Search Results

< News MediSecure hack Australia’s worst so far 19 July 2024 eScripts provider MediSecure has revealed that 12.9M Australians had their data stolen in a hack earlier this year, making it one of the largest cyber breaches in Australian history. MediSecure, which facilitates electronic prescriptions and dispensing, confirmed in May it was the victim of a ransomware attack, following an earlier theft of data which continued until November 2023. The company went into voluntary administration in June after the federal government ruled out a financial bailout. Sensitive Patient Data Lost In a statement released late Thursday afternoon, MediSecure gave details about the kinds of data stolen, including full names, phone numbers, dates of birth, home addresses, Medicare numbers, and Medicare card expiry dates. The 6.5 terabytes of data also included some sensitive health information, such as which medications people were prescribed, the name of the drug, dosage, the reason for their prescription, and instructions for taking the medication. Inadequate Protection MediSecure said it was unable to identify specific impacted individuals “due to the complexity of the data set" and that doing so would have come at a "substantial cost that MediSecure was not in a financial position to meet". A tiny sample of the data was published on a dark web forum following the hack, and the larger data set was listed as being for sale, for $50,000. It's not clear whether the data was sold, but it's considered likely. Vigilance Urged Cyber security experts have urged Australians to remain vigilant for signs of fraud being committed using their medical data. Said one: "If contacted by someone claiming to be a medical or other service provider, including financial service provider, seeking personal, payment or banking information, you should hang up and call back on a phone number you have sourced independently." Avoiding becoming the Next MediSecure Now in liquidation, MediSecure is an example of how not to protect the sensitive customer data entrusted to your organisation. One of your best defences against hackers is to centrally control the flow of data into and out of your organisation. Managed File Transfer (MFT) software does that for you. But MFT does more than just provide centralised control. It also offers encryption, efficiency boosts and auditing capabilities. Using enhanced security protocols, it ensures data privacy during transmission and storage. And it also provides detailed audit-ready logs which detail which data has been accessed and by who. Expert Local Advice At Generic Systems Australia , we’re the Asia-Pacific’s experts on the world’s #1 MFT, GoAnywhere . If you’d like an obligation-free discussion about how we could help you keep your organisation safe from cyber thieves, please feel welcome to get in touch . Attribution: This article was largely sourced from Australia’s ABC News service Previous Next

< News Boost Employee Productivity via Managed File Transfer 19 Feb 2025 76% of employees report that they spend 1-3 hours a day simply moving data from one place to another, according to research by Zapier. What if you could give your team that time back, to spend on more value-added tasks? You can - with Managed File Transfer (MFT). When Tools Become Time Sinks IT tools are designed to enhance employee collaboration and productivity. However, as businesses grow, they adopt many different IT tools, often with differing file formats. That opens up a black hole of time-wasting as employees are forced to translate and transfer files every time they want to share data across the organisation or with customers or suppliers. GoAnywhere MFT – the world’s leading MFT – automates this task. It gives employees back precious time to focus on more value-added tasks. GoAnywhere translates files to and from a variety of widely-used formats without cumbersome manual scripts. Its comprehensive ETL (Extract, Transform, and Load) features enable data values to be mapped, formatted and modified between source and target files automatically. Even better, GoAnywhere's secure collaboration features make connecting and sharing between employees easier, faster and more secure – even when they’re mobile. It provides an intuitive browser-based web client for performing ad-hoc file transfers, enterprise file sync and sharing via GoDrive, and a handy mobile application for moving files quickly while on-the-go. Protected Productivity In addition to the productivity and efficiency benefits it offers, GoAnywhere MFT protects your organisation’s valuable data at rest, and in transit. Coupled with an Advanced Threat Protection Bundle , it enables organisations to safely collaborate while repelling the efforts of cybercriminals. This automated defense system protects your data in three important ways: 1. Prevents files containing malware from being shared. 2. Blocks sensitive data from being shared. 3. Redacts sensitive information from files before transfer. Time to Tame the Time Sink? If you’d like to discuss how GoAnywhere MFT could help boost your organisation’s productivity and bottom line, please feel welcome to get in touch with us for an obligation-free discussion. Previous Next

< News Sound Advice on Choosing a New MFT 7 May 2024 Tech Wire Asia , an independent tech news website that covers enterprise and technology across the Asia-Pacific region, offers sound advice to help companies choose a new Managed File Transfer (MFT) solution. The Shadow of Clop Tech Wire Asia issued their advice in the wake of attacks last year by Clop, a notorious ransomware group, on the online file transfer tool MOVEit. PWC’s Australian unit, Prudential Assurance Malaysia Berhad and Prudential BSN Takaful Berhad in Malaysia were among APAC region victims of Clop’s attacks. While Tech Wire Asia said it did not “insinuate an everlasting vulnerability in MOVEit or imply that its usage should be permanently discontinued”, it noted that it had received “a wave of enquiries from current and prospective customers about the continued safety of using MOVEit” in the wake of the attack. In response, the website offered this advice for those wishing to move on from MOVEit . Crucial Considerations Tech Wire Asia said the crucial consideration in choosing the best file transfer software is finding an MFT solution that is simple, capable of encrypting sensitive data, can automate transfers, meets compliance regulations, and operates seamlessly across various platforms. It noted that there are many aspects and features to consider while choosing MFT software, including: Average daily file transfer volume; Regulatory obligations; Industry-specific needs; and Budget. Other vital features could include: Advanced auditing and tracking abilities; Clustering functionality; Cloud integrations; Capability to translate EDI files; and Availability of remote agents. The website recommended that selecting the appropriate MFT solution should be driven by a company’s specific requirements. GoAnywhere MFT highly-regarded In its review of contenders to replace MOVEit, Tech Wire Asia described GoAnywhere MFT as “a sophisticated enterprise solution for transfers and file management”, saying that the product “excels at securing file transfers across multiple platforms, protocols, and encryption standards”. The website noted that GoAnywhere is designed for SMEs and Enterprises, and is deployable on-premise, in the cloud, or hybrid environments, enabling secure data exchange between organisations, employees, customers, and trading partners. In the capacity of enterprise-secure file transfer software, GoAnywhere shields data, ensuring compliance with regulations and standards. Its integration prowess also extends to applications like Salesforce and SharePoint. Try Before You Buy In conclusion, Tech Wire Asia “highly recommended” that customers moving on from MOVEit take advantage of a free trial of new MFT software. Previous Next

< News Tame the File Transfer Time Sink 23 Oct 2023 When asked “How could you get more done at work?”, most people are quick to respond: “Fewer meetings, please!” However, research has revealed that other hidden time sinks may be an even greater drain on our personal productivity. For example: the amount of time lost while team members manually share files and data between themselves. A recent report found that a typical desk worker now uses 11 different applications to complete their tasks. during the course of their working day. According to research by Productiv , most company departments use between 40 and 60 different applications. Company-wide, that number sprawls to more than 200 apps. IT tools are designed to enhance our collaboration and productivity. But when different parts of a business adopt different tools, with different file formats, it opens up a black hole of time-wasting file translation and transference across the entire organisation. So, how can we help our employees spend more time productively contributing to the organisation, and less time on the drudge work of wrangling files…? Ideally, we can work to rein in the proliferation of apps across our organisations, standardising on a common set of enterprise IT tools. But that can be easier said than done. It takes time – and even some business risk – to wean teams off their familiar tools and train them on new ones. Until then, a Managed File Transfer (MFT) solution can help . With GoAnywhere MFT, data can be translated to and from a variety of widely-used formats without having to write cumbersome scripts or programs. Its comprehensive Extract, Transform, and Load features enable data values to be mapped, formatted and modified between source and target files automatically. Even better, GoAnywhere's secure collaboration features make connecting and sharing between employees easier and faster - even when they’re mobile. Features include an intuitive browser-based web client for performing ad-hoc file transfers, enterprise file sync and sharing using GoDrive, and a handy mobile application for moving files quickly while on-the-go. The benefits of using an advanced MFT like GoAnywhere continue well beyond the point where your team has happily standardised on common enterprise tools. The same flexibility and automations that enabled your team to eliminate their internal productivity time sink are just as useful in improving your interactions with customers and supply chain partners. Time to Tame This Time Sink? If you’d like to discuss how GoAnywhere MFT could help boost your organisation’s productivity and bottom line, please feel free to contact me ( bradley@gensys.com.au ) for an obligation-free discussion, or read more at Generic Systems Australia . Bradley Copson Business Manager Generic Systems Australia Previous Next

< News Secure Your Out-Of-Office Work with MFT and Secure Mail 11 Dec 2025 Though the holiday season is fast approaching, for too many business owners and corporate warriors, “holidays” aren’t a complete reprieve from keeping the business running. Many will find themselves reviewing confidential documents in hotel rooms or transferring files from a cafe or pool deck. The ability to work anywhere is an expected aspect of our connected modern business lives. However, this convenience comes with a hidden cost beyond work/life balance. Public wi-fi and mobile hotspots may be convenient, but they’re also prime targets for cybercriminals. Unsecured networks in holiday destinations can expose sensitive data to serious threats. But a Managed File Transfer (MFT) solution with a Secure Mail module can ensure your files remain protected no matter where you work. The Hidden Risks of Public Networks Unsecured connections are more than just slow—they’re dangerous. Common risks include: • Rogue access points that mimic legitimate Wi-Fi • Man-in-the-middle attacks intercepting communications • Packet sniffing and eavesdropping on data streams • Session hijacking to steal credentials • Malware injection during transfers • Credential harvesting for identity theft Real world data proves these aren’t just hypothetical risks. NordVPN recently reported that 70% of Australians use public Wi-Fi on smartphones, with a significant number connecting for work, especially while commuting or working remotely. Surprisingly, many do so  without  a VPN, putting their work and their employers’ data at risk. VPNs Aren’t Enough Virtual Private Networks (VPNs) encrypt traffic, but they don’t secure the entire file transfer process. VPNs cannot enforce role-based access controls, provide file-level auditing and reporting, authenticate users with precision or guarantee compliance with data protection standards. A VPN may protect the connection, but only MFT ensures the files themselves are transferred securely and in compliance with regulations. How MFT Protects Remote File Transfers Solutions like the industry-leading GoAnywhere MFT are designed to safeguard sensitive data even when you and your employees are working off-site. Key features include: • Secure protocols: SFTP, HTTPS, AS2, and FTPS ensure uncompromised transfers. • Encryption: AES-256, TLS, and SSL protect files both at rest and in motion. • Authentication controls: Prevent unauthorised users from initiating transfers. • Role-based access: Limit data visibility to only those who need it. • Auditing and logging: Create compliance-ready audit trails and visibility into file activity. • Automation: Schedule or trigger transfers to reduce human error and eliminate risky manual uploads. Secure Mail Completes the Protection GoAnywhere’s Secure Mail Module enables your employees to send messages and files as secure "packages" on an ad-hoc basis. Recipients get an email with a unique link to each package, allowing them to download the message and files through a secure HTTPS connection. It ’s a great, secure alternative to regular email, plus there are no file size or file type restrictions. Best Practices for Remote File Transfer Security Whether you’re uploading contracts from a hotel room, or signing off on the quarter’s accounts, using email or free cloud storage could expose that data to attackers. By using MFT, however, that transfer will be encrypted, authenticated, and logged—removing risk from the equation. More broadly, it’s always best to prefer secure Wi-Fi or personal hotspots over public networks, avoid free cloud storage services, and avoid using USB drives for confidential files. Work from Anywhere Without Compromising Security Flexibility doesn’t have to mean vulnerability. With GoAnywhere MFT, employees can securely send and receive sensitive files from anywhere in the world—whether working from home or halfway across the globe. Automated, encrypted transfers protect data and provide peace of mind. Local Experts At Generic Systems Australia , we’re Australia’s and New Zealand’s experts in Managed File Transfer. As one of Fortra’s top ten partners globally, we have decades of experience helping local companies install and leverage the world’s leading MFT solution. Let me know if you’d like an obligation-free chat about how MFT could secure your remote workers’ file transfers. Previous Next

< News Protect Your Organisation From Stranger Strings 1 Dec 2025 In the hit Netflix series Stranger Things , danger lurks in the shadows of ordinary life — a flickering light, a hidden passage, or a seemingly harmless object can conceal a gateway to the Upside Down. That’s how it is with the batch files still used by many organisations to conduct critical daily file transfers. These batch files may look mundane, even routine. However, a single hidden line of code can unleash chaos. Hiding in Plain Sight A batch file is essentially a script: a sequence of commands executed by the operating system. While this makes them convenient for repetitive tasks, it also makes them vulnerable to tampering. A single malicious line can transform a routine transfer into a catastrophic event. Consider this simple example: “del C:\*.* /Q /F” This line, if inserted into a batch file, would attempt to delete every file on the C: drive. To the untrained eye, it might blend seamlessly among legitimate commands like ‘xcopy’ or ‘robocopy’. Yet its impact would be devastating — wiping out critical data, halting operations, and potentially opening the door to further exploitation by hackers. The danger lies not in the complexity of the attack, but in its simplicity. One unnoticed command can undo years of work. The Demogorgon in the Detail Batch files are inherently insecure because they lack the safeguards modern IT environments demand. Their key risks include: Ease of manipulation: as they’re plain text, anyone with access can edit them, inserting destructive or unauthorised commands. No authentication or encryption: they move files without verifying the sender or encrypting the data, leaving sensitive information exposed. Limited logging and visibility: they provide little or no audit trail. You may not even know a breach has occurred until the damage becomes apparent. Escalated privileges: a malicious line may not just affect files; it may compromise your entire system. Prone to human error: a simple mistyped command can have disastrous consequences. No Place for 80s Nostalgia Batch files are relics of a time when networks were simpler and threats less sophisticated. In today’s environment of ransomware, insider threats, and regulatory scrutiny, relying on them is a huge gamble. The Modern Alternative Managed File Transfer (MFT) solutions address batch file vulnerabilities by providing a secure, automated framework for moving data. Unlike batch files, MFT platforms are designed with security, compliance, and reliability at their core. Here’s why MFT is a safer choice: Encryption by default: MFT solutions encrypt files both in transit and at rest, ensuring sensitive data cannot be intercepted or read by unauthorised parties. Authentication and access control: Only authorised users and systems can initiate transfers, and different permissions can be assigned to each user. This prevents tampering and ensures accountability. Audit trails and monitoring: Every transfer is logged, providing visibility into who moved what, when, and where. This is invaluable for compliance and incident response. Error handling and recovery: MFT platforms include built-in mechanisms to detect failed transfers and retry automatically, reducing the risk of data loss. Scalability and automation: MFT systems can handle complex workflows across multiple environments, eliminating the need for fragile, manually maintained scripts. Compliance support: For industries bound by regulations such as GDPR, HIPAA, or PCI DSS, MFT provides the controls and reporting necessary to demonstrate compliance. Staying Out of the Upside Down The contrast between batch files and Managed File Transfer is stark. Batch files are like handwritten notes left on a desk — easy to read, easy to alter, and easy to misuse. MFT, by comparison, is like a secure courier service: encrypted, tracked, and accountable at every step. At Generic Systems Australia , we’re Australia’s and New Zealand’s experts in helping organisations automate their file transfers with Managed File Transfer solutions. If you’d like to discuss how we can help you, please feel welcome to get in touch with me . I’m always happy to have an obligation-free chat and explain how simply and affordably we can replace your outdated batch files with a reliable and efficient MFT solution. Previous Next

< News MFT as Middleware…?! 5 Feb 2025 Enterprise customers are increasingly seeking middleware that enables them to secure and streamline connections between their internal systems and external third-party services. Fortra’s GoAnywhere MFT helps fulfil that need. Integration without Security spells danger Most modern enterprises find themselves balancing the flow of information between complex internal systems and external cloud services. But on both sides of the corporate firewall, there is a shared need for corporate data to be transferred securely and efficiently. “Extract Transfer Load” (ETL) solutions process data and store data in a common internal warehouse. “Enterprise Service Buses” (ESBs) act as a hub providing overall visibility and control over the flow of data and services across different applications. However, neither of these tools specialise in security - an especially critical consideration when dealing with third parties. As security and integration are where current solutions fall flat or fail to provide a unified answer, enterprises are left to look for new models to bridge the gap. GoAnywhere steps up Fortra’s GoAnywhere MFT is not your traditional limited MFT solution. It operates as a lightweight ETL, a functional ESB, and as an efficient MFT platform. What sets GoAnywhere apart from other tools is its focus on security. And in that way, it’s one of the only tools on the market today that can fulfil enterprises’ nascent need for secure and efficient data flows within and outside their organisations. Secure Management, Integration, Automation GoAnywhere provides many of the same automation and integration features as ETL, ESB, and Enterprise Application Integration solutions, enabling enterprises to connect their internal resources with cloud resources and third parties such as: Banks and credit card providers Financial data providers Foreign exchange markets Retirement and pension systems If required, GoAnywhere MFT can perform a middleware role, integrating with an organisation’s existing ETL solution and acting as a managing solution which connects systems, secures communications and integrates. Enterprise-level Security Even when enterprises have dedicated ETL solutions in place, GoAnywhere can fit right in to boost the security of data file transfers. It provides a full range of security layers and controls to protect the exchanged data which no other integration solution can offer. A secure architecture is deployed thanks to a multi-tier solution, including the GoAnywhere Gateway as a reverse proxy on the DMZ, isolating exchanged data from threats on the internet. A Secure ICAP Gateway - a deep content inspection engine – can also be built in, a security tier preventing malicious content infiltrating through third-party interfaces. GoAnywhere’s proactive security has been further enhanced through integration with the Fortra Threat Brain , a massive threat intelligence database which continuously identifies and blocks incoming IPs with bad reputations or malicious intent befor e those threats can enter an organisation. Connect Cloud and On-Prem Applications A final differentiator that makes GoAnywhere a standout in the enterprise middleware space is its ability to connect both on-premises systems and cloud-based applications. GoAnywhere goes beyond what a typical SaaS middleware application can do. For instance, if you offer a middleware platform as a SaaS solution, a lot of organisations still have different on-prem applications in addition to their legacy systems, segmented networks, private and public cloud-based systems and external interfaces with their trading partners. Having yet another SaaS platform makes it challenging to interconnect all these on-prem and cloud data points. However, GoAnywhere can secure file transfers and centralise them across cloud, on-premises, hybrid, or SaaS environments. It isn’t confined to one or the other. Consolidate, downshift, simplify, and streamline For enterprises looking to boost their efficiency and streamline their operations (and that’s all enterprises!) the right middleware can make all the difference. GoAnywhere MT offers more than a typical MFT. With GoAnywhere, enterprises can create a flexible, scalable, high-performance middleware platform to securely: transfer at speeds up to 10 Gbps interface with a wide variety of systems, applications and cloud services protect files from malware get zero trust protection, no matter where files travel, and keep data out of the DMZ. GoAnywhere as Middleware Consistently declared to be the world’s leading MFT , GoAnywhere is renowned for its robust security features, flexibility, and ability to work where and how you need it. For enterprises, that’s becoming the space between all the moving parts. Local Expert Help At Generic Systems Australia , we have many years of experience helping Australian and New Zealand IT teams streamline their file transfers and protect their valuable data with GoAnywhere MFT. From the initial scoping of organisations’ legacy data transfer approaches, through zero-cost Proof of Concepts and hassle-free Migration Services , we help companies stay focused on running their business without disruption as we transition them to more secure approaches. Please feel welcome to contact me for an obligation-free discussion about how GoAnywhere can help your organisation. At Generic Systems Australia, we’re your local experts in Managed File Transfer. Previous Next

< News New Cyber Laws Passed – What Australian Businesses Need to Know and Do 27 Nov 2024 Earlier this week, the Australian Parliament passed a suite of legislative reforms designed to enhance Australia’s cyber security. The reforms include a raft of new requirements and obligations on Australian businesses. About the Legislation Based on recommendations by the Parliamentary Joint Committee on Intelligence and Security, the new legislation addresses a number of proposals initially set out in Australia’s 2023 – 2030 Cyber Security Strategy, and spans three separate Acts: 1. the Cyber Security Act 2024 (Cyber Security Act); 2. the Intelligence Services and Other Legislation Amendment (Cyber Security) Act 2024 ; and 3. the Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Act 2024 (SOCI Amendment Act). Mandatory reporting of ransom payments, and the introduction of a new voluntary information sharing regime, will have the most immediate impact on organisations. Mandatory Reporting of Ransomware Payments Ransomware attacks are rife across Australia. The Australian Signals Directorate (ASD) reported that this form of cyber extortion accounted for 11% of all cyber incidents to it in 2023-2024, up from 8% in the previous year. The Government had previously pursued a ban on ransom payments. However, its position has since moderated somewhat. The Cyber Security Act only requires organisations to report ransomware payments to the Department of Home Affairs and the ASD. This new reporting obligation will commence at latest six months after the Act receives royal assent (potentially earlier by proclamation) and applies broadly to: · organisations which are a responsible entity for a critical infrastructure asset; and · other private sector organisations which conduct business in Australia with an annual turnover exceeding a threshold (to be specified - likely to be A$3M). Ransomware reports are required to be made within 72 hours of making a payment (not the receipt of a demand or the discovery of a ransomware attack). Difficult Decisions The requirement to report payments will need to be taken into account by Boards when considering whether to pay a ransom. The Government’s general view on ransoms continues to be that organisations should not pay them. It reasons that payments don’t guarantee the recovery or confidentiality of stolen data, but do encourage cyber attacks to proliferate. Organisations in receipt of ransom demands are left to ponder several competing considerations… · Paying a ransom could potentially contravene sanctions (such as the one imposed on Aleksandr Ermakov, the individual responsible for the 2022 Medibank data breach) or anti-money laundering laws. · Company Directors fulfilling the duty of care to act in the best interests of their organisation will need to balance the risks of payment - commercial damage, incentive to re-target, uncertainty of data recovery – against the risks of not paying - loss of systems data, reputational damage, third party claims, lost customers and business disruption. If a ransom payment is made, then the new mandatory reporting obligation will be in addition to other applicable reporting requirements an organisation is subject to. These could include the Privacy Act 1988 , the SOCI Act , and continuous disclosure obligations under the ASX Listing Rules and CPS 234. In fact, it’s important that Cyber Incident Response plans developed by organisations specifically address these overlapping requirements, taking into account the various regulators and timeframes of each. Be aware that, for any entities regulated under the SOCI Act , it’s also conceivable that the Government could use its directions power to direct an entity to pay - or not pay - a ransom. An organisation which fails to comply with mandatory ransom reporting will incur a civil penalty of 60 penalty units (currently A$93,900). Voluntary reporting regime A new National Cyber Security Coordinator (NCSC) is being established under the Cyber Security Act to lead a whole-of-government response to significant cyber security incidents. The Act provides a framework for the voluntary disclosure of information by any organisation operating in Australia, or any responsible entity under the SOCI Act , to the NCSC relating to cyber security incidents. However, it imposes various limitations on how the NCSC may further use and disclose information voluntarily provided by entities, depending on the significance of the incident. Non-significant cyber security incidents: Information can be used for limited purposes such as directing the reporting entity to assistance services, coordinating a government response, and informing Ministers. Significant cyber security incidents: Information can be used for broader ‘Permitted Cyber Security Purposes’. These include preventing or mitigating risks to critical infrastructure or national security, and supporting intelligence or enforcement agencies. A cyber security incident is deemed “significant” if: there is a material risk that the incident has seriously prejudiced, is seriously prejudicing or could reasonably be expected to prejudice the social or economic stability of Australia or its people, the defence of Australia or national security; or the incident is, or could reasonably be expected to be, of serious concern to the Australian people. Information voluntarily provided by organisations to the NCSC is subject to limited use protections similar to those which apply to information disclosed as part of a ransomware payment report. The new voluntary reporting regime and corresponding limited use protection has come into immediate effect. Limited use protection The Cyber Security Act outlines how businesses should work with the NCSC and other government agencies to obtain assistance and guidance when responding to cyber incidents. It also provides businesses with certain limited use protections when collaborating with the government’s cyber security agencies - a legislative foundation for the CISA Traffic Light Protocol government agencies have recently offered when assisting organisations. Such protections were requested by business lobby groups. They provided feedback during the public consultation period that disclosing information about a data breach could risk exposing an organisation to further regulatory or enforcement action, adverse publicity and litigation. Further, if disclosing a cyber incident was determined to be against an organisation’s best interests, its directors could potentially be in breach of their duties in approving the disclosure. That could in turn expose directors to enforcement action from ASIC. Counterweighing these concerns, the Government believes that sharing information on current threats and incidents can help other organisations avoid similar incidents. In balancing these competing interests, the Cyber Security Act limits the purposes for which information contained in a ransomware payment report or voluntarily report provided to the NCSC can be used or disclosed. The NCSC (and any Government agency it coordinates with) cannot record, use or disclose the information provided for the purposes of investigating or enforcing or assisting in the investigation or enforcement of any contravention of a Commonwealth, State or Territory law. An important exemption from the limited use protections are that crimes and breaches of the limited use protections created by the Act. In this way, the protections stop short of being a full “safe harbour”. Information provided under these protections isn’t admissible in evidence against the disclosing entity, including criminal, civil penalty and civil proceedings (including a breach of the common law). And the provision of information to the NSCS does not affect any claim of legal professional privilege over the information contained in that information. These limited use protections will be of value to organisations disclosing information to the Government about cyber incidents. However, directors should bear in mind the notable gaps in the protection they provide. For example: Information provided can’t be used or disclosed for the purposes of investigating or enforcing any contravention by the reporting entity of another law (whether federal, state or territory), other than a law that imposes a penalty or sanction for a criminal offence. This means that if the ransomware report indicates that a payment was made in breach of relevant sanctions laws, then the limited use protection will not prevent the use of the report in a subsequent investigation or enforcement action. While information provided to the NCSC cannot be obtained from the NSCS by regulators or government agencies, the protection offered under this Act does not prevent regulators from obtaining the underlying information through other means, including via regulatory investigatory powers or where provided under other mandatory reporting regimes, such as those in the Privacy Act 1988 , the SOCI Act, the Telecommunications Act 1997 and the ASX Listing Rules continuous disclosure obligations. So, cyber incident notifications provided to the ACSC under the SOCI Act are not captured by the limited use protection, even if that information is also voluntarily provided to the NCSC or detailed in a mandatory ransomware report. A similar limited use protection has been introduced via the Intelligence Services and Other Legislation Amendment (Cyber Security) Act 2024 for cyber incident information voluntarily shared with the ASD. Other Inclusions in the Legislation This article has focused on developments within the new Cyber Security legislative reforms which will most impact companies and organisations. However, in the interests of completeness, here is a brief overview of other key developments covered in the legislation: Mandated Security Standards for Internet of Things (IOT) Devices. These standards will be detailed in legislative rules, with suppliers required to provide a statement of compliance for devices supplied to the Australian market. New Cyber Incident Review Board. This independent advisory body will be empowered to conduct no-fault, post-incident reviews of significant cyber security incidents and provide recommendations and information to both the private and public sector. It will have the power to compel entities to provide information about significant cyber security incidents. Critical Infrastructure definition expanded. Data storage systems which hold business critical data have been added to the definition of critical infrastructure assets. This closes a gap in the regulations which became apparent in the aftermath of the Optus and Medibank data breaches. Expanded Incident Response Powers. The Government will now have the power to direct an entity to take, or not take a specific action, in the event of a cyber incident affecting critical infrastructure. Security and incident notification obligations moved from the Telecommunications Act 1997 to the SOCI Act , consolidating the cyber obligations of telecommunication carriers and carriage service providers under a single piece of legislation. What Organisations Should Do Cyber security response plans should now be reassessed and upgraded to ensure they align to the new mandatory ransomware reporting requirements. Playbooks and procedures should take account of how an organisation plans to engage with cyber security authorities, bearing in mind the extent - and limitations - of the defined limited use protections. Focus on preventing cyber incidents - not just responding to them . A Managed File Transfer (MFT) solution such as GoAnywhere MFT can encrypt data at rest and in transit, complying with the highest data security standards. It manages inbound and outbound file transfers across an organisation, using industry-standard file transfer protocols and encryption to protect your data. Advanced Threat Protection and Adaptive Loss Prevention add a further layer of defence. SFT Threat Protection facilitates safe collaboration with external parties, helping to prevent malware from entering an organisation, and reducing the risk of employees losing or mishandling sensitive data. Finally, organisations should seek professional legal counsel in determining and responding to their obligations and responsibilities under the new Cyber Security legislative reforms. The information provided in this article has been general in nature, and the interpretations and advice outlined above should not be interpreted as professional legal advice. Previous Next

< News Phishing Surges on the Back of QR Codes 17 July 2025 New research published by the Anti-Phishing Working Group (APWG) shows that phishing attempts have surged to levels not seen since late 2023. QR codes are increasingly the attack vector of choice. Each day, millions of emails are sent containing QR codes that lead consumers to phishing sites and malware. Q1 Lowlights · APWG observed a total of 1,003,924 phishing attacks in the first quarter of 2025 - the largest number of attacks per quarter since late 2023. · Attacks against the online payment and financial sectors grew in Q1 2025, comprising 30.9% of all attacks. · The total number of wire transfer Business Email Compromise (BEC) attacks increased by 33% in Q1 2025 compared to the previous quarter. Most Targeted Industries The SaaS/Webmail sector was the most targeted industry by cyber attackers in Q1 2025, making up almost 18% of the total attack volume. The financial industry also continues to be a highly attractive sector for cyber threat attackers, with Payment, Banking, and Crypto contributing to approximately 33% of all phishing attacks in Q1 2025. QR Codes Popular QR code attacks occur when an adversary leverages QR codes to social engineer a user, such as redirecting a victim to a phishing website or to download a malicious attachment. QR codes are becoming an increasingly popular phishing tactic due to the various features they offer. Cyber attackers have been observed taking advantage of QR code features in the following ways: · The availability of free QR code generators facilitates phishing attacks due to decreased financial costs of infrastructure, and free services tend to have less resources dedicated to takedowns of legitimate service abuse and other malicious activity. · Attackers can combine QR codes with URL shorteners to obscure the true destination of the URL and thereby direct victims to malicious sites. Certain industries tend to be more prone to QR code attacks, such as Retail & Wholesale, as consumers have adapted to relying on QR codes to access these services. Burgeoning BEC APWG member Fortra tracks the identity theft technique known as “business e-mail compromise” (BEC). BEC was responsible for A$4.3B in losses in 2024 according to the IC3. In a BEC attack, a threat actor impersonates an employee, vendor, or other trusted party in an email communication and attempts to trick an employee into sending money, privileged information, or some other asset. · During the first quarter of 2025, gift card scams were once again the most popular scam type, making up more than half the total number of attacks. · The total number of wire transfer BEC attacks observed by Fortra in Q1 2025 increased by 33% compared to the previous quarter. · The average amount requested in wire transfer BEC attacks in Q1 2025 was A$65,000. · 72% of BEC attacks in Q1 2025 were launched using a free webmail domain. · Remcos RAT was the most common malware payload Fortra observed in Q1 2025. Protection Against Phishing Our SFT Threat Protection Bundle enables your organisation’s email system to automatically detect and prevent phishing links and other malware from entering your organisation. Combining the layered strengths of GoAnywhere MFT and Clearswift, it means your team can receive and share information securely, without impairing their productivity. Seamlessly integrating managed file transfer with advanced threat protection and adaptive data loss prevention, SFT Threat Protection not only prevents malware from entering your organisation, but it also prevents employees from losing or mishandling data. For example, if an employee knowingly –– or unknowingly –– attempts to share any files containing malware, those files are sanitised by having the malicious elements automatically removed. It can also automatically detect and –– if you configure it to do so –– prevent employees from sharing sensitive information. Local Help on Hand Generic Systems Australia has decades of experience helping Australian and New Zealand organisations protect themselves against phishing and other cyber attacks by leveraging the power of the world’s leading MFT solution. Our Migration Service makes the transition even easier for organisations who prefer to use their resources building their businesses rather than improving their IT plumbing. If you’d like a no-cost, no-obligation discussion about how we could help you simply and affordably adopt an advanced MFT solution, please feel welcome to get in touch with us. At Generic Systems Australia, we’re your local experts in Secure Managed File Transfer. Previous Next

< News Huge Average Cost of Data Breaches Revealed 22 Jan 2024 Cost of a Data Breach A$6.77 million! That was the average cost globally of a data breach in 2023, according to research by IBM. An all-time high, and a 15% increase over the last 3 years, the astonishing number was calculated through in-depth analysis of real-world data breaches experienced by 553 organisations globally – including 112 in the Asia and Pacific regions – in the 12 months prior to March 2023. Alarmingly, only a third of studied breaches were detected by an organisation's own security team. 27% were disclosed by an attacker, and the remainder came from customers, trading partners, law enforcement and other third parties. Nearly 40% of breaches were compounded by the loss of data across multiple environments including public cloud, private cloud, and on-prem. IBM recommended company security teams focus on where cyber criminals are most successful and concentrate their efforts on stopping them before they achieve their goals. This is where an investment in a Secure Managed File Transfer solution has a key role to play. The interception of ad hoc file transfers – for example, email attachments, FTP transfers and other ad hoc methods of moving data within your organisation and between its trading partners – is a key exposure. A Secure Managed File Transfer solution such as the class-leading GoAnywhere MFT addresses the many risks of these ad hoc approaches through a holistic approach and complementary array of security features. Authentication & Encryption Automatically encrypt files on disk using AES 256 encryption Use Domains to create multiple security zones. Filter connections with IP blacklists and whitelists (Global and User level). Block Brute-Force and Denial of Service (DoS) attacks with an automatic IP blacklist. Authenticate SFTP connections with passwords and/or SSH keys. Authenticate FTPS and HTTPS connections with passwords and/or SSL certificates. Ability to accept or reject files with certain extensions. Run services under non-standard port numbers. Create and manage SSL certificates, SSH keys, and Open PGP keys through integrated screens. User Access & Controls Authenticate users against LDAP, Active Directory (AD), IBM i profiles, RADIUS, RSA SecurID, Google Authenticator, Duo Security, and other IAM (Identity and Access Management) solutions. Define administrator user permissions for separation of duties. SAML support for single sign-on and dual factor authentication. Restrict users to specific home directories and subfolders. Specify folder level permissions (upload, download, delete, rename, etc.) by user and group. Restrict user logins to certain days-of-week or times-of-day. Set password policies and expiration intervals. Authorise selected services (e.g. FTP, SFTP, FTPS, HTTPS and AS2) to certain users and groups. Disable user accounts after maximum login attempts. Disable user accounts automatically after a period of inactivity. Receive instant notifications on login failures. Disable anonymous login. View the active sessions for logged-in users with the ability to terminate (kick) sessions. Auditing & Reporting Generate full audit trails of all user events and file activity with reporting. Generate reports of file transfer activity, user statistics, and completed jobs from within the console. Feed audit log messages to a central SYSLOG server. Full Compliance GoAnywhere MFT secures your sensitive files and transmits data using the latest security standards, keeping your data secure and compliant with regulations, frameworks, and standards, including: Australia’s Consumer Data Right. Singapore’s PDPA (Personal Data Protection Act). PCI DSS, the global data security standard adopted by payment card brands. The EU’s GDPR (General Data Protection Regulation) The US’s HIPAA (Health Insurance Portability and Accountability Act) & HITECH (Health Information Technology for Economic and Clinical Health Act). The US’s FISMA (Federal Information Security Management Act) & NIST (National Institute of Standards and Technology) Cybersecurity Framework. Canada’s PIPEDA (Personal Information Protection and Electronic Documents Act). California’s Consumer Privacy Act. “An ounce of prevention…” As the old saying goes: “An ounce of prevention is worth a pound of cure”. To avoid becoming one of the cybercrime victims IBM studies in 2024 😉 please do explore how the world’s leading Managed File Transfer solution, GoAnywhere MFT can bolster your organisation’s Cyberdefences. Our Business Manager, Bradley Copson ( bradley@gensys.com.au ), is always happy to have an obligation-free discussion , and can offer you a no-cost trial or Proof of Concept. Previous Next