AusCERT2021 Member Organisation of the Year Winner

AusCERT2021 Member Organisation of the Year Winner

We recently had the pleasure of chatting with Daniel Ross and Cody Byrnes from the Australian Taxation Office (ATO) who won the AusCERT Member Organisation of the Year for 2021. Daniel and Cody both opened up about what it is like to be an AusCERT member and how the ATO is dealing with new cyber security issues.

How long has the Australian Taxation Office been an AusCERT Member?

Our membership goes back well over 10 years, and we’re always really pleased to come along to the AusCERT conference each year. This was Cody’s and my first year in attendance and it was an overall fantastic experience.

What value do you get out of the on-going AusCERT membership?

Our membership with AusCERT has been invaluable in helping us successfully respond to the myriad of tax and super scams targeting Australians on a daily basis. The AusCERT Team support us through the takedown of malicious phishing websites, domains and spam email accounts used in these scam campaigns, blocking the ability of the scammers and heavily reducing the number of potential scam victims. Their assistance in sharing the details of these scams with other AusCERT members also broadens our reach in stopping these scams and heightens our ability to detect future scam campaigns.

Congratulations on winning the Member Organisation Of The Year award! What does winning this award mean to you?

Thank you! AusCERT has provided much benefit to ATO over the years. It is great to know that the threat intelligence we share back with them and the broader community is of equal benefit and we appreciate receiving such recognition for this.

What advice would you give other AusCERT members?

Engage and be involved with AusCERT and the community members, and share back what you can, as we are stronger at defending against threats as a community.

What cyber security challenges have you faced this year?

We think we see a lot of similar challenges to other cyber security teams we talk to: making sure we’ve got the right resourcing, tools and skills in an ever-evolving landscape.

One of the more specific challenges we face is protecting the public from ATO themed scams that try to steal their money or personal information. We’ve got a number of preventative strategies in place, as well as rapidly responding to threats as they emerge. This is where we work closely with AusCERT to quickly respond. It’s very easy for a malicious actor to create a domain with ATO or tax in the title, so we need intelligence to identify these and quick response pipelines to de-activate the malicious domain and minimise the risk of a member of the public being compromised.

What do you see as some of the main cyber threats in today’s society?

Patching, scams, and supply chain are recurring common threats in today’s society. We see malicious actors weaponising vulnerabilities before patches have been implemented and therefore patching is still a very effective security mechanism in preventing threats to individuals and organisations alike. Scams continue to be an effective method in circumventing technical controls, and supply chain is increasingly targeted as a method of compromising the clients of the particular chain.