Search Results

< Case Studies Keeping Ahead of Competition in Commercial Real Estate Decades of experience helping Asia-Pacific customers have established Generic Systems Australia as our region’s local experts in secure managed file transfer. In this case study, we share the many ways in which an international commercial real estate firm leverages the flexibility of GoAnywhere MFT . One commercial real estate company has a mission to redefine their industry with long-term investments in people and technology that deliver actionable insights and create the best customer experience. They’ve also made it their mission to ensure any data they’re transferring is transferred securely. This corporation is an industry-leading commercial real estate company that offers a robust suite of services to its multifamily and commercial property clients. They offer services in commercial real estate investment sales, mortgage banking, and mortgage servicing. They now operate worldwide, have over 1,000 employees, and have closed billions of dollars in production volume. GoAnywhere MFT plays a key role in their success. Retiring REST A Senior Engineer provided some insight into the company’s three-year usage of GoAnywhere. Originally, when they needed to wire SFTP files to the bank, they used a homegrown tool, built internally and solely for the purpose of SFTP transfers to wire payments. However, because processes were taking too much time, they decided to look elsewhere for a better solution. What they found exceeded their original expectations. Prior to implementing GoAnywhere MFT, the process of keeping data consistent was a challenge. Stated the Senior Engineer: “Before GoAnywhere, we used the same REST call and put data in the SQL Server, but I was having a hard time with Windows vs. AWS and Azure and getting the same data repeatedly.” With GoAnywhere, Windows can grab data easily and consistently. Daily Deliveries Once the Senior Engineer learned the product, which didn’t take long, they were an expert in GoAnywhere. Now, more than 1,715 jobs are run each day. Most of the file transfers are B2B, moving from the company to a financial institution of some sort. “We wanted something that could go to a database seamlessly. We must get files to the bank in a very timely matter. Every wire file goes to the Federal Reserve and must get a Federal Reserve number before it can be funded to the bank. That all takes time. You don’t want to be at a standstill at 5:00 pm on a Friday trying to figure out why you can’t get a wire file to a bank! They’re funding loans that are $40 million!” Now the Senior Engineer can set up new transfers in just two minutes once they have all the information and can execute transfers in 10 seconds. If it clears, transfers start and stop in about one second! “Currently, we have 63 projects running in the GoAnywhere scheduler. We started with 15 and it has grown from there.” Mortgage Rate Magic Aside from the daily deliveries, the company also utilises GoAnywhere to stay one step ahead of their competition and offering the best mortgage rates possible. Mortgage rates update every minute. Because the company is committed to offering the best interest rate in the steep pool of competition, they avoid offering one single rate per day, as some of their competitors do. It’s especially important for them to pull the data in real time because even a couple of points in an interest rate change can make a big difference. GoAnywhere MFT helps the company’s competitive edge thrive and delivers an advantage by allowing real-time interest rate comparison. “We use MFT to get the latest mortgage rates available,” the Senior Engineer said. “We have several applications that use these rates. Each time you pull the rates, it costs money. Instead of having each application pull rates, we have MFT make a REST call to grab the rates and push them into a SQL Server, for all of our on-premises dotnet applications to use.” All applications that need the updated rates call the SQL Server to get the rates in real time. From there on, the rates are formatted into a JSON file and sent to AWS, where the rest of their cloud-based apps can use them. All applications have the same data source that is updated at the same time; therefore, they only need one outbound call to grab the rates. All the apps in the AWS environment can also get the necessary rates at the exact same time. It doesn’t matter which application connects; it should get the same rate. Exceeding Expectations Among transferring files securely, upgrades and updates for GoAnywhere MFT have served as an additional, yet unexpected benefit for the company. They have been easy to complete, and the Senior Engineer was able to successfully conduct their company’s annual disaster recovery (DR) test without fail. Overall, the Senior organization is very satisfied with their experience using GoAnywhere MFT. At this commercial real estate company, GoAnywhere’s flexibility is exploited for a great many time-saving projects, allowing valuable staff and system time to be directed to other areas. Although the company is typically using GoAnywhere MFT to transfer daily B2B files to financial institutions and provide competitive mortgage rates to their clients, their Senior Engineer said they often find new ways to leverage the product. “In meetings when someone has an idea, or has been doing something manually repeatedly, I know that GoAnywhere can take care of it and do what’s being requested. I always say, ‘We can do that! They can do this!’” Previous Next

< News GoAnywhere's Cloud Connectors 17 Mar 2024 Seamlessly integrate GoAnywhere with External Services via Cloud Connectors Cloud Connectors enable you to easily and securely transfer files between your organisation and external cloud services and applications. Also referred to as “cloud integrations”, Cloud Connectors offer out-of-the-box connectors for GoAnywhere to popular services including Salesforce, SharePoint Online, Microsoft Dynamics 365, Box, and Dropbox. For example: Let’s say one of your trading partners requests an important file and wants you to share it via a folder in Dropbox. Or perhaps you have contacts or billing information you want to update automatically in Salesforce. Cloud Connectors enable you to easily do so. Broad Range Cloud Connectors are easily downloaded from GoAnywhere MFT’s integrated Marketplace, which features Connectors for the most commonly used cloud services. These include: • Alibaba Object Storage Service • Amazon Cloud Trail, CloudWatch, EC2, Lambda, SNS, and SQS • Atlassian JIRA • Automate Plus • Azure Data Lake Storage Gen1 (superseded by Gen2) and Storage Queue • Box • Citrix ShareFile • Dropbox • Egnyte • GateScanner CDR • GoAnywhere Command • Google Cloud Storage, Drive, and Translate • JAMS • Jenkins • Microsoft Dynamics 365 Business Central, 365 CRM, OneDrive, Sharepoint Online and Sharepoint On-Premise • OPSWAT MetaDefender • Salesforce • ServiceNow • SMA OpCon Scheduler • SOS Berlin JobScheduler (Online version not supported) • Trello • Veeva CRM • Votiro • Webdocs • Zendesk (Online version not supported) Cloud Connectors can integrate with available on-premise and online versions of third-party software unless otherwise noted. How to Configure Cloud Connectors Once a Cloud Connector is installed, you can configure the connection properties as a GoAnywhere Resource. With this resource, you only need to specify the connection once before being able to seamlessly reuse it in any of your workflows and cloud file transfers. A Cloud Connector definition contains the various actions required to communicate with cloud applications. For example: authentication logging file transfer file management and error handling. In GoAnywhere, these actions appear as elements located under the Cloud Connector in the GoAnywhere Project Designer. Elements can be incorporated into your workflows alongside other project tasks, and processes can even be automated between multiple web and cloud services at once. New GoAnywhere connectors can be downloaded without needing to update the software. No Connector? No problem! While GoAnywhere Marketplace contains a broad array of Cloud Connectors, you may also want to connect to a unique external service. Custom connectors are the answer! At Generic Systems Australia, we can design and develop Custom Connectors for you, using GoAnywhere’s Cloud Connector Designer. If you’d like to discuss how your organisation’s file transfers to external cloud providers can be made more efficient and secure, please feel to contact our Business Manager, Bradley Copson (mail to: bradley@gensys.com.au ). He’s always happy to have an obligation-free discussion, explain how simply we can transition you from outdated software and approaches, and offer you a zero-cost Proof of Concept. Generic Systems Australia Your Local Experts in Managed File Transfer #MFT #managedfiletransfer #securefiletransfer #sft #cybersecurity #datatransfer Previous Next

< News MFT as Middleware…?! 5 Feb 2025 Enterprise customers are increasingly seeking middleware that enables them to secure and streamline connections between their internal systems and external third-party services. Fortra’s GoAnywhere MFT helps fulfil that need. Integration without Security spells danger Most modern enterprises find themselves balancing the flow of information between complex internal systems and external cloud services. But on both sides of the corporate firewall, there is a shared need for corporate data to be transferred securely and efficiently. “Extract Transfer Load” (ETL) solutions process data and store data in a common internal warehouse. “Enterprise Service Buses” (ESBs) act as a hub providing overall visibility and control over the flow of data and services across different applications. However, neither of these tools specialise in security - an especially critical consideration when dealing with third parties. As security and integration are where current solutions fall flat or fail to provide a unified answer, enterprises are left to look for new models to bridge the gap. GoAnywhere steps up Fortra’s GoAnywhere MFT is not your traditional limited MFT solution. It operates as a lightweight ETL, a functional ESB, and as an efficient MFT platform. What sets GoAnywhere apart from other tools is its focus on security. And in that way, it’s one of the only tools on the market today that can fulfil enterprises’ nascent need for secure and efficient data flows within and outside their organisations. Secure Management, Integration, Automation GoAnywhere provides many of the same automation and integration features as ETL, ESB, and Enterprise Application Integration solutions, enabling enterprises to connect their internal resources with cloud resources and third parties such as: Banks and credit card providers Financial data providers Foreign exchange markets Retirement and pension systems If required, GoAnywhere MFT can perform a middleware role, integrating with an organisation’s existing ETL solution and acting as a managing solution which connects systems, secures communications and integrates. Enterprise-level Security Even when enterprises have dedicated ETL solutions in place, GoAnywhere can fit right in to boost the security of data file transfers. It provides a full range of security layers and controls to protect the exchanged data which no other integration solution can offer. A secure architecture is deployed thanks to a multi-tier solution, including the GoAnywhere Gateway as a reverse proxy on the DMZ, isolating exchanged data from threats on the internet. A Secure ICAP Gateway - a deep content inspection engine – can also be built in, a security tier preventing malicious content infiltrating through third-party interfaces. GoAnywhere’s proactive security has been further enhanced through integration with the Fortra Threat Brain , a massive threat intelligence database which continuously identifies and blocks incoming IPs with bad reputations or malicious intent befor e those threats can enter an organisation. Connect Cloud and On-Prem Applications A final differentiator that makes GoAnywhere a standout in the enterprise middleware space is its ability to connect both on-premises systems and cloud-based applications. GoAnywhere goes beyond what a typical SaaS middleware application can do. For instance, if you offer a middleware platform as a SaaS solution, a lot of organisations still have different on-prem applications in addition to their legacy systems, segmented networks, private and public cloud-based systems and external interfaces with their trading partners. Having yet another SaaS platform makes it challenging to interconnect all these on-prem and cloud data points. However, GoAnywhere can secure file transfers and centralise them across cloud, on-premises, hybrid, or SaaS environments. It isn’t confined to one or the other. Consolidate, downshift, simplify, and streamline For enterprises looking to boost their efficiency and streamline their operations (and that’s all enterprises!) the right middleware can make all the difference. GoAnywhere MT offers more than a typical MFT. With GoAnywhere, enterprises can create a flexible, scalable, high-performance middleware platform to securely: transfer at speeds up to 10 Gbps interface with a wide variety of systems, applications and cloud services protect files from malware get zero trust protection, no matter where files travel, and keep data out of the DMZ. GoAnywhere as Middleware Consistently declared to be the world’s leading MFT , GoAnywhere is renowned for its robust security features, flexibility, and ability to work where and how you need it. For enterprises, that’s becoming the space between all the moving parts. Local Expert Help At Generic Systems Australia , we have many years of experience helping Australian and New Zealand IT teams streamline their file transfers and protect their valuable data with GoAnywhere MFT. From the initial scoping of organisations’ legacy data transfer approaches, through zero-cost Proof of Concepts and hassle-free Migration Services , we help companies stay focused on running their business without disruption as we transition them to more secure approaches. Please feel welcome to contact me for an obligation-free discussion about how GoAnywhere can help your organisation. At Generic Systems Australia, we’re your local experts in Managed File Transfer. Previous Next

< News Tame the File Transfer Time Sink 23 Oct 2023 When asked “How could you get more done at work?”, most people are quick to respond: “Fewer meetings, please!” However, research has revealed that other hidden time sinks may be an even greater drain on our personal productivity. For example: the amount of time lost while team members manually share files and data between themselves. A recent report found that a typical desk worker now uses 11 different applications to complete their tasks. during the course of their working day. According to research by Productiv , most company departments use between 40 and 60 different applications. Company-wide, that number sprawls to more than 200 apps. IT tools are designed to enhance our collaboration and productivity. But when different parts of a business adopt different tools, with different file formats, it opens up a black hole of time-wasting file translation and transference across the entire organisation. So, how can we help our employees spend more time productively contributing to the organisation, and less time on the drudge work of wrangling files…? Ideally, we can work to rein in the proliferation of apps across our organisations, standardising on a common set of enterprise IT tools. But that can be easier said than done. It takes time – and even some business risk – to wean teams off their familiar tools and train them on new ones. Until then, a Managed File Transfer (MFT) solution can help . With GoAnywhere MFT, data can be translated to and from a variety of widely-used formats without having to write cumbersome scripts or programs. Its comprehensive Extract, Transform, and Load features enable data values to be mapped, formatted and modified between source and target files automatically. Even better, GoAnywhere's secure collaboration features make connecting and sharing between employees easier and faster - even when they’re mobile. Features include an intuitive browser-based web client for performing ad-hoc file transfers, enterprise file sync and sharing using GoDrive, and a handy mobile application for moving files quickly while on-the-go. The benefits of using an advanced MFT like GoAnywhere continue well beyond the point where your team has happily standardised on common enterprise tools. The same flexibility and automations that enabled your team to eliminate their internal productivity time sink are just as useful in improving your interactions with customers and supply chain partners. Time to Tame This Time Sink? If you’d like to discuss how GoAnywhere MFT could help boost your organisation’s productivity and bottom line, please feel free to contact me ( bradley@gensys.com.au ) for an obligation-free discussion, or read more at Generic Systems Australia . Bradley Copson Business Manager Generic Systems Australia Previous Next

< News ‘Cyber Trust’ needed to tap EOFY splurge 25 June 2024 Australians are shifting their End of Financial Year (EOFY) shopping focus to online deals and security, as they spend an estimated $10.1B in EOFY sales this month. New research from PayPal indicates that 38% of Australians plan to participate in EOFY sales this year. 42% of those say they will primarily shop online. Despite the growing trend of online shopping, almost all Australians (93%) are concerned about online security. Fake retail sites have begun to use generative AI to appear more convincing, and 40% of Australians are more concerned about their online security now than they were a year ago. Implications for Retailers Growing customer anxiety about e-commerce makes it more important than ever before for companies to establish trust in the security of their systems. With customers beginning to question the security of a company’s systems before handing over credit card and other information, companies need to be able to provide reassurance - and proof – that their transactions and personal data will indeed be secure. In fact, actively promoting the security of company systems may even become a point of positive marketing differentiation for companies that get ahead of these concerns. Earning Customer Trust A proactive and layered strategy for storing, transferring and securing data is essential for storing customer data, and effecting online transactions. Secure managed file transfer, secure content engines, secure digital rights management, and employee education combine to create the optimal way to prevent data theft and cyber breaches. At Generic Systems Australia , we recommend the class-leading secure managed file transfer solution, GoAnywhere MFT , to keep data safe - at rest, and in transit. Coupled with our Advanced Threat Protection Bundle , we enable organisations to safely store and transmit only the customer data they intend, without exposing their systems to malware. If you’d like to learn more about how to earn potential customers’ trust in your data handling practices through layered cyber defences, please feel welcome to get in touch with me, Bradley Copson ( mailto:bradley@gensys.com.au ). I’m always happy to have an obligation-free discussion, and even offer you a zero-cost Proof of Concept. At Generic Systems Australia , we’re your Local Experts in Secure Managed File Transfer. Previous Next

< News New Cyber Laws Impose New Business Obligations 16 Oct 2024 Australia’s federal government last week introduced much-anticipated legislation to parliament which will revolutionise Australia’s cyber security preparedness. If passed as expected, the new laws will impose new compliance and reporting requirements on local businesses. Govt Intent Designed to protect businesses and consumers from the growing scourge of cyber crime, the Cyber Security Act 2024 is Australia’s first standalone cyber security legislation. Introducing the Act, Minister for Cyber Security, Tony Burke, said that – like IT systems themselves - legislation needed to be hardened to protect national security and economic stability. He described the package as providing a clear legislative framework for contemporary, whole-of-economy issues which would identify and respond to new and emerging cyber threats. Seven Initiatives There are seven initiatives under the 2023-2030 Australian Cyber Security Strategy which collectively address gaps in current legislation to: Mandate minimum cyber security standards for smart devices; Introduce mandatory ransomware reporting for certain businesses to report ransom payments; Introduce a ‘limited use’ obligation for the National Cyber Security Coordinator and the Australian Signals Directorate; and Establish a Cyber Incident Review Board. SOCI Reforms The legislation will also progress and implement reforms under the Security of Critical Infrastructure Act 2018 (SOCI Act): Clarifying existing obligations in relation to systems holding business critical data; Simplifying information sharing across industry and Government; Introducing Government powers to direct entities to address serious deficiencies within their risk management programs; and Moving regulation for the security of telecommunications into the SOCI Act. The SOCI Act reforms will also expand current Government assistance measures to ensure Government can step in as a last resort to manage the consequences of significant incidents. Govt Empowered Changes to government assistance measures will empower the Government to gather information or direct entities to take or refrain from certain actions, on authorisation from the Minister for Home Affairs, in response to a serious incident. Characterising the legislation as a significant step towards his government’s vision of becoming a world leader in cyber security by 2030, Tony Burke said: “We know government has to lead the way on cyber, but we also know we can’t do it alone. This is why these new laws have been consulted extensively with business. “To achieve Australia’s vision of being a world leader in cyber security by 2030, we need the unified effort of government, industry and the community.” New Business Obligations Legal firm A&O Shearman cautioned that the new Cyber Bill will introduce several new critical areas of compliance and reporting. It said businesses must take heed of these new obligations, and ensure they put in place robust cyber security measures. • Ransomware Reporting Obligations : Entities impacted by cyber security incidents and making ransomware payments must report these payments within 72 hours. The aim of this obligation is to improve the detection and response to ransomware incidents, thereby reducing their impact. Failure to report can result in civil penalties. • Security Standards for Smart Devices : The Cyber Bill mandates that manufacturers and suppliers of smart devices comply with specified security standards. This is crucial for businesses involved in the production or distribution of smart devices. Non-compliance can result in compliance notices, stop notices, and recall notices. These measures are designed to ensure that smart devices are secure and do not pose a risk to users. • Protected or Limited Use of Incident Information : The Cyber Bill includes provisions to ensure that information provided about cyber security incidents is used or disclosed only for permitted purposes, with strict limitations on using this information for civil or regulatory actions against the reporting entity. • Cyber Incident Review Board : The Cyber Bill establishes a Cyber Incident Review Board tasked with reviewing certain cyber security incidents and making recommendations. The Board has the authority to request and require documents from entities. Non-compliance may result in civil penalties. A&O Shearman said organisations should make sure they implement security standards in compliance with the specified security measures currently provided for in the Cyber Bill, and make sure they can comply with the ransomware reporting obligations, including the timelines foreseen in the Cyber Bill. Meeting New Requirements Criminal syndicates target organisations which haven’t adequately protected their data transfers and systems access. Defending against them requires a multi-layered strategy which includes robust data transfer protection, multifactor authentication and employee training. Managed File Transfer (MFT) solutions such as the class-leading GoAnywhere MFT encrypt data at rest and in transit, complying with the highest data security standards - including the US’s and Europe’s stringent HIPAA, HITECH, PCI DSS, SOX, and GDPR. MFT manages inbound and outbound file transfers across an organisation, using industry-standard file transfer protocols such as SFTP, FTPS, and AS2 to send files securely, and encryption standards such as Open PGP and AES to protect data in transit and at rest. GoAnywhere MFT also provides audit reports, which will help organisations meet new reporting and compliance needs. All file transfer and administrator activity is stored and easily searchable. To help organisations report on file transfer activity and remain compliant with the new legislation, these audit logs can be automatically generated and provided as PDFs. Advanced Threat Protection and Adaptive Loss Prevention add a further layer of defence. SFT Threat Protection enables safe collaboration with external parties, preventing malware from entering an organisation, and reducing the risk of employees losing or mishandling sensitive data. Local Expertise on Hand Generic Systems Australia are your local experts in Managed File Transfer solutions. We’ve assisted dozens of organisations across the Asia-Pacific region to secure their data and keep cybercriminals at bay. If you’d like to discuss improving your cybersecurity, please feel welcome to contact me , Bradley Copson. I’m always happy to have an obligation-free discussion, explain how simply we can transition you from outdated software and approaches, and offer you a zero-cost Proof of Concept. Previous Next

< News Moving on from MOVEit 20 Oct 2023 Your Choice of MFT Matters Many organisations across the Asia-Pacific region are replacing their outdated MOVEit-based Managed File Transfer (MFT) systems with Forta’s advanced GoAnywhere suite . In this article, I’ll explain why. There are plenty of options when it comes to selecting a file transfer solution… from free, unsecure methods to the fully-featured marketplace leader. But as cybercrime has continued to surge, companies have increasingly realised how essential it’s become to secure their data transfers, maintaining a ‘circle of trust’ with their customers and supply chains. Additionally, companies have been searching for ways to boost their bottom lines through greater efficiency. The true cost – in terms of lost productivity - of outdated manual file transfer approaches has come into sharper focus. Business leaders are realising that their MFT solutions, which may have once met historic needs, are no longer enough . Superior Security Recent cybersecurity incursions make “Robust Security” top of mind for those seeking a better MFT solution. GoAnywhere MFT takes all aspects of data security seriously, protecting your sensitive data both “in motion” and “at rest”. Maintaining GoAnywhere’s security and compliance product leadership is a primary focus for its development team, who stay across the latest security standards to ensure up-to-date compliance with regulations, frameworks, and standards. Beyond Windows Organisations managing multiple operating systems soon encounter the constraints of MOVEit’s Windows-only solution. GoAnywhere flexibly supports any protocol, any platform, and any deployment, including Microsoft Azure, AWS, Linux, and more. The Need for Speed Included in GoAnywhere is GoFast, a file transfer acceleration protocol which can transmit data considerably faster than traditional FTP. The patented technology in GoFast takes the best of UDP’s speed and adds reliability and rate control, providing GoAnywhere with speed MOVEit can’t match. Drag & Drop Workflows Scripting – as required by MOVEit for some tasks - is clunky, time consuming and confusing for non-expert users. Through its breadth of Automated Workflows capabilities, GoAnywhere enables end users to quickly and easily build workflows. Manual and automated tasks can even be combined into one master workflow. Further, GoAnywhere provides easy reporting on partner Service Level Agreements, alerting you to any workflow issues before your trading partners do. Easy Centralised Control MOVEit requires you to install two products (MOVEit Automation and MOVEit Transfer) to enable full MFT functionality. Most users prefer GoAnywhere’s centralised, browser-based dashboard - an intuitive “one stop shop” for managing file transfers. Advanced Auditability GoAnywhere not only moves and shares data securely, it also provides full auditability of transfers. Logging full audit trails of all user events and file activity, it can also generate reports of file transfer activity, user statistics, and completed jobs – all from within its central management console. And.. Beyond the advantages above, former MOVEit users are often delighted to discover GoAnywhere’s advanced capabilities in: High availability and clustering, providing true active-active support and load balancing to distribute workloads across multiple systems; Remote agents - lightweight applications managed through the GoAnywhere interface which enable configuring and scheduling of file transfers throughout an enterprise; and Secure Forms - customised forms or files that which contain data other tasks can automatically process. Want to see a Better MFT in Action? If you’d like to discuss how GoAnywhere could help boost organisations’ security, efficiency and bottom line, please feel free to contact me ( bradley@gensys.com.au ) for an obligation-free discussion. Bradley Copson Business Manager Generic Systems Australia Previous Next

< News New Cyber Laws Passed – What Australian Businesses Need to Know and Do 27 Nov 2024 Earlier this week, the Australian Parliament passed a suite of legislative reforms designed to enhance Australia’s cyber security. The reforms include a raft of new requirements and obligations on Australian businesses. About the Legislation Based on recommendations by the Parliamentary Joint Committee on Intelligence and Security, the new legislation addresses a number of proposals initially set out in Australia’s 2023 – 2030 Cyber Security Strategy, and spans three separate Acts: 1. the Cyber Security Act 2024 (Cyber Security Act); 2. the Intelligence Services and Other Legislation Amendment (Cyber Security) Act 2024 ; and 3. the Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Act 2024 (SOCI Amendment Act). Mandatory reporting of ransom payments, and the introduction of a new voluntary information sharing regime, will have the most immediate impact on organisations. Mandatory Reporting of Ransomware Payments Ransomware attacks are rife across Australia. The Australian Signals Directorate (ASD) reported that this form of cyber extortion accounted for 11% of all cyber incidents to it in 2023-2024, up from 8% in the previous year. The Government had previously pursued a ban on ransom payments. However, its position has since moderated somewhat. The Cyber Security Act only requires organisations to report ransomware payments to the Department of Home Affairs and the ASD. This new reporting obligation will commence at latest six months after the Act receives royal assent (potentially earlier by proclamation) and applies broadly to: · organisations which are a responsible entity for a critical infrastructure asset; and · other private sector organisations which conduct business in Australia with an annual turnover exceeding a threshold (to be specified - likely to be A$3M). Ransomware reports are required to be made within 72 hours of making a payment (not the receipt of a demand or the discovery of a ransomware attack). Difficult Decisions The requirement to report payments will need to be taken into account by Boards when considering whether to pay a ransom. The Government’s general view on ransoms continues to be that organisations should not pay them. It reasons that payments don’t guarantee the recovery or confidentiality of stolen data, but do encourage cyber attacks to proliferate. Organisations in receipt of ransom demands are left to ponder several competing considerations… · Paying a ransom could potentially contravene sanctions (such as the one imposed on Aleksandr Ermakov, the individual responsible for the 2022 Medibank data breach) or anti-money laundering laws. · Company Directors fulfilling the duty of care to act in the best interests of their organisation will need to balance the risks of payment - commercial damage, incentive to re-target, uncertainty of data recovery – against the risks of not paying - loss of systems data, reputational damage, third party claims, lost customers and business disruption. If a ransom payment is made, then the new mandatory reporting obligation will be in addition to other applicable reporting requirements an organisation is subject to. These could include the Privacy Act 1988 , the SOCI Act , and continuous disclosure obligations under the ASX Listing Rules and CPS 234. In fact, it’s important that Cyber Incident Response plans developed by organisations specifically address these overlapping requirements, taking into account the various regulators and timeframes of each. Be aware that, for any entities regulated under the SOCI Act , it’s also conceivable that the Government could use its directions power to direct an entity to pay - or not pay - a ransom. An organisation which fails to comply with mandatory ransom reporting will incur a civil penalty of 60 penalty units (currently A$93,900). Voluntary reporting regime A new National Cyber Security Coordinator (NCSC) is being established under the Cyber Security Act to lead a whole-of-government response to significant cyber security incidents. The Act provides a framework for the voluntary disclosure of information by any organisation operating in Australia, or any responsible entity under the SOCI Act , to the NCSC relating to cyber security incidents. However, it imposes various limitations on how the NCSC may further use and disclose information voluntarily provided by entities, depending on the significance of the incident. Non-significant cyber security incidents: Information can be used for limited purposes such as directing the reporting entity to assistance services, coordinating a government response, and informing Ministers. Significant cyber security incidents: Information can be used for broader ‘Permitted Cyber Security Purposes’. These include preventing or mitigating risks to critical infrastructure or national security, and supporting intelligence or enforcement agencies. A cyber security incident is deemed “significant” if: there is a material risk that the incident has seriously prejudiced, is seriously prejudicing or could reasonably be expected to prejudice the social or economic stability of Australia or its people, the defence of Australia or national security; or the incident is, or could reasonably be expected to be, of serious concern to the Australian people. Information voluntarily provided by organisations to the NCSC is subject to limited use protections similar to those which apply to information disclosed as part of a ransomware payment report. The new voluntary reporting regime and corresponding limited use protection has come into immediate effect. Limited use protection The Cyber Security Act outlines how businesses should work with the NCSC and other government agencies to obtain assistance and guidance when responding to cyber incidents. It also provides businesses with certain limited use protections when collaborating with the government’s cyber security agencies - a legislative foundation for the CISA Traffic Light Protocol government agencies have recently offered when assisting organisations. Such protections were requested by business lobby groups. They provided feedback during the public consultation period that disclosing information about a data breach could risk exposing an organisation to further regulatory or enforcement action, adverse publicity and litigation. Further, if disclosing a cyber incident was determined to be against an organisation’s best interests, its directors could potentially be in breach of their duties in approving the disclosure. That could in turn expose directors to enforcement action from ASIC. Counterweighing these concerns, the Government believes that sharing information on current threats and incidents can help other organisations avoid similar incidents. In balancing these competing interests, the Cyber Security Act limits the purposes for which information contained in a ransomware payment report or voluntarily report provided to the NCSC can be used or disclosed. The NCSC (and any Government agency it coordinates with) cannot record, use or disclose the information provided for the purposes of investigating or enforcing or assisting in the investigation or enforcement of any contravention of a Commonwealth, State or Territory law. An important exemption from the limited use protections are that crimes and breaches of the limited use protections created by the Act. In this way, the protections stop short of being a full “safe harbour”. Information provided under these protections isn’t admissible in evidence against the disclosing entity, including criminal, civil penalty and civil proceedings (including a breach of the common law). And the provision of information to the NSCS does not affect any claim of legal professional privilege over the information contained in that information. These limited use protections will be of value to organisations disclosing information to the Government about cyber incidents. However, directors should bear in mind the notable gaps in the protection they provide. For example: Information provided can’t be used or disclosed for the purposes of investigating or enforcing any contravention by the reporting entity of another law (whether federal, state or territory), other than a law that imposes a penalty or sanction for a criminal offence. This means that if the ransomware report indicates that a payment was made in breach of relevant sanctions laws, then the limited use protection will not prevent the use of the report in a subsequent investigation or enforcement action. While information provided to the NCSC cannot be obtained from the NSCS by regulators or government agencies, the protection offered under this Act does not prevent regulators from obtaining the underlying information through other means, including via regulatory investigatory powers or where provided under other mandatory reporting regimes, such as those in the Privacy Act 1988 , the SOCI Act, the Telecommunications Act 1997 and the ASX Listing Rules continuous disclosure obligations. So, cyber incident notifications provided to the ACSC under the SOCI Act are not captured by the limited use protection, even if that information is also voluntarily provided to the NCSC or detailed in a mandatory ransomware report. A similar limited use protection has been introduced via the Intelligence Services and Other Legislation Amendment (Cyber Security) Act 2024 for cyber incident information voluntarily shared with the ASD. Other Inclusions in the Legislation This article has focused on developments within the new Cyber Security legislative reforms which will most impact companies and organisations. However, in the interests of completeness, here is a brief overview of other key developments covered in the legislation: Mandated Security Standards for Internet of Things (IOT) Devices. These standards will be detailed in legislative rules, with suppliers required to provide a statement of compliance for devices supplied to the Australian market. New Cyber Incident Review Board. This independent advisory body will be empowered to conduct no-fault, post-incident reviews of significant cyber security incidents and provide recommendations and information to both the private and public sector. It will have the power to compel entities to provide information about significant cyber security incidents. Critical Infrastructure definition expanded. Data storage systems which hold business critical data have been added to the definition of critical infrastructure assets. This closes a gap in the regulations which became apparent in the aftermath of the Optus and Medibank data breaches. Expanded Incident Response Powers. The Government will now have the power to direct an entity to take, or not take a specific action, in the event of a cyber incident affecting critical infrastructure. Security and incident notification obligations moved from the Telecommunications Act 1997 to the SOCI Act , consolidating the cyber obligations of telecommunication carriers and carriage service providers under a single piece of legislation. What Organisations Should Do Cyber security response plans should now be reassessed and upgraded to ensure they align to the new mandatory ransomware reporting requirements. Playbooks and procedures should take account of how an organisation plans to engage with cyber security authorities, bearing in mind the extent - and limitations - of the defined limited use protections. Focus on preventing cyber incidents - not just responding to them . A Managed File Transfer (MFT) solution such as GoAnywhere MFT can encrypt data at rest and in transit, complying with the highest data security standards. It manages inbound and outbound file transfers across an organisation, using industry-standard file transfer protocols and encryption to protect your data. Advanced Threat Protection and Adaptive Loss Prevention add a further layer of defence. SFT Threat Protection facilitates safe collaboration with external parties, helping to prevent malware from entering an organisation, and reducing the risk of employees losing or mishandling sensitive data. Finally, organisations should seek professional legal counsel in determining and responding to their obligations and responsibilities under the new Cyber Security legislative reforms. The information provided in this article has been general in nature, and the interpretations and advice outlined above should not be interpreted as professional legal advice. Previous Next

< News Time for a Summer Software Deal? 1 Dec 2023 It's December, and many Australian businesses will soon start winding down ahead of well-deserved holidays.But did you know, this can also be a great time to negotiate a sweet deal on an enterprise software solution?Much of the world's enterprise software is sold by US-based companies, who follow a calendar accounting year. December is the final month for them to achieve their full-year sales targets, stretch bonuses, etc . So: strike while the iron - and season - is hot... Use your negotiating advantage to squeeze a special deal on that new software solution you've been eyeing.Of course, if that solution happens to be GoAnywhere MFT - the world's leading Managed File Transfer solution - then reach out to me, and we can apply the summer squeeze together! 😉 Previous Next

< News The Hardest Question About Your Organisation’s Cybersecurity 18 June 2024 It’s the question every IT manager dreads. “How did you let this happen?!” And the worst time to be asked it is after your organisation has become the latest victim of a cybercrime. Here’s how to avoid it ever being asked… Anxiety Rising Boardroom anxiety about the protection of customer data has been growing across the country. High profile incidents such as the ransomware attacks on Optus and Medibank Private have sensitised the senior leaders to both the risks and costs of negligence. CEOs and CIOs are being quizzed: “Is our organisation doing enough to avoid becoming the next negative headline?” Incidents Rising The most recent report by the Australian Signals Directorate (ASD) showed that cyber attacks are happening far more frequently. On average, a new report is received every six minutes - a 23% increase year on year. One in 5 critical vulnerabilities was exploited within a mere 48 hours. The ASD warned that cybercriminals are constantly evolving their operations against Australian organisations, fuelled by a global industry of access brokers and extortionists. Thousands of businesses failed to fulfil their obligation to protect sensitive customer data, and millions of Australians had their information leaked on the dark web. Costs Rising Also troubling the C-suite is that the costs to businesses of “cyber negligence” are escalating rapidly. The ASD says the cost of cybercrime to businesses has increased by 14% compared to the previous financial year. However, direct financial losses are just one part of the broader costs of “cyber negligence”. For example, Medibank Private’s share price plunged more than 20% in the weeks following its loss of the personal information of 9.7m Australians. The company is facing class actions by both shareholders and consumers alleging breaches of the company’s duty of care to protect consumer information, manage risks and make timely disclosures to shareholders. Optus Communications saw its customer growth halved after its systems were breached. A class action by Slater and Gordon alleges that “Optus failed to protect, or take reasonable steps to protect, the personal information of its current and former customers”. In response to rising consumer concerns, Australia’s Attorney-General, Mark Dreyfus, has flagged “better laws to regulate how companies manage the huge amount of data they collect, and bigger penalties to incentivise better behaviour”. Reflecting the growing risks and costs of cybercrime, cyber insurance premiums are also rising. Email: the Critical Vulnerability According to the Australian Signals Directorate, Business Email Compromise (BEC) remains a key vector for conducting cybercrime. A form of email fraud, cybercriminals target organisations and scam them out of money or goods by tricking employees into revealing important business information, often by impersonating trusted senders. BEC can also involve a cybercriminal gaining access to a business email address and then sending out spear phishing emails to clients and customers for information or payment. IT Managers Stepping Up Responding to these trends, responsible IT Managers are increasingly focussed on preventing their organisations from becoming the next headline victim of cybercrime. In a survey conducted recently by Tenable, IT leaders said that, while the ability to respond to and recover from cyber incidents remained essential, they’re now focusing more on preventing such incidents altogether. The Best Answer to the Hard Question A proactive and layered strategy for storing, transferring and securing data is essential for keeping cyberthieves at bay. Secure managed file transfer, secure content engines, secure digital rights management, and employee education combine to create the optimal way to prevent data theft and cyber breaches. At Generic Systems Australia , we recommend the class-leading secure managed file transfer solution, GoAnywhere MFT , to keep data safe - at rest, and in transit. Coupled with our Advanced Threat Protection Bundle , we enable organisations to safely collaborate without exposing their systems to the risk of malware gaining a foothold within their IT systems. Seamless integration between GoAnywhere MFT and the Clearswift Secure ICAP Gateway provides anti-virus and malware protection, deep inspection of the content inspection, adaptive data loss prevention, and media type protection. Together, they provide three key defences. 1. Prevents file containing malware from being shared. GoAnywhere provides easy anti-virus protection through the Secure ICAP Gateway to scan all inbound file transfers. It can also detect and automatically strip out active content like embedded malware, triggered executables, scripts, or macros used to extract or hold sensitive data hostage. Advanced Threat Protection “sanitises” files and emails without delaying delivery, guarding against today's leading malware and ransomware (e.g. CryptoLocker, CryptoWall, TorrentLocker, Dridex Dyre, BlackEnergy, etc.) and tomorrow's even more sophisticated threat variants. 2. Blocks sensitive data from being shared. Files with Personal Identifiable Information or other sensitive data can be prevented from being transferred. GoAnywhere Threat Protection can inspect file contents, then stop and block files from being shared, based on policies you define. 3. Redacts sensitive information from files before transfer. Advanced Threat Protection can ensure sensitive data is neither transmitted nor received, detecting and/or removing geotags, document properties, email addresses, and other metadata from documents, and replacing sensitive text with asterisks. Using Optical Character Recognition, it can even remove text contained in scanned images. No question: 'Prevention' is Better than 'Cure' Cyber attacks are inevitable . However, falling victim to them is optional . If you’d like to learn more, and be able to comprehensively reassure your Board about the steps you’ve taken to protect your business’s data, reputation and bottom line, please feel welcome to get in touch with me, Bradley Copson ( mailto:bradley@gensys.com.au ). I’m always happy to have an obligation-free discussion, and even offer you a zero-cost Proof of Concept. At Generic Systems Australia , we’re your Local Experts in Secure Managed File Transfer. Previous Next