$2.5 million. That’s what ASIC has now forced FIIG Securities Limited (FIIG) to pay not simply for suffering a breach, but for failing to maintain adequate cybersecurity controls for more than four years . This isn’t just another breach headline. It’s a regulatory turning point for every Australian Financial Services (AFS) licensee and a warning shot for boards and exec teams still treating cyber as an “IT problem”. In 2026, ASIC has made the message clear: Cyber resilience is now a licence-to-operate issue. What Actually Happened at FIIG According to ASIC, FIIG’s cyber security failures occurred between 13 March 2019 and 8 June 2023 . Those failures worsened the impact of a 2023 cyber attack that saw around 385GB of confidential data stolen and sensitive client information leaked on the dark web. The compromised data included: Driver’s licences Passport information Bank account details Tax File Numbers (TFN...

There’s a new backdoor campaign going around. It’s slick, it’s persistent, and it’s targeting developers — specifically those using Microsoft Visual Studio Code (VS Code) as part of their day-to-day workflow. This one’s coming out of North Korea. And it's not just some throwaway malware — it's part of a broader shift in how state-linked actors are slipping past traditional defences by piggybacking off developer tools and trusted platforms. The Basics: Dev Tools as Attack Vectors Security researchers at Jamf Threat Labs have uncovered the latest iteration of an ongoing campaign (nicknamed Contagious Interview ) that’s weaponising VS Code projects. The method? Attackers instruct targets — usually software engineers — to clone a GitHub, GitLab, or Bitbucket repository and open it in VS Code. They pose as recruiters or hiring managers offering a technical assessment. Once the repo is opened, a malicious tasks.json file is silently executed in the background — taking adv...

  We don’t need more tools. We need fewer excuses. In 2026, the average Australian org is still juggling 40+ cyber vendors. That’s not security — that’s bloat. I’ve worked with CISOs, IT leads and boardrooms across government, enterprise, MSPs and SMBs. The story is the same: “We’ve spent the money. Why aren’t we safer?” Because buying tech isn’t a strategy. And most cyber stacks are built on legacy thinking — not business outcomes. Here’s my breakdown of what stays, what goes, and what’s overhyped in the 2026 cyber landscape. ✅ What Stays: The Non-Negotiables in 2026 These are the core capabilities that actually reduce risk and support business resilience. If you’re missing any of these — fix that first. 1. Identity-Led Security (MFA, SSO, Conditional Access) The perimeter is dead. Identity is the new firewall. Enforce MFA everywhere (not just “important” apps) Enable SSO to reduce credential reuse Use conditional access to stop session hijacks and geododging 🧠 If you don’t con...

Two giants. Two different philosophies. One important decision. Whether you're refreshing a network, rolling out Zero Trust, or trying to simplify your security stack, chances are you've found yourself asking: “Do we go with Cisco — the enterprise veteran — or Fortinet — the integrated security upstart?” It’s not a casual question. The choice between these two vendors can define your architecture, operational model, and support experience for the next 3–5 years. And too often, it’s made for the wrong reasons — legacy bias, partner pressure, or sticker shock. This post unpacks how Fortinet and Cisco stack up for Australian businesses in 2025 , and how to decide what’s right for your org — not just the loudest vendor pitch. 🧭 Why This Comparison Matters in 2025 A few years ago, Cisco was the default. If you were a government agency, big bank, or national retailer, you bought Cisco. Fortinet? Often seen as “good enough” for smaller businesses. But that script has...

Let’s be honest. If you're an Aussie SMB with under 200 staff, the term “SD-WAN” probably doesn’t mean much to you. It sounds technical, complex, and like something only big enterprises should care about. But here’s the thing — SD-WAN isn’t just for the big end of town anymore. If you’re still relying on aging MPLS links, clunky VPNs, or the “it’s always been this way” approach to networking, you’re already behind — and you’re probably paying too much for less performance. This post breaks down what SD-WAN is, why it matters for small and mid-sized businesses, and how it can save you money, boost performance, and get you ready for the cloud-first, security-conscious world we now live in. 🔍 What Is SD-WAN? (In Plain English) Let’s skip the jargon. SD-WAN stands for Software-Defined Wide Area Network . Think of it as the modern way to connect your offices, cloud apps, and remote workers — using cheaper internet links instead of expensive, rigid private circuits. Ol...