-target, uncertainty of data recovery – against the risks of not paying - loss of systems data, reputational damage, third party claims, lost customers and business disruption. If a ransom payment is made, then the new mandatory reporting obligation will be in addition to other applicable reporting requirements an organisation is subject to. These could include the Privacy Act 1988, the SOCI Act, and continuous disclosure obligations under the ASX Listing Rules and CPS 234. In fact, it’s important that Cyber Incident Response plans developed by organisations specifically address these overlapping requirements, taking into account the various regulators and timeframes of each. Be aware that, for any entities regulated under the SOCI Act, it’s also conceivable that the Government could use its directions power to direct an entity to pay - or not pay - a ransom. An organisation which fails to comply with mandatory ransom reporting will incur a civil penalty of 60 penalty units (currently A$93,900). Voluntary reporting regime A new National Cyber Security Coordinator (NCSC) is being established under the Cyber Security Act to lead a whole-of-government response to significant cyber security incidents. The Act provides a framework for the voluntary disclosure of information by any organisation operating in Australia, or any responsible entity under the SOCI Act, to the NCSC relating to cyber security incidents. However, it imposes various limitations on how the NCSC may further use and disclose information voluntarily provided by entities, depending on the significance of the incident. Non-significant cyber security incidents: Information can be used for limited purposes such as directing the reporting entity to assistance services, coordinating a government response, and informing Ministers. Significant cyber security incidents: Information can be used for broader ‘Permitted Cyber Security Purposes’. These include preventing or mitigating risks to critical infrastructure or national security, and supporting intelligence or enforcement agencies. A cyber security incident is deemed “significant” if: there is a material risk that the incident has seriously prejudiced, is seriously prejudicing or could reasonably be expected to prejudice the social or economic stability of Australia or its people, the defence of Australia or national security; or the incident is, or could reasonably be expected to be, of serious concern to the Australian people. Information voluntarily provided by organisations to the NCSC is subject to limited use protections similar to those which apply to information disclosed as part of a ransomware payment report. The new voluntary reporting regime and corresponding limited use protection has come into immediate effect. Limited use protection The Cyber Security Act outlines how businesses should work with the NCSC and other government agencies to obtain assistance and guidance when responding to cyber incidents. It also provides businesses with certain limited use protections when collaborating with the government’s cyber security agencies - a legislative foundation for the CISA Traffic Light Protocol government agencies have recently offered when assisting organisations. Such protections were requested by business lobby groups. They provided feedback during the public consultation period that disclosing information about a data breach could risk exposing an organisation to further regulatory or enforcement action, adverse publicity and litigation. Further, if disclosing a cyber incident was determined to be against an organisation’s best interests, its directors could potentially be in breach of their duties in approving the disclosure. That could in turn expose directors to enforcement action from ASIC. Counterweighing these concerns, the Government believes that sharing information on current threats and incidents can help other organisations avoid similar incidents. In balancing these competing interests, the Cyber Security Act limits the purposes for which information contained in a ransomware payment report or voluntarily report provided to the NCSC can be used or disclosed. The NCSC (and any Government agency it coordinates with) cannot record, use or disclose the information provided for the purposes of investigating or enforcing or assisting in the investigation or enforcement of any contravention of a Commonwealth, State or Territory law. An important exemption from the limited use protections are that crimes and breaches of the limited use protections created by the Act. In this way, the protections stop short of being a full “safe harbour”. Information provided under these protections isn’t admissible in evidence against the disclosing entity, including criminal, civil penalty and civil proceedings (including a breach of the common law). And, the provision of information to the NSCS does not affect any claim of legal professional privilege over the information contained in that information. These limited use protections will be of value to organisations disclosing information to the Government about cyber incidents. However, directors should bear in mind the notable gaps in the protection they provide. For example: Information provided can’t be used or disclosed for the purposes of investigating or enforcing any contravention by the reporting entity of another law (whether federal, state or territory), other than a law that imposes a penalty or sanction for a criminal offence. This means that if the ransomware report indicates that a payment was made in breach of relevant sanctions laws, then the limited use protection will not prevent the use of the report in a subsequent investigation or enforcement action. While information provided to the NCSC cannot be obtained from the NSCS by regulators or government agencies, the protection offered under this Act does not prevent regulators from obtaining the underlying information through other means, including via regulatory investigatory powers or where provided under other mandatory reporting regimes, such as those in the Privacy Act 1988, the SOCI Act, the Telecommunications Act 1997 and the ASX Listing Rules continuous disclosure obligations. So, cyber incident notifications provided to the ACSC under the SOCI Act are not captured by the limited use protection, even if that information is also voluntarily provided to the NCSC or detailed in a mandatory ransomware report. A similar limited use protection has been introduced via the Intelligence Services and Other Legislation Amendment (Cyber Security) Act 2024 for cyber incident information voluntarily shared with the ASD. Other Inclusions in the Legislation This article has focused on developments within the new Cyber Security legislative reforms which will most impact companies and organisations. However, in the interests of completeness, here is a brief overview of other key developments covered in the legislation: Mandated Security Standards for Internet of Things (IOT) Devices. These standards will be detailed in legislative rules, with suppliers required to provide a statement of compliance for devices supplied to the Australian market. New Cyber Incident Review Board. This independent advisory body will be empowered to conduct no-fault, post-incident reviews of significant cyber security incidents and provide recommendations and information to both the private and public sector. It will have the power to compel entities to provide information about significant cyber security incidents. Critical Infrastructure definition expanded. Data storage systems which hold business critical data have been added to the definition of critical infrastructure assets. This closes a gap in the regulations which became apparent in the aftermath of the Optus and Medibank data breaches. Expanded Incident Response Powers. The Government will now have the power to direct an entity to take, or not take a specific action, in the event of a cyber incident affecting critical infrastructure. Security and incident notification obligations moved from the Telecommunications Act 1997 to the SOCI Act, consolidating the cyber obligations of telecommunication carriers and carriage service providers under a single piece of legislation. What Organisations Should Do Cyber security response plans should now be reassessed and upgraded to ensure they align to the new mandatory ransomware reporting requirements. Playbooks and procedures should take account of how an organisation plans to engage with cyber security authorities, bearing in mind the extent - and limitations - of the defined limited use protections. Focus on preventing cyber incidents - not just responding to them. A Managed File Transfer (MFT) solution such as GoAnywhere MFT can encrypt data at rest and in transit, complying with the highest data security standards. It manages inbound and outbound file transfers across an organisation, using industry-standard file transfer protocols and encryption to protect your data. Advanced Threat Protection and Adaptive Loss Prevention add a further layer of defence. SFT Threat Protection facilitates safe collaboration with external parties, helping to prevent malware from entering an organisation, and reducing the risk of employees losing or mishandling sensitive data. Finally, organisations should seek professional legal counsel in determining and responding to their obligations and responsibilities under the new Cyber Security legislative reforms. The information provided in this article has been general in nature, and the interpretations and advice outlined above should not be interpreted as professional legal advice.

< News Why Your Business Can't Rely on Employee Cybersecurity Training 29 Oct 2025 The employee cyber security training programs implemented by most large companies don’t reduce the risk of their employees falling for phishing scams. That’s the shocking conclusion of recent research evaluating the effectiveness of two common types of cybersecurity training.  Phishing is a deceptive tactic in which attackers impersonate trusted entities to trick individuals into revealing sensitive information like passwords, credit card numbers, or personal data.  It continues to be the most common form of cyber attack, and leads to the greatest number of cyber infiltrations. Testing the Defences To test the effectiveness of anti-phishing training, researchers sent 10 different phishing email campaigns to 19,500 employees at UC San Diego Health over an eight month period.  They found that there was no significant relationship between whether an employee had recently completed mandated cybersecurity training and whether they then fell victim to a phishing email. Researchers also tested whether sharing anti-phishing information after an employee fell for a phishing scam improved the employee's ability to detect a subsequent phishing attempt. However, once again, they observed very little difference in repeat failure rates. In fact, embedded phishing training only reduced the likelihood of an employee clicking on a phishing link by a mere 2%. Why training fails Research study co-author Grant Ho said a key reason the anti-phishing training isn’t effective is that most employees don’t engage with embedded training materials.  75% of users in the study engaged with embedded training materials for a minute or less, and a third closed embedded training pages immediately, without reading them. He recommended that organisations refocus their efforts to combat phishing on technical countermeasures. Technical Countermeasures One of the first and best lines of defence against phishing is to prevent malware and suspicious links before they can reach employees’ devices.  At Generic Systems Australia we combine the world’s leading Managed File Transfer solution, GoAnywhere , with Advanced Threat Protection to deliver a proactive, multilayered defence against both external threats and internal data leakage.  GoAnywhere provides secure encryption, access controls and audit trails for file transfers, while ATP enables your organisation’s email system to automatically detect and prevent phishing links and other malware from entering your organisation. Here to Help At Generic Systems Australia we have decades of experience helping Australian and New Zealand organisations protect themselves against malware and other cyber attacks. Our Migration Service makes the transition even easier for organisations who prefer to let their team get on with their regular work rather than taking time out to improve their IT plumbing. If you’d like a no-cost, no-obligation discussion about how we could help you simply and affordably adopt an advanced MFT and ATP solution, please feel welcome to get in touch with me. At Generic Systems Australia, we’re your local experts in Secure Managed File Transfer. Previous Next

< News Accountability Gap Creates Cyber Risk 22 Oct 2024 New research has revealed a concerning gap in accountability for cyber security in many Australian organisations. Security firm Trend Micro polled 100 Australian IT leaders to better understand their attitudes toward Attack Surface Risk Management. They found that most organisations lacked clear leadership buy-in and sufficient resources to measure and mitigate cyber risks. The top three gaps in cyber resilience were: Insufficient staffing for round-the-clock cybersecurity coverage. Inadequate techniques to measure and manage attack surface risks. Not using proven regulatory and other frameworks, such as the NIST Cybersecurity Framework. Only 37% of those surveyed said their organisation had satisfactorily closed each of these exposures. The buck stops… nowhere? Seeking root causes for unclosed gaps in organisational cyber resilience, Trend found that the failures could be traced back to a lack of leadership and accountability at the top of the organisation. More than a third of respondents claimed their leadership didn’t consider cybersecurity to be their responsibility. When asked who does or should hold responsibility for mitigating business risk, respondents gave a variety of answers, indicating a lack of clarity on reporting lines. Nearly a third (32%) said the buck stopped with organisational IT teams. Trend spokesperson, Srujan Talakokkula, said the “lack of clear leadership on cybersecurity, can have a paralysing effect on an organisation, leading to reactive, piecemeal and erratic decision making”. “A lot of that comes down to collaboration and communication across the business,” he said. “Companies need CISOs to clearly communicate in terms of business risk to engage their boards. “Ideally, they should have a single source of truth across the attack surface from which to share updates with the board, continually monitor risk, and automatically remediate issues for enhanced cyber-resilience,” he added. ASIC Cracking Down Trend’s warning comes on the heels of reports that Australia’s corporate regulator is preparing legal actions against some company directors for their lack of governance relating to cyberattacks. ASIC has previously cautioned directors that they need to prepare for hacks, and that sanctions would be applied to those who didn’t. They told The Australian Financial Review that companies wouldn’t get away with paying lip service to cyber defence and must provide evidence they had performed their duties if their organisation was breached by cybercriminals. “With one cyberattack reported every six minutes in Australia, ASIC’s message for directors is to make sure your organisations have appropriate cybersecurity measures in place – this is your responsibility,” a spokesperson said. Not just “an IT Issue” ASIC’s heightened investigations show that cyber security is no longer a fringe issue that can be relegated to technical staff. However, a survey of in-house lawyers by Herbert Smith Freehills recently found many boards are not yet engaged on the topic of cyber resilience. 58% said it would take an actual cyberattack to motivate their organisation to meaningfully improve their data risk management. Owning and managing the risk Rather than letting cyber resilience slip between the cracks in org charts, directors need to put cyber resilience at the top of their companies’ board agendas. Executive management should be requested to report on the measures and investments they’re making to keep cyber thieves at bay. A Managed File Transfer (MFT) solution such as the class-leading GoAnywhere MFT can encrypt data at rest and in transit, complying with the highest data security standards. It manages inbound and outbound file transfers across an organisation, using industry-standard file transfer protocols and encryption to protect data in transit and at rest. Advanced Threat Protection and Adaptive Loss Prevention add a further layer of defence. SFT Threat Protection enables safe collaboration with external parties, preventing malware from entering an organisation, and reducing the risk of employees losing or mishandling sensitive data. Local Experts On Hand Generic Systems Australia are local experts in Managed File Transfer and Advanced Threat Protection. We’ve assisted hundreds of organisations across the Asia-Pacific region to secure their data and keep cybercriminals at bay. If you’d like to discuss how we can help improve your company’s cybersecurity, please feel welcome to contact me , Bradley Copson. I’m always happy to have an obligation-free discussion, explain how simply we can transition you from outdated software and approaches, and offer you a zero-cost Proof of Concept. Previous Next

GoAnywhere MFT is the world’s leading Managed File Transfer solution. This datasheet summarises its key technical features. Review the report below. RESOURCES HOME

2024 Cyber Insiders Survey Fortra's "2024 State of Cybersecurity Survey" shares the invaluable insights of more than 400 cybersecurity professionals from across the globe, including many in Australia, New Zealand and the Asia-Pacific region. Here’s their 2024 report. To receive a Complimentary Copy of the Report, simply submit your email address below: First name Last name Enter your email address Phone You'll receive the '2024 Cyber Insiders Survey Report' shortly! RESOURCES Receive Report HOME

< News What to Look for in a Managed File Transfer Solution 3 Mar 2025 Contributing to independent enterprise buying intelligence platform Peerspot , tech blogger Janet Staver has shared very useful advice on what to look for in a Managed File Transfer (MFT) solution. “If file transfers are an integral part of your business, it is crucial to implement an MFT solution,” she said. But how to choose which of the many MFT's on offer are best for your organisation...? Janet recommended you use the following key evaluation criteria: Security Ease of Use Data Analytics Authorisation and Validation Secure file governance Encryption and Decryption Regular Updates Automation Antivirus Visibility Budget-Friendly Customisation Security Highlighted by Janet as the “first and foremost” consideration – Janet observed that “not all secure MFTs are created equal.” In addition to assessing MFT solutions’ integrated security protocols, she advised intending purchasers to look for virus scans and the ability to quarantine to isolate malware. “MFTs with strong authorisation and validation are preferable as they can help with compliance requirements,” she said. Ease of Use For Janet’s second key consideration, she recommended businesses choose an MFT solution which improves productivity without requiring you to write scripts for data transfer. Data Analytics A useful tool to “gather data about your data”, Janet noted that data analytics were also useful for meeting compliance standards and optimising file management. Similarly, the best MFT solutions provide a high-level view of your system, including a CISO dashboard and SIEM (Security Information and Event Management) enabling reports on total access, locations, transfers, and threats. “A good MFT will include secure file storage and governance tools that don’t compromise security,” Janet said. “Flow authoring access controls (to work with advanced workflows), granular file access roles and user policies, and regular logging are some of the basic features you should look for.” Advanced Workflows, Regular Updates Janet noted that some MFTs offer automation capabilities, including agents to complete complex tasks at scale. Regular updates are also important to keep a company’s data safe from hackers, Janet said. (Her full advice can be read here . ) Independent Analysis To get you started comparing MFTs, you might want to consult the findings of respected independent tech analysts Info-Tech. They recently performed a comprehensive analysis of MFT solutions, using data sourced from real end users. Their recommendation…? GoAnywhere MFT . Besides achieving the highest overall score in the MFT category, GoAnywhere also ranked highest for Vendor Capability Satisfaction, including the key dimensions of: “Business Value Created” “Breadth of Features” “Quality of Features” “Product Strategy and Rate of Improvement” “Useability and Intuitiveness” “Vendor Support” “Ease of Data Integration” “Ease of Customisation” “Availability and Quality of Training”, and “Ease of Implementation” Tap Australia’s and NZ’s MFT Experts No-one better understands local MFT needs and best practices than Generic Systems Australia. Our local team has decades of experience helping businesses implement the world’s leading MFT solution. Our Migration Service makes the transition even easier for busy businesses who’d rather spend their time focusing on their customers than their IT systems. If you’d like a no-cost, no-obligation discussion about how we could help you simply and affordably adopt an advanced MFT solution, please feel welcome to get in touch . At Generic Systems Australia , we’re your local experts in MFT. Previous Next

< News Companies ignoring hack warnings 4 Oct 2024 Almost half of the businesses warned by Australia’s top cyber security agency of impending hacks didn’t bother to return the phone call. In an alarming disclosure to The Australian Financial Review, the new director-general of the Australian Signals Directorate (ASD), Abigail Bradshaw, said that the agency had contacted organisations 620 times in the last 12 months to tell them it had information “that suggests that you might have a problem”. But of those calls, 280 were never returned. Bradshaw said the agency shared such information because it had been shown to help companies to achieve positive outcomes in the face of escalating threats while enabling The ASD to detect more incidents. Sharing Encouraged The ASD’s alerts are part of a broader government plan to encourage more information sharing. New rules recently announced will permit businesses to share private details with government agencies without concern it will be used against them in future damages claims. That being said, regulators are still tightening the screws on directors and executives to take responsibility for cyber security prevention and recovery. The new laws won’t provide “immunity” for those who fail to prepare in the months or years leading up to a hack. Hacking: this century’s “H-Bomb” Not only is cybercrime financially lucrative for ransomware gangs, but digital attacks are becoming a critical component of geopolitical conflict, Bradshaw said. “The line between state-based actors and criminal actors is becoming finer,” she said. Cybercrime and conflict are set to escalate as quantum computing coupled with artificial intelligence supercharges hacking efforts. The US’s Pentagon described that emerging combination as “the 21st century’s equivalent of the nuclear bomb”. The Australian Financial Review warned that “if you get caught out by a cyberattack which causes broader harm, directors will not be able to talk their way out of trouble by saying they thought their techies had it covered”. Acting on ASD Alerts To mitigate hefty fines and sanctions, directors and executives need to prioritise their time and attention on cyber safety. A Managed File Transfer (MFT) solution such as GoAnywhere MFT can encrypt data at rest and in transit, complying with the highest data security standards. It manages inbound and outbound file transfers across an organisation, using industry-standard file transfer protocols and encryption to protect data in transit and at rest. Advanced Threat Protection and Adaptive Loss Prevention add a further layer of defence. SFT Threat Protection enables safe collaboration with external parties, preventing malware from entering an organisation, and reducing the risk of employees losing or mishandling sensitive data. Local Experts On Hand Generic Systems Australia are local experts in helping companies deploy Managed File Transfer and Advanced Threat Protection. We’ve assisted hundreds of organisations across Australia and New Zealand to secure their data and keep cybercriminals at bay. If you’d like to discuss how we can help you, please feel welcome to contact me, Bradley Copson. I’m always happy to have an obligation-free discussion, explain how simply we can transition you from outdated software and approaches, and offer you a zero-cost Proof of Concept. Previous Next

< News What is ‘MFT’ ... and why should you care 19 Oct 2023 What is ‘MFT’ - and why should you care about it? In today's data-driven world, the seamless and secure exchange of information is key to business efficiency. Managed File Transfer (MFT) is a powerful technology that comprehensively addresses the risks and challenges of moving information, both within an organisation, and with external suppliers, partners and customers. At its core, Managed File Transfer simplifies the complexities of data transfer by offering centralised control, encryption, and auditing capabilities. Unlike traditional approaches, such as FTP, MFT provides enhanced security protocols, ensuring data privacy during transmission and storage. And it does so via a user-friendly interface, which is easy to use for even non-technical employees. Organisations adopt MFT technology for the many benefits it provides. Security: MFT employs robust encryption algorithms, reducing the risk of data breaches during transit. Features like Access Controls, and Multi-factor Authentication, safeguard sensitive information from unauthorised access. Efficiency: MFT automates repetitive tasks. This not only reduces human error, it saves significant staff time. Through scheduling of file transfers, monitoring of progress, and automatic error-handling, it enables a significant boost to operational efficiency. Compliance: In industries with strict regulatory requirements, MFT helps companies meet compliance standards (e.g. HIPAA and GDPR) by automatically maintaining detailed logs and audit trails. Scalability: Through its ability to handle large file transfers and an ever-growing number of users, MFT is able to grow in sync with an organisation's needs, while maintaining superior performance. Collaboration: In addition to improving business processes within an organisation, MFT facilitates seamless collaboration with external partners, suppliers, and customers, fostering strong relationships built on shared trust and reliability. Managed File Transfer technology offers organisations a secure, efficient, and scalable solution for their data transfer needs. By leveraging MFT, businesses can not only streamline their operations but also gain a competitive edge, while ensuring the integrity and confidentiality of their data in today's interconnected digital landscape. Generic Systems Australia is the Asia-Pacific region’s leading provider of secure MFT solutions. If you’d like to explore how your organisations’ efficiency and bottom line could be boosted through MFT technology, please feel free to contact our Business Manager, Bradley Copson, ( bradley@gensys.com.au ) for an obligation-free discussion. Previous Next

GoAnywhere Gateway provides an additional layer of security when exchanging data with your trading partners, enabling you to keep file sharing services and documents safely in your private/internal network. This datasheet summarises its key technical features. View Report RESOURCES HOME