Search Results

< News MFT Lends Small IT Teams a Big Hand! 29 Sept 2025 Small and medium-sized organisations face the same escalating cyber threats as large corporations. However, they need to deal with those threats with much smaller IT teams and resources. Installing a Managed File Transfer (MFT) solution can help lift a heavy load from your stretched IT team, freeing them up to focus on other business needs. Your Davids vs The Cyber Goliaths Hackers are increasingly forming large, decentralised syndicates to attack and exploit vulnerabilities worldwide. This enables them to attempt phishing, malware deployment and credential theft across a vast number of organisations simultaneously. What makes these syndicates especially dangerous is their resilience: even if parts of their network are shut out, others remain active to reconfigure and attempt a different attack. By further leveraging automation and remote access tools, hackers can scale their operations with minimal effort, making their networks a formidable threat to organisations of all sizes. Small IT teams need powerful IT allies. And one such ally is an MFT solution, such as GoAnywhere MFT." MFT in a nutshell Managed File Transfer is a secure, automated solution for exchanging data—internally and externally—across systems, employees and partners. Unlike traditional file transfer methods (like FTP or email attachments), MFT offers encryption, access controls, audit trails, and automation, all within a centralised platform. MFT offers both effectiveness and efficiency boosts to small IT teams. Tough Encryption MFT encrypts files both in transit and at rest, reducing the risk of interception and unauthorised access. Sensitive data—financial records, customer information, intellectual property—remains protected even when transferred across public networks. Automate Repetitive Tasks With limited manpower, automation is key. MFT enables IT teams to schedule and monitor file transfers without manual intervention. This reduces human error and frees up time for strategic tasks like threat monitoring and system updates. Access & Authentication MFT offers granular user permissions and multi-factor authentication, ensuring only authorised personnel can access or send files. This minimises insider threats and accidental data exposure. Audit Trails & Compliance MFT logs every file transfer, creating a detailed audit trail that supports compliance with regulations like GDPR, HIPAA, and ISO 27001. For small teams, this built-in reporting saves hours of manual tracking and simplifies audits. Centralised Management Instead of juggling multiple file-sharing tools, MFT consolidates transfers into a single dashboard. This streamlines oversight, reduces shadow IT activity, and makes it easier to spot anomalies or unauthorised activity. Scalable Security Support MFT doesn’t just protect data—it empowers small IT teams to enforce enterprise-grade security without needing enterprise-sized resources. By automating secure transfers, reducing manual errors, and centralising control, MFT acts as a force multiplier for your IT Team’s cybersecurity efforts. And for small IT teams, it’s not just a tool—it’s a strategic upgrade to their cyber resilience. Local Help on Hand At Generic Systems Australia we’re Australia’s and NZ’s experts in deploying Managed File Transfer solutions. We’ve assisted businesses of all sizes to protect their customer data and secure their file transfers, while keeping their operations running smoothly. If you’d like to discuss how we can help you, please feel welcome to contact me . I’m always happy to have an obligation-free chat and explain how simply we can help you maintain your customers’ trust. Previous Next

< News GoAnywhere declared "Best MFT" 6 Nov 2023 GoAnywhere judged to be Best Managed File Transfer Solution Transferring data is the lifeblood of a modern organisation. Securely sharing critical information between employees, suppliers and customers is essential to efficient operations. Last year, respected tech analysts Info-Tech evaluated the most popular MFT software and vendors. Their analysis, which took into account vendor experience and capabilities, product features and customer satisfaction, found GoAnywhere to be the top MFT solution. So, what led Info-Tech’s judges to recommend GoAnywhere for businesses seeking a secure and efficient file transfer solution…? Unmatched Versatility: GoAnywhere MFT offers an all-encompassing platform for secure file transfers, automation, and seamless cloud integration. Some competitive offerings don’t support Cloud Deployment. GoAnywhere’s versatility and extensive feature set impressed Info-Tech's evaluators, leading them to conclude it was the ideal choice for businesses with diverse transfer needs. User-Friendly Efficiency : User-friendliness is key element of efficient in business operations, and Info-Tech found that GoAnywhere MFT really delivers on this front. From IT specialists to non-technical professionals, the platform's intuitive design streamlines file transfers, task scheduling, and security management. Fortified Security: In this era of increased data breach risk, GoAnywhere’s robust encryption and access controls keep sensitive data protected. Stellar Customer Reviews : 93% of GoAnywhere reviewers said they would likely recommend the solution. The solution’s composite review score was 8.9 out of 10. Budget-Conscious Investment : Info-Tech found GoAnywhere MFT to be a supremely cost-effective solution, with attractive pricing strategies. Responsive Support and Ongoing Updates : Info-Tech applauded GoAnywhere for its responsive customer support and regular updates, ensuring business continuity. Market Leader – for a reason GoAnywhere MFT's combination of versatility, security, ease of use, and budget-friendliness has propelled it to the top of the MFT market, as recognised by Info-Tech. For businesses on the quest for a comprehensive and reliable file transfer solution, GoAnywhere MFT is the smart and strategic choice. Want to Learn More? Generic Systems Australia is the Asia-Pacific region’s leading provider of secure MFT solutions. If you’d like to explore how your organisations’ efficiency and bottom line could be boosted through MFT technology, please feel free to contact our Business Manager , Bradley Copson , for an obligation-free discussion, or read more on our website . Previous Next

< News Cyber Target Paris Prepares 23 July 2024 As the attention of sports fans turns to Paris this week, so too are the nefarious attentions of the world’s cyber criminals. So: how will the world’s largest sporting event keep its data and systems secure…? Read on to learn more from those charged with defending the Summer Olympics’ IT systems. Miscreant Magnet Vincent Strubel, head of France’s national cybersecurity agency (ANSSI), warned that this year’s summer Olympics was facing an unprecedented level of cyber threats. Said Strubel: “There will be cyberattacks during the Games and the Paralympics... Some won’t be serious. Some will be serious, but won’t have an impact on the Games. And perhaps there will be some that are serious and liable to have an impact on the Games.” Franz Regul, head of the cyber team responsible for Paris 2024, said he expects the number of security events this year to be “multiplied by 10 compared to Tokyo”. There is a need to keep an exceptionally tight attack surface and tie up any loose ends like SSL misconfigurations, open ports, and privacy issues such as cookie consent violations. French anti-cybercrime units have classified the cyber threats in five categories: 1. Amateur Hackers As the “as-a-service” cybercrime economy develops, it’s become easier than ever for novice threat actors to launch more sophisticated attacks than their limited skillsets would otherwise have allowed. This lowered bar for entry will lead to a higher overall number of attacks. 2. Thrill-Seekers The sheer size and popularity of the Olympic Games will tempt those broadly inclined to create nuisance or show off their “cyber chops” to their peers. They’ll likely seek to exploit any security weaknesses in the websites or booking sites purposed for the event, including those of media organisations and sponsors. Common website security attacks such as cross-site scripting, SQL injection, and DDoS attacks will be their primary threat vector. 3. Hacktivists Activists passionate for their cause of choice are likely to attempt to hijack the world’s largest stage. 4. Black Hat Thieves The immense cashflow around the Paris Olympics makes them a potentially lucrative target for cyber thieves. Phishing attempts – expected to arrive in the form of unsolicited emails about the Games, lodging, tickets, or information followed by “helpful links” – will abound. Those who open the emails and click on the links may find their bank accounts quickly compromised. 5. Nation-State Actors The Olympics have long been a huge world stage on which global powers send political signals to countries, governments, and the world at large. As the Associated Press recently noted, “Among the most threatening cyber-adversaries are countries who might want to embarrass and exact costs on France and the International Olympic Committee.” Defending the Games French cybersecurity authorities are cagey about the significant precautions they’re taking to thwart cyber criminals. Revealing too much would give away a tactical advantage to blog-reading Black Hats. However, here’s what we know so far… 1. Ethical Hackers The ANSSI has hired ethical hackers to test the attack vectors on all Olympic websites. According to Strubel, 500 sites, competition venues and local collectives have all been put under “friendly fire”. 2. AI Artificial Intelligence is being employed to test for multiple threats across IT systems and websites. Regul said that AI was helping differentiate “between a nuisance and a catastrophe”. 3. Physical Security Transportation, supply chains, and surveillance systems are other potential targets for those seeking to compromise the Games. All have been included in the safety perimeter of the Paris 2024 cybersecurity preparations. 4. External Expertise The 2018 Winter Olympic Games were targeted by malware dubbed “Olympic Destroyer”, which aimed to disrupt the opening ceremony. Paris cybersecurity teams have tapped the knowledge and experiences of the consultants who detected and disabled that threat. A Bug Bounty program has also sought to attract the time and skills of independent IT practitioners. 5. Education & War Gaming During the past two years, ANSSI has been “war gaming” cyber incidents with the International Olympic Committees’ IT partners, and deploying cyber defence education programs across the thousands of people responsible for operating the Paris Games’ IT systems. No News will be Good News The final word on Paris’s cyber preparations belongs to Jérémy Couture, who helms the official cybersecurity hub of the Paris Olympic games. Couture said his dream for the Olympics is that technology and cybersecurity won’t be talked about - because that will mean they were a non-issue. Sports fans around the world will be hoping his dreams become reality. Need a Local Expert? If – like the Paris Games - you’d like to tap local expertise keep cyber criminals at bay, please feel welcome to contact me, Bradley Copson ( mailto:bradley@gensys.com.au ). I’m always happy to have an obligation-free discussion, explain how simply we can transition you from outdated software and approaches, and offer you a zero-cost Proof of Concept. At Generic Systems Australia , we’re your local experts in secure Managed File Transfer. #MFT #managedfiletransfer #securefiletransfer #sft #cybersecurity #datatransfer Previous Next

< News Why “Free” File Transfers Are Costing You 8 Apr 2026 With more than 400 million terabytes being created and transferred every day, the ability to transfer files quickly, dependably and securely is a core business process. Surprisingly, some businesses entrust this to free file transfer software. However, “free” software sometimes isn’t… A study by Aberdeen Group identified hidden costs that businesses incur using “free” file transfer mechanisms. In fact, 80% of files sent through e-mail attachments or “free” file transfer services ended up costing organisations money in the long run. Here’s how. Productivity Increasing file sizes mean it’s taking longer and longer to move data around. For example, as businesses and government become more reliant on the high-resolution cameras in our smartphones, image files are growing significantly in size. High-definition video files are currently the standard, but are already being supplanted by 4K videos. These are typically hundreds of gigabytes in size. Moving high-res movies around finds employees spending more time than ever before simply waiting for file transfers to complete. When your team is waiting for a file to transfer, there’s a significant hit to their productivity. Every hour it takes them to send a file is an hour where both they - and perhaps, their collaborator - are without the data they need to work effectively. Multiply the number of hours by the salaries of both employees and the “free” file transfer is no longer free. IT Support Trying to send a file - only to have the transfer crash midway – is not just frustrating, it’s a further waste of time. When file transfers fail, employees typically seek support from their IT department. That incurs a further labour cost in resolving the problem. Aberdeen’s study estimated that resolving each stalled file transfer required a cumulative 11 hours of team time. Security Even when files successfully transfer, significant cybersecurity risks arise when sensitive files are sent via free services. In Aberdeen’s study, free service transfers were twice as likely to result in security breaches compared to those conducted with professional Managed File Transfer software. Major security issues took an average of 16 business hours to resolve and cost companies millions of dollars. Tool Search When files are too big to send as email attachments, employees turn to “free” transfer tools. However, the time spent finding such tools could have been better spent on their core responsibilities. The Better Solution GoAnywhere MFT is not only a better way to move data around your business and its supply chain… it’s also more cost-effective. Aberdeen’s study found that businesses which invested the relatively small sum needed for a professional Managed File Transfer solution had a median return of almost 500 times their investment. When it comes to Managed File Transfer solutions, there’s one acknowledged industry leader. GoAnywhere MFT automates and encrypts data between an organisation’s employees and with its trading partners, protecting from vulnerabilities while vastly improving file transfer speed and quality. Here to Help If you’d like to discuss how GoAnywhere MFT could improve your organisation’s productivity and bottom line, please get in touch with our team of local MFT experts. We’re always happy to have an obligation-free discussion about how quickly and affordably we can transition you to the efficiency, security and cost-effectiveness of a Managed File Transfer solution. Previous Next

< News New Cyber Laws Passed – What Australian Businesses Need to Know and Do 27 Nov 2024 Earlier this week, the Australian Parliament passed a suite of legislative reforms designed to enhance Australia’s cyber security. The reforms include a raft of new requirements and obligations on Australian businesses. About the Legislation Based on recommendations by the Parliamentary Joint Committee on Intelligence and Security, the new legislation addresses a number of proposals initially set out in Australia’s 2023 – 2030 Cyber Security Strategy, and spans three separate Acts: 1. the Cyber Security Act 2024 (Cyber Security Act); 2. the Intelligence Services and Other Legislation Amendment (Cyber Security) Act 2024 ; and 3. the Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Act 2024 (SOCI Amendment Act). Mandatory reporting of ransom payments, and the introduction of a new voluntary information sharing regime, will have the most immediate impact on organisations. Mandatory Reporting of Ransomware Payments Ransomware attacks are rife across Australia. The Australian Signals Directorate (ASD) reported that this form of cyber extortion accounted for 11% of all cyber incidents to it in 2023-2024, up from 8% in the previous year. The Government had previously pursued a ban on ransom payments. However, its position has since moderated somewhat. The Cyber Security Act only requires organisations to report ransomware payments to the Department of Home Affairs and the ASD. This new reporting obligation will commence at latest six months after the Act receives royal assent (potentially earlier by proclamation) and applies broadly to: · organisations which are a responsible entity for a critical infrastructure asset; and · other private sector organisations which conduct business in Australia with an annual turnover exceeding a threshold (to be specified - likely to be A$3M). Ransomware reports are required to be made within 72 hours of making a payment (not the receipt of a demand or the discovery of a ransomware attack). Difficult Decisions The requirement to report payments will need to be taken into account by Boards when considering whether to pay a ransom. The Government’s general view on ransoms continues to be that organisations should not pay them. It reasons that payments don’t guarantee the recovery or confidentiality of stolen data, but do encourage cyber attacks to proliferate. Organisations in receipt of ransom demands are left to ponder several competing considerations… · Paying a ransom could potentially contravene sanctions (such as the one imposed on Aleksandr Ermakov, the individual responsible for the 2022 Medibank data breach) or anti-money laundering laws. · Company Directors fulfilling the duty of care to act in the best interests of their organisation will need to balance the risks of payment - commercial damage, incentive to re-target, uncertainty of data recovery – against the risks of not paying - loss of systems data, reputational damage, third party claims, lost customers and business disruption. If a ransom payment is made, then the new mandatory reporting obligation will be in addition to other applicable reporting requirements an organisation is subject to. These could include the Privacy Act 1988 , the SOCI Act , and continuous disclosure obligations under the ASX Listing Rules and CPS 234. In fact, it’s important that Cyber Incident Response plans developed by organisations specifically address these overlapping requirements, taking into account the various regulators and timeframes of each. Be aware that, for any entities regulated under the SOCI Act , it’s also conceivable that the Government could use its directions power to direct an entity to pay - or not pay - a ransom. An organisation which fails to comply with mandatory ransom reporting will incur a civil penalty of 60 penalty units (currently A$93,900). Voluntary reporting regime A new National Cyber Security Coordinator (NCSC) is being established under the Cyber Security Act to lead a whole-of-government response to significant cyber security incidents. The Act provides a framework for the voluntary disclosure of information by any organisation operating in Australia, or any responsible entity under the SOCI Act , to the NCSC relating to cyber security incidents. However, it imposes various limitations on how the NCSC may further use and disclose information voluntarily provided by entities, depending on the significance of the incident. Non-significant cyber security incidents: Information can be used for limited purposes such as directing the reporting entity to assistance services, coordinating a government response, and informing Ministers. Significant cyber security incidents: Information can be used for broader ‘Permitted Cyber Security Purposes’. These include preventing or mitigating risks to critical infrastructure or national security, and supporting intelligence or enforcement agencies. A cyber security incident is deemed “significant” if: there is a material risk that the incident has seriously prejudiced, is seriously prejudicing or could reasonably be expected to prejudice the social or economic stability of Australia or its people, the defence of Australia or national security; or the incident is, or could reasonably be expected to be, of serious concern to the Australian people. Information voluntarily provided by organisations to the NCSC is subject to limited use protections similar to those which apply to information disclosed as part of a ransomware payment report. The new voluntary reporting regime and corresponding limited use protection has come into immediate effect. Limited use protection The Cyber Security Act outlines how businesses should work with the NCSC and other government agencies to obtain assistance and guidance when responding to cyber incidents. It also provides businesses with certain limited use protections when collaborating with the government’s cyber security agencies - a legislative foundation for the CISA Traffic Light Protocol government agencies have recently offered when assisting organisations. Such protections were requested by business lobby groups. They provided feedback during the public consultation period that disclosing information about a data breach could risk exposing an organisation to further regulatory or enforcement action, adverse publicity and litigation. Further, if disclosing a cyber incident was determined to be against an organisation’s best interests, its directors could potentially be in breach of their duties in approving the disclosure. That could in turn expose directors to enforcement action from ASIC. Counterweighing these concerns, the Government believes that sharing information on current threats and incidents can help other organisations avoid similar incidents. In balancing these competing interests, the Cyber Security Act limits the purposes for which information contained in a ransomware payment report or voluntarily report provided to the NCSC can be used or disclosed. The NCSC (and any Government agency it coordinates with) cannot record, use or disclose the information provided for the purposes of investigating or enforcing or assisting in the investigation or enforcement of any contravention of a Commonwealth, State or Territory law. An important exemption from the limited use protections are that crimes and breaches of the limited use protections created by the Act. In this way, the protections stop short of being a full “safe harbour”. Information provided under these protections isn’t admissible in evidence against the disclosing entity, including criminal, civil penalty and civil proceedings (including a breach of the common law). And the provision of information to the NSCS does not affect any claim of legal professional privilege over the information contained in that information. These limited use protections will be of value to organisations disclosing information to the Government about cyber incidents. However, directors should bear in mind the notable gaps in the protection they provide. For example: Information provided can’t be used or disclosed for the purposes of investigating or enforcing any contravention by the reporting entity of another law (whether federal, state or territory), other than a law that imposes a penalty or sanction for a criminal offence. This means that if the ransomware report indicates that a payment was made in breach of relevant sanctions laws, then the limited use protection will not prevent the use of the report in a subsequent investigation or enforcement action. While information provided to the NCSC cannot be obtained from the NSCS by regulators or government agencies, the protection offered under this Act does not prevent regulators from obtaining the underlying information through other means, including via regulatory investigatory powers or where provided under other mandatory reporting regimes, such as those in the Privacy Act 1988 , the SOCI Act, the Telecommunications Act 1997 and the ASX Listing Rules continuous disclosure obligations. So, cyber incident notifications provided to the ACSC under the SOCI Act are not captured by the limited use protection, even if that information is also voluntarily provided to the NCSC or detailed in a mandatory ransomware report. A similar limited use protection has been introduced via the Intelligence Services and Other Legislation Amendment (Cyber Security) Act 2024 for cyber incident information voluntarily shared with the ASD. Other Inclusions in the Legislation This article has focused on developments within the new Cyber Security legislative reforms which will most impact companies and organisations. However, in the interests of completeness, here is a brief overview of other key developments covered in the legislation: Mandated Security Standards for Internet of Things (IOT) Devices. These standards will be detailed in legislative rules, with suppliers required to provide a statement of compliance for devices supplied to the Australian market. New Cyber Incident Review Board. This independent advisory body will be empowered to conduct no-fault, post-incident reviews of significant cyber security incidents and provide recommendations and information to both the private and public sector. It will have the power to compel entities to provide information about significant cyber security incidents. Critical Infrastructure definition expanded. Data storage systems which hold business critical data have been added to the definition of critical infrastructure assets. This closes a gap in the regulations which became apparent in the aftermath of the Optus and Medibank data breaches. Expanded Incident Response Powers. The Government will now have the power to direct an entity to take, or not take a specific action, in the event of a cyber incident affecting critical infrastructure. Security and incident notification obligations moved from the Telecommunications Act 1997 to the SOCI Act , consolidating the cyber obligations of telecommunication carriers and carriage service providers under a single piece of legislation. What Organisations Should Do Cyber security response plans should now be reassessed and upgraded to ensure they align to the new mandatory ransomware reporting requirements. Playbooks and procedures should take account of how an organisation plans to engage with cyber security authorities, bearing in mind the extent - and limitations - of the defined limited use protections. Focus on preventing cyber incidents - not just responding to them . A Managed File Transfer (MFT) solution such as GoAnywhere MFT can encrypt data at rest and in transit, complying with the highest data security standards. It manages inbound and outbound file transfers across an organisation, using industry-standard file transfer protocols and encryption to protect your data. Advanced Threat Protection and Adaptive Loss Prevention add a further layer of defence. SFT Threat Protection facilitates safe collaboration with external parties, helping to prevent malware from entering an organisation, and reducing the risk of employees losing or mishandling sensitive data. Finally, organisations should seek professional legal counsel in determining and responding to their obligations and responsibilities under the new Cyber Security legislative reforms. The information provided in this article has been general in nature, and the interpretations and advice outlined above should not be interpreted as professional legal advice. Previous Next

< News Compulsory Disclosure of Ransomware Payments Looms 6 Aug 2024 Australian organisations will soon be forced to disclose their ransomware payments to cyberthieves. The measure is included in a landmark new Cyber Security Act to be brought before parliament’s next sitting. It comes in response to research which shows Australian businesses have been paying untold amounts of ransom to hackers in what is now a mounting wave of ransomware hacks. Ransom payments flourishing The government is reportedly concerned that the practice of quietly paying off cybercriminals has flourished in secrecy. While the government originally planned to place an outright ban on ransom payments, it’s now focused on mapping the scale of the problem. "People are paying criminals money and it is happening in the darkness (and) we need to bring this out into the light," said former minister for cybersecurity Clare O'Neil. "Government cannot win this war alone. We need a whole-of-nation effort here." Every six minutes In its 2022/23 Annual Cyber Threat Report, the Australian Cyber Security Centre confirmed it was notified of a new cyber incident every six minutes on average. Ransomware attacks have increased roughly five-fold since 2020. As worrying as those numbers might seem, they are still only a glimpse of the real problem. "It is believed that in the Five Eyes countries alone - Australia, Canada, New Zealand, the United Kingdom and the United States - literally billions of dollars in ransoms is being paid, and criminal gangs are reinvesting that money … to attack us again," O'Neil said. Business groups concerned Cyber security experts say the proposed changes strike the right balance. However, business groups say they are concerned the new disclosure rules could sink some small operators. To help tempt reluctant businesses into transparency, the government is proposing that disclosures will not be subjected to "the glare of regulators". A "Limited Use Provision" will prevent the Australian Signals Directorate and the Australian Cyber Security Centre from sharing the information more widely, except in narrow circumstances. Said O’Neil: "This is a no-fault scheme. We're not blaming businesses … they're victims of a crime." Under the existing proposal, regulators such as the Privacy Commissioner would still be allowed to investigate and prosecute companies that "leave the front door unlocked", but only using their existing powers. "It doesn't absolve business of any of their legal responsibilities or liabilities," O'Neil said. "We expect Australian businesses to take care of their customers … but sometimes things do go wrong." Not just the private sector The problem of ransomware attacks is not limited to the private sector. The Australian Signals Directorate said almost one-third of cybersecurity incidents reported in the 2022-2023 financial year came from the public service. Consecutive audits of the government sector have found it has a "low-maturity level" when it comes to cybersecurity, despite holding the largest store of sensitive data about Australian citizens. As it stands, about 1,000 Australian entities providing "critical infrastructure" such as energy, healthcare and banking services are obliged to report ransom payments. Attacks escalating The new mandatory reporting measures are recognition that there is no end in sight to ransomware attacks. Johanna Weaver, director of the Tech Policy Design Centre at ANU, said "No matter how good our cybersecurity protections are … (attacks) will continue to happen." She applauded the push to establish an ongoing "Cyber Incident Review Board", similar to what exists in the aviation industry, to learn from other major breaches, such as the attack on MediSecure. Avoiding Ransom Payments To be truly secure, an organisation’s data must be protected not only when it’s stored, but also while it’s enroute to and from storage. Managed File Transfer (MFT) solutions such as the class-leading GoAnywhere MFT encrypt data at rest and in transit, complying with the highest data security standards (including the US’s and Europe’s HIPAA, HITECH, PCI DSS, SOX, and GDPR). MFT manages inbound and outbound file transfers across an organisation, using industry-standard file transfer protocols such as SFTP, FTPS, and AS2 to send files securely, and encryption standards such as Open PGP and AES to protect data in transit and at rest. Local Expertise on Hand Generic Systems Australia are your local experts in Managed File Transfer solutions. We’ve assisted hundreds of organisations across the Asia-Pacific region to secure their data and keep cybercriminals at bay. If you’d like to discuss improving your cybersecurity, please feel welcome to contact me , Bradley Copson. I’m always happy to have an obligation-free discussion, explain how simply we can transition you from outdated software and approaches, and offer you a zero-cost Proof of Concept. Attribution: sections of this article were substantially sourced from an item originally published by ABC News Australia. Previous Next

< News Is Your Greatest Cyber Risk “Inside the Building”…? 22 May 2026 Most organisations focus their cyber security efforts on fortifying their networks against external attackers. However, firewalls, endpoint protection, and threat intelligence feeds don’t matter if someone on the inside simply hands over the keys to your data. Fresh research suggests that a worrying number of employees are prepared to do exactly that. A Workplace Fraud Trends study by Cifas has revealed that around one in eight UK employees have either sold company login details in the past year or personally know someone who has done so. The results were even more alarming when it came to who was most likely to justify this behaviour… Surprising Seniority It wasn’t disgruntled junior staff. Rather, the research points squarely at senior leadership. As reported by Infosecurity magazine, 32% of senior managers, 36% of directors, 43% of executives, and an astonishing 81% of business owners believe that selling access to company systems can be acceptable in certain circumstances. Cyber security professionals know that’s not true. Once an outsider has a legitimate set of credentials, they effectively become an insider, inheriting the same trust, permissions, and ability to move through systems undetected. That’s a cybercriminal jackpot. A valid username and password is the most efficient bypass of every security control your IT team has painstakingly put in place. That’s why every employee - regardless of seniority - must understand the importance of keeping their system access credentials confidential. However, with economic uncertainty, job insecurity, automation anxiety, and rising living costs, the temptation to make a quick buck by selling credentials is likely to grow. That’s why organisations need to put in place technical safeguards to backstop the trust they put in their employees. Technical Safety Net Managed File Transfer (MFT) acts as a powerful safety net when insider behaviour becomes a threat. Even if an attacker gains a valid username and password, an MFT platform forces all file movement through a tightly controlled, policy‑driven channel. Every transfer is authenticated, encrypted, logged, and monitored, which means stolen credentials alone don’t grant free‑form access to sensitive data. Automated workflows, IP restrictions, device‑fingerprinting, and multi‑factor requirements create friction that criminals can’t easily bypass, and the audit trail exposes any unusual behaviour instantly. As per the phrase Ronald Reagan once popularised, organisations need to “trust, but verify”. Every employee, from intern to owner, is a potential point of failure if they view their credentials as a commodity. Local Experts Available At Generic Systems Australia , we're a global leader in implementing the world's best MFT - Fortra's GoAnywhere. As one of Fortra’s top MFT partners globally, we've helped dozens of Australian and NZ organisations leverage the protection and efficiency offered by GoAnywhere. And we're right here in Australia, ready to share our deep expertise with you. Previous Next

< News Cyber Security and The Illusion of Invisibility 18 Aug 2025 When it comes to cyber theft, the bigger the firm, the bigger the headline. Optus, Medibank, Qantas, Latitude Financial, and the ANU… all of these high-profile Australian organisations have endured unwelcome time in the spotlight after mishandling their customers’ data. Widespread public familiarity with their brands, as well as their large customer bases, made them more prone to negative media attention when their cyber security lapsed. Smaller businesses – equally big targets The media’s focus on the cyber travails of large organisation can inadvertently create a false sense of security among medium and smaller organisations. That is, because there’s barely any media coverage of cyber theft from less well-known organisations, medium and small companies can be lulled into dangerous complacency about just how vulnerable and targeted they are. The reality is that medium and smaller organisations are prime targets for hackers. Illusion of Invisibility Because they’re not in the headlines, many medium and smaller businesses assume they’re “flying under the radar” as targets for cyber criminals. However, that’s exactly what makes them appealing targets. Hackers reason that medium and smaller firms likely lack the hardened defences of larger organisations – while still harbouring significant and attractive amounts of sensitive customer data. Stats tell Story Statistics from the most recent Annual Cyber Threat Report from the Australian Signal Directorate (ASD) add further perspective to the comparative threat. Last year, more medium-sized businesses reported “Extensive Compromise” cyber attacks than large businesses. The same was true in the next lower category of cyber severity, “Isolated Compromise”. Tellingly, large organisations reported more than three times the rate of success in repelling low-level malicious attacks vs medium-sized organisations. A further alarming insight is that the average financial loss incurred by medium-sized organisations due to cybercrime was almost identical to the average financial loss for large organisations. Smaller Size, Larger Vulnerability The 2024 Sophos Threat Report found that the sophistication of cyberthreats faced by small to medium organisations is often on par with those used to attack large enterprises. In forums on the dark web where cyber criminals trade tips, it’s been said that the spoils from breaching a larger number of medium-sized organisations more than offsets the returns from less frequently successful attacks on large organisations. Sophos found that organisations with fewer than 500 employees were more vulnerable to cyber criminals. Underinvestment in cybersecurity, generally smaller information technology budgets and sometimes, less-experienced IT staff or outsourced providers, all contributed to this heightened vulnerability. Sophisticated Threat Landscape The cybercriminal ecosystem has evolved rapidly to become ruthlessly efficient. Mirroring the legitimate economy, it now features specialised roles and skillsets, intermediaries and brokers, and sophisticated black market networks to facilitate transactions. Ransomware-as-a-service (RaaS) groups lease their code to affiliates, and Business Email Compromise (BEC) schemes exploit social engineering techniques to bypass technical protections. Infostealers quietly exfiltrate login data, payment card info, and browser-stored credentials before victims even realise that anything’s awry. Stepping Up Safeguards Businesses need to similarly evolve their safeguards. Spam filters and firewalls are no longer enough. The key to successfully defending against encroaching cyber threats is to use a multi-layered strategy which includes robust data transfer protection, phishing campaign detection, prevention of credential harvesting, employee training, and mitigation against BEC attack by analysing behavioural anomalies and sender authenticity in real time. A Secure Managed File Transfer solution such as the class-leading GoAnywhere MFT addresses the many risks of ad hoc techniques through a holistic approach to security, including: Automatic authentication, encryption and decryption User access controls Auditing and Reporting Continuous updates on the evolving threat landscape, and Industry standards compliance. A further defensive layer - our Advanced Threat Protection Bundle - can mask, remove, or permit Personally Identifiable Information to be moved within your organisation and beyond, via a Secure ICAP Gateway. Invisibility Isn’t Security Just because smaller firms aren’t in the headlines, don’t assume they’re not falling prey to cybercrime. The seductive illusion of “flying under the radar” is exactly what makes smaller organisations appealing targets. And, because they often lack the hardened defences of larger organisation - while still handling sensitive data - they’re more vulnerable to the threats. Here to Help At Generic Systems Australia , we’re Australia and New Zealand’s local experts in helping businesses add the protective layers of Managed File Transfer and Adanced Threat Protection to their cyber defences. If you’d like to discuss how we can help your organisation, please feel welcome to contact me . I’m always happy to have an obligation-free chat and explain how easily we can step up your cyber security. At Generic Systems Australia, we’re your local experts in Managed File Transfer. Previous Next

Why Automating Encryption and Decryption Makes Cybersecurity Sense How does encryption and decryption work? Which types of encryption are best suited to different data transfer needs? How can encryption be integrated with your existing business technologies? Our guide, Why Automating Encryption and Decryption Makes Good Cybersecurity Sense, offers a quick read of the basics of encryption, answering these questions and more. To Receive Our Report, Please Fill in the Form Below: First name Last name Enter your email address Phone You'll receive the 'Why Automating Encryption and Decryption Makes Cybersecurity Sense' shortly! RESOURCES Receive Report HOME

< News The Emotional Toll of Ransomware Attacks 25 Aug 2025 Sophos’s recent report The State of Ransomware 2025 sheds light on the little-discussed human impacts of cyber attacks within compromised organisations. Sophos polled 3,400 IT and cyber security leaders across 17 countries who had been hit by ransomware in the past year. Aside from the financial and reputational costs to the organisations, Sophos found that the organisation’s IT and cyber security teams suffered negative personal consequences from every attack. Taking the Fall The fallout from a cyber attack was often most severe at the top of the IT team. In one in four cases, the team’s leadership was replaced as a consequence. That might seem “fair” to some. However, as most CISOs will tell you, business investment decisions are frequently made at the Line of Business level. CISO projects and investment requests are considered alongside other business priorities and investments – sometimes, deprioritised and rejected. In those instances, is it reasonable to hold the CISO accountable? As Frank Dickson, group VP for security at IDC, remarked to CSOonline.com : “Some presume that a ransomware attack is the fault of the CISO. The CISO is a leader, but not  the  leader. Breaches are the result of a pattern of decisions of many.” Dickson said that some enterprise business units — even some CEOs and COOs — will sidestep CISOs by deliberately not inviting them to key meetings, out of the fear they will slow down certain business processes. With the growing frequency of cyber attacks, and the considerable business disruption they create, that’s shortsighted and risky. Emotional Toll Sophos’ survey found that the human consequences of a cyber attack were felt well beyond the leadership level. 41% of IT/cybersecurity teams reported increased anxiety or stress about future attacks. 34% said the team felt guilty that the attack was not stopped in time. 40% reported increased pressure from senior leaders - though 31% reported increased recognition. 31% of teams experienced staff absences due to stress/mental health issues related to the attack. The survey responses reveal how a ransomware attack can be a brutal blow — not just to an organisation’s finances and reputation, but to the people responsible for the IT systems. For the IT team, it’s often a high-stakes, high-pressure ordeal. HR & C-Level Support An organisation’s Human Resources team and C-suite need to play a critical role in stabilising the IT team in the aftermath of a ransomware crisis. That begins with providing immediate support: Acknowledging the pressure, and recognising within the organisation the IT team's efforts. Providing flexible work arrangements, such as adjusted hours, remote work options, and time off where feasible. Making psychological first aid and counsellors available. Ensuring clear internal communication, to avoid the stresses of miscommunication and rumours. Longer term, the focus should be on building IT team resilience. Recognising and rewarding the IT team's role in recovery. Conducting cyber security training across departments - not just IT – to reinforce a culture of shared responsibility. Implementing retention strategies to mitigate post-ransomware attack attrition. Prevention: Better than Cure At Generic Systems Australia , we help Australian and New Zealand organisations avoid cyber attacks by making file transfer and email systems smarter and more resilient. Please feel welcome to contact me if we can help you. We’re your local experts in data transfer. Previous Next