Equifax launches Red Paper and cybersecurity checklist to support CISOs with addressing emerging threats

SYDNEY – 10 January 2022 – Increasingly sophisticated cybercrime threats in Australia are encouraging organisations to evolve their security culture, reporting structures and level of preparedness, according to a new Red Paper released today by global data, analytics and technology company Equifax. 

Australian corporates reported cybercrime-related losses worth more than $33 billion, with a cyber-attack happening every eight minutes over the 2021-21 financial year, according to the Australian Cyber Security Centre (ACSC).

Equifax gathered a panel of cybersecurity experts from the global and Australian business community to have a critical discussion on global and local best practices to help protect organisations from security threats. The result of the conversation is the Equifax Red Paper “Exploiting humans: the new insider threat in cybersecurity,” which examines the human faces of the problem, the evolving role and responsibility of Chief Information Security Officers (CISOs) and how shaping a cyber-aware security culture within organisations are integral to minimising the growing threat of cybercrime in Australia.

Equifax’s panel discussion included John Yates, Director of Security, Scentre Group; Catherine Buhler, CISO, Energy Australia; Jamil Farshchi, CISO, Equifax Group/Global; and Wayne Williamson, CISO, Equifax Australia & New Zealand; and was moderated by James Turner, Founder, CISO Lens.

“Cybercrime is a $33 billion people issue, and there is an increased sophistication of attacks exploiting the human link, including advanced ransomware crimes, internal staff being manipulated by threat actors, and cybercriminals exploiting gaps in critical systems. It’s important that organisations are looking closely at the human elements of the threat and human elements of the corporate response,” said Wayne Williamson, CISO, Equifax Australia & New Zealand.

The Red Paper coincides with the launch of Equifax’s cybersecurity checklist, aimed at helping current and future CISOs manage the human elements of their cybersecurity and insider threat programs. The checklist includes nine key elements:

  • Tailor your strategy
  • Talk about risk and the size of the risk
  • Get buy-in from the top
  • Talk to the whole team
  • Sell the message
  • Have a plan. Prepare to change it.
  • Assess the intelligence
  • Train behaviour
  • Collaborate

“It’s a testament to businesses’ growing awareness of the critical importance of cybersecurity that CISO roles entered the picture five or six years ago with more force, but many CISOs haven’t yet had the liberty of time to establish robust, best-practice cyber risk mitigation programs within their organisations,” continued Wayne Williamson.

“Cybersecurity preparedness is ever-evolving, and the responsibility lies with the entire organisation, not just CISOs, to address cyber risks head-on. Common themes emerged from our conversations with security leaders at the top of their field: namely, involving a business’ security culture driven from the top and conducting threat assessments on people and technology remain core principles to managing these risks.”

The Red Paper contributors and panellists agreed that having a seat at the table during board level discussions was becoming increasingly important in designing robust security measures and embedding cybersecurity culture into an organisation’s DNA.

“At Scentre Group, we’ve come on a very fast journey in terms of cyber over the last five years. We now have a pretty mature outlook really led by the CEO,” said John Yates, Director of Security, Scentre Group.

“Resources don’t necessarily follow just because you’ve identified a problem. But if you have the ear of senior leaders, then you’ve got a much better chance they’ll understand where the investment is needed from a security perspective and why they need to inject it in early, rather than doing the dreadful thing of retrofitting later.”

The launch of this Red Paper captures a growing, urgent conversation within different industries to determine how CISOs, CTOs, C-Suite executives and boardrooms are continuously evolving their cyber strategy to account for both the nuances of industry-specific impacts in the event of a cyberattack and the emergence of new cyber threats that span internal and external, human-led and technology-driven triggers.

“EnergyAustralia is an energy retailer and generator with 2.4 million customer accounts. Our customers share their personal information with us and trust us to handle their data like it’s our own. Our approach to cybersecurity is aimed at preventing an incident. We continually apply recommendations made by the experts, combining protections for customers, our people and our assets. The recent Equifax panel provided a fantastic opportunity for sharing knowledge between different industries and even countries in a collective effort to prevent cybercrime,” said Catherine Buhler, CISO (Group Security) at EnergyAustralia. 

For more information, download the Equifax Red Paper “Exploiting humans: the new insider threat in cybersecurity” here: https://solutions.equifax.com.au/red-paper-cyber


At Equifax (NYSE: EFX), we believe knowledge drives progress. As a global data, analytics, and technology company, we play an essential role in the global economy by helping financial institutions, companies, employees, and government agencies make critical decisions with greater confidence. Our unique blend of differentiated data, analytics, and cloud technology drive insights to power decisions to move people forward. Headquartered in Atlanta and supported by more than 11,000 employees worldwide, Equifax operates or has investments in 25 countries in North America, Central and South America, Europe, and the Asia Pacific region. For more information, visit www.equifax.com.au or follow the company’s news on LinkedIn.




Purpose of Equifax media releases:

The information in this release does not constitute legal, accounting or other professional financial advice. The information may change, and Equifax does not guarantee its currency or accuracy. To the extent permitted by law, Equifax specifically excludes all liability or responsibility for any loss or damage arising out of reliance on information in this release and the data in this report, including any consequential or indirect loss, loss of profit, loss of revenue or loss of business opportunity. 


Related Posts

Commercial credit demand improving, but small business owners continue to bear the brunt of difficult market conditions

Read more