On Friday (July 19, 2024), CrowdStrike’s 'Falcon' product was sent an automatic remote content update for Microsoft Windows hosts (which it does on a regular basis). Unfortunately, the update had a defect. When uploaded, the defect triggered widescale failures of computers and systems with Microsoft operating systems that were online. This is being described as the largest IT outage in history.  How has this affected VeroGuard? The VeroGuard Platform was  not  affected by the CrowdStrike-caused outage and has continued to operate normally. Our customers using the VeroGuard verification services continue to use our services without interruption. For any customer whose PCs or laptops were impacted during the period that their devices were compromised as they tried to find workarounds, customers could, nonetheless, continue to use VeroGuard without needing to worry about downstream attacks on their users’ credentials or ID's, because the VeroGuard Platform operates independently of other cloud services and remains vigilant even if a device is compromised. A shift to stronger identity protection rather than reliance on detection models CrowdStrike is embedded software detection that works with a computer’s operating system, essentially watching and assessing code to determine if a cyber threat is present.  As each new variant of a threat is developed by an adversary, CrowdStrike must identify the threat and update their application.  The VeroGuard Platform works 'out of band' as the guardian rather than the detector. As such, the VeroGuard Platform rarely needs updates, which typically are functional improvements and not a reaction to each new threat. Fundamentally, the VeroGuard Platform is designed and built to defend the primary attack surfaces (over 95% of all attacks), which are identity and credentials.  Regardless of the source or type of attack, VeroGuard will stop the adversary from gaining control or executing actions in a system or network. In practical terms, the majority of cyber breaches over the past two years either started with a credential breach or had lateral movement using credentials acquired inside the network after the breach. An outage that raises many questions. CrowdStrike has said that the global outage was not caused by a cyber-attack, but the release of a defective update. The big questions by journalists and industry experts have included: the nature, robustness and effectiveness of testing procedures for updates and patches on cloud systems; the risk of concentration of internet services, and the impact when one of them has a major outage; and the potentially catastrophic impact of a mega cybersecurity breach to critical infrastructure and services. is a global defect-caused outage better than a global cyber breach? (i.e.: speed to deploy updates) The World Economic Forum has stated that, in 2023, the economic impact from cybercrime was over US$8 trillion and, by 2027, the impact is forecast to rise to over US$24 trillion. Time for a new approach Given the clear unprecedented impact of the CrowdStrike outage and the questions that it has raised around the design, robustness and assumptions underlying global IT infrastructure protection, it is clear that a new approach to cybersecurity is needed. The new approach needs to: improve an organisations' and individuals’ security online from credential and ID compromise; not be largely dependent on centralised detection software and services that are clearly under increasing pressures and can cause major global disruptions to systems and networks when that pressure leads to mistakes; be able to operate in a distributed way like bank switches, whereby a single failure does not bring down multiple industries and geographies; protect identity and credentials at all times, regardless of the choice of environment (cloud, on-premise or hybrid) and the status of the applications, network and systems; and not result in widespread scamming each time a new incident occurs by improving the verification of both parties in all high value transactions. The VeroGuard Platform addresses these issues. #VeroGuard #DigitalIdentity #DigitalID #identity #cybersecurity #cybercrime  Want to discuss how VeroGuard can change your organisations cyber-protection profile? Contact Us using the form below. Originally published on LinkedIn 22 July 2024

Published on Defence Connect 17 Feb 2023 Opinion: Recent national concerns about the risk of installed Chinese-manufactured security cameras at sensitive government sites have exposed the tip of an iceberg, explains cyber security and IT industry veteran Nic Nuske. The ensuing political debate also repeated the mistaken belief that Australia has no manufacturing capacity that delivers quality surveillance with no risk to data. Let’s start with the government’s response of “remove the cameras” and “review their installation”. Removing Chinese-made cameras will eliminate manufactured threats in those devices. It is not going far enough, however, when it comes to addressing the cyber risks inherent to connecting any camera or device to the internet. Raising the profile of these serious threats to business and government warrants endorsement, first, to prevent declines in public confidence, and second, to encourage local solutions. Positive action to remediate or remove the cameras warrants applause. Replacing the cameras now is an important security action for Australia. However, for the purposes of long-term strategies, it is critical to understand that threats embedded at the time of manufacture are not the only risks to cameras and other devices exposed to the internet. For example, Chinese hackers exploit more zero-day threats in devices made outside China than any other group. Cyber security weaknesses inherent to machines plague device and equipment manufacturers and are being regularly exploited by bad actors. As we connect more and more devices to the internet in the name of productivity, efficiency, and mobility, we are witnessing an exponential increase in cyber threats and breaches that exploit device security irrelevant of the place of manufacture. It is well documented that many devices (machines and sensors) have little or insufficient security to protect against increasingly sophisticated crime.  The Office of the Australian Information Commissioner reported last year that there were 853 notifiable data breaches in 2021–22. Around 20 per cent of those were in health service providers, followed by finance, legal and accounting, education and Australian government agencies. The list shows that data breaches have become ever-present with some jaw-dropping losses of data. The Australian Cyber Security Centre’s latest threat report shows the centre received more than 76,000 cyber crime reports in the 2022 financial year, up 13 per cent on the previous year. That’s one attack every seven minutes, on average. The cost of dealing with cyber attacks, as Optus and Medibank have discovered, is huge. Video surveillance systems bring with them some extra challenges to cyber security including an additional layer of abstraction (the visual layer), however many of the cyber issues for machines are common to any device, machine, or sensor connecting with the internet. The possible risks embedded at the time of manufacture (intentional or not) can lead to and/or compound many other risks. The most common threats to devices exposed to online connections can be summarised as follows: Protection of passwords and credentials. Secure and timely updates and delivery of firmware and other patches to machines. Networks and protocols that don’t have robust, end-to-end hardware-based encryption. The use of mobile apps to access data and control devices. A lack of processing capacity in the device to perform effective encryption of communications. Emerging capability by organisations to identify and track all devices connected to their network impacting deployment and management of cyber security to all endpoints. When cameras and other devices, along with their control systems, connect to the internet, they become a “weak link” that can allow hackers to take control of the device and its functions and/or infiltrate an entire IT system.  Yet it is inevitable that cameras, surveillance systems, and other devices will be connected to the internet at some time. AI and BI will rely on data gathering and exchange to be effective. Cloud services are changing the economics and dynamics for IT and OT systems. One Australian company tackling these issues head-on is VeroGuard Systems, which has developed the world’s first identity and communications platform that utilises hardware security module (HSM) identity management and communications on open networks for any device or machine. The advanced, secure platform has been developed in Australia. Adding further to the company’s sovereign status is that it manufactures products at its Edinburgh, South Australia facility. One of the products, VeroMod, is an HSM that can connect with any camera, device, or machine. VeroMods, operating with the certified VeroGuard platform, provide any machine with an ultra-secure digital ID. The solution delivers military-grade protection of the ID and verified zero-trust access to or from the connected machine. VeroMod also takes on the cryptographic workload for devices communicating at “secret” and above levels. The company has also embedded an HSM into its Australian-built cameras. This eliminates any risks of breaches to the camera, its data, or systems, even when the connections are direct-to-the-internet. The company’s chairman and co-CEO, H Daniel Elbaum, says, “We have for the first time brought a technology to open networks that eliminates identity and security risks to any machine including surveillance systems”. The company’s VeroMod and cameras connect to the VeroGuard platform, which has been certified Common Criteria for access on open networks by the Australian Cyber Security Centre and is a global one-of-a-kind. Removing Chinese-made security cameras can eliminate their embedded threats, however, security vulnerabilities will continue to be uncovered in the peripheral connectivity, software VPNs, and even the devices themselves. These all represent significant attack surfaces for threat actors looking to exploit these systems and are urgently in need of actions to prevent the growing threats inherent to connecting machines to the internet. There is a solution, and it’s Australian made.

VeroGuard Chief Executive Nic Nuske interviewed on Sky News on April 27th 2024 says everyone is “being impacted” by “some sort of cybercrime”. “Either directly or someone they know,” Mr Nuske said. On average, one cybercrime is reported every six minutes, with ransomware and breaches causing billions of dollars in damages to the Australian economy. “The estimates that we have from the analysts are telling us that there’s almost $US8 trillion worth of economic impact from cybercrimes every year. That’s anticipated to grow to $US23.8 trillion by 2027.” Watch the full interview https://www.skynews.com.au/australia-news/crime/everyone-being-impacted-by-some-sort-of-cybercrime/video/94051b10ab15ded93771428ffe190dc0

Iain Moore Head of Commercialisation Iain has 20 years of experience in business planning, execution of strategy and business growth for large and complex organisations, as well as customer experience improvement programs and cost base transformation. His extensive career includes senior commercial and financial leadership roles working for Global IT firm EDS, Telstra Mid-Market, Small Business & Telstra Country Wide and in FMCG. He holds a CPA and is Company Director accredited (GAICD). Duncan Savage Enterprise Architect Duncan has broad industry experience, having worked in technology, identity and payments projects across the private and public sectors. Prior to joining VeroGuard as the key technical customer interface, Duncan’s experience included 3 years managing the Victorian transport ticketing system (myki) and 7 years in transactional banking at Westpac. Duncan holds a B.Eng (Hons) and Diploma of Project Management Brett Heaven Manufacturing Plant Manager Brett has been employed in the manufacturing sector since 1995, 10 years working for a tier 2 automotive supplier, followed by 13 years employed by a Japanese tier 1 automotive component supplier to Holden and Toyota. Employed at VeroGuard since January 2018 setting up manufacturing processes and facilities. Rod Tasker Technical Product Manager Rod has a successful track record in defining, designing and driving profitable product innovation and business change based on an in-depth appreciation of business and technology. Rod’s achievements include the delivery of strategic plans for banking business units, developing an enterprise Sales and Service architecture, leading the development of a global internet payment service, and developing a variety of e-Banking and e-Payment products. Rod holds a BA, BSc, Grad Dip Banking & Finance and GAICD Graham Farrar Principal Architect As a software architect, Graham has been instrumental in the development of several ground-breaking technologies in the finance and digital security industries. Some notable examples of these achievements include the first ATM reciprocity network in Australia as well as the first stand-alone wireless EFTPOS terminal certified by a bank in Australia. Graham's 35 year career in IT has been characterised by adapting to different areas of technology and the ability to learn quickly in order to develop robust software that can be successfully deployed into a production environment. Graham holds a Bachelor of Applied Science Degree (7-7-81) from Swinburne Institute of Technology (now Swinburne University of Technology), majoring in Computer Science and Instrumental Science (analogue and digital electronics). This included 12 months as a technical assistant at CSIRO. Executives Roseanne has over 20 years experience in strategic advisory and investment banking. She has also held CEO, executive and advisory positions in public, private and equity backed organisations. Roseanne is an accomplished Director and Board Chair and is currently a non-executive director with a number of organisations, including the Murray Darling Basin Commission. Roseanne holds a Bachelor of Economics/Arts; and a Master of Business Research (Commerce) and MBA from the University of Adelaide. She also holds a Bachelor of Laws at the University of Adelaide and is a graduate of the AICD (International). Chairman and Non-Executive Director Roseanne Healy Nic is a highly experienced executive with over 30 years of experience in the fields of IT, logistics and identity. He has led one of IBMs global divisions in the role of Vice President for Growth Markets, as well as holding several other key roles over a 25 year career with IBM. These include Vice President Global Financing for Asia Pacific and Managing Director on one of IBM’s largest global accounts -Telstra. Nic has served on a number of IT committees and was Chair of the Australian Information Industry Association for Western Australia. CEO and Director Nic Nuske David is a leading Australian corporate lawyer with extensive experience across a wide range of projects and transactions. Over the course of a 30 year career, he has developed a comprehensive knowledge of corporate law as it pertains to any number of industries. He has held key positions at several pre-eminent firms, including Partner at Allion Partners, Sydney. He has also served as National Head of Corporate at Holding Redlich, amongst other appointments. David is a specialist at mergers & acquisitions, capital management, project structuring and transaction management. Company Secretary and Director David Walker Other Executives

VeroGuard Platform a technology of this generation Solutions VeroGuard stops unauthorised access to systems and data. Addressing the rapid growth of cybercrime requires new solutions. The power of indisputable identity verification will change the way you think about digital security. Whether you’re looking for increased protection against fraud, the ability to restrict access to data based on identity, or simply a means to lower operating costs, VeroGuard has the solution. People Machines Data Protection Products VeroGuard is a security platform that powers a variety of unique cyber security products. From the most secure portable digital identity solution available to unparalleled cloud-based data security, VeroGuard secures your digital world. Explore the whole range and discover a product to suit your needs. VeroVault VeroMod VeroCard Purpose How Who Indisputable proof of identity for all online and digital communications. Bank-to-bank grade security for internet and cloud. VeroGuard stops unauthorised access to cyber systems and data. Enjoy complete online confidence with the power of indisputable identity verification. It’s a simple and familiar way to provide absolute protection from digital fraud for all people, devices, transactions and data. No transmission of identifying data. No known source of encryption. Protect online data and communications with the sophistication of Defence level technology. VeroGuard is a unique online platform that provides out-of-band black box security modules for authentication, encryption and communications at both ends of every online transaction. The VeroGuard platform enables online authentication and encrypted transmission across fixed and mobile networks, providing the same level of security as the ATM network. With over 100 years of combined experience in the fields of network security and digital commerce, no one understands the complexity of online fraud better than the team at VeroGuard Systems. Our staff is comprised of industry leading technical innovators who have helped define the parameters of payment security as it exists today. With the support of former leaders from global IT firms, the VeroGuard team is uniquely qualified to meet this challenge. Why VeroGuard VeroGuard is a complete revolution in digital security that stops unauthorised access to systems and data. It is a unique platform built upon a proprietary, globally patented network providing absolute digital security at a level that no other organisation can offer. The identity protection by VeroGuard utilises out-of-band hardware security modules for authentication, encryption and communications at both ends of every online transaction. This technology is based on the most secure digital protection available anywhere. Until now, this non-repudiable technology has been used almost exclusively for interbank and terrestrial defence applications. VeroGuard is the first and only platform to make indisputable verification possible in online use. The global economic impact of cyber crime is devastating, costing $US1 trillion in 2018 alone. This figure continues to escalate with forecasts suggesting that losses will grow to $US6 trillion as soon as 2021. The effect of cybercrime has severe ramifications beyond these economic concerns as well. Approximately 2.5 billion data records were breached globally between 2013 and 2016, a figure which increased to over 11 billion in the following two years. It is evident that existing solutions have not helped to slow this crisis, let alone end it. Identity fraud is the leading cause of economic losses associated with cybercrime. Indisputable verification of online identity is a critical consideration in any response against this threat. News Whitepapers Our Partners VeroGuard Securing Your Digital World Defence Certified Suitable for Every Organisation Find Out More For Government Take control of access to critical systems and data and enjoy the confidence of absolute protection from identity fraud. A privacy-securing, universal digital identity platform for citizens and staff. Find Out More For Corporate Eliminate doubt and protect your digital assets with the complete confidence of non-repudiable authentication. The best available digital protection for any corporate application. VeroGuard stops unauthorised access to systems and data.

For Government A unified, universal digital identity platform for Government departments accelerates the ability to bring services online for citizens, secures data and improves administrational procedure. Click below to discover how VeroGuard can help to streamline your Government department. Find Out More Find Out More For Corporate Industry leading ID management solutions, secure remote login options for staff and the ability to store your organisation’s data assets with confidence. A single, unified system to achieve all this and more. Get VeroGuard Other Solutions Machines People Data Protection Machine Identity for IoT Vero Machine Identity is a Hardware Security Module (HSM) based solution that provides unparalleled security for IoT devices and applications. The module provides absolute protection for all internet connected devices, including AI/BI engines and tools. It works in conjunction with the VeroGuard network to provide HSM to HSM authentication of device identity. VeroGuard machine identity can be used to secure any type of device and handles the processing load for cryptographic calculations, meaning the IoT machines are not impacted by the security workload. It can be easily embedded into any device without fuss and connects directly to the VeroGuard network to protect both the device itself and any data it transmits. The solution is compatible with existing platforms and requires no upgrade to systems, offering connectivity that includes RJ, CAT, cellular (2G/3/4g/5g) WiFi or BPL/PLC. SOLUTIONS Product: VeroMod Machine ID In order to create an irrefutable identity for any device, VeroMod is simply integrated into the device, or via RJS connection. The machine requests connection and is verified with non-repudiable out of band and hardware encrypted multi factor authentication. At this point, VeroGuard provides HSM to HSM authentication and verification of machine identity, which allows encrypted tunnels to open, connecting machine to machine. All communications are AS 2805/ISO 8583 messaging and VeroMod handles the processing load for cryptographic calculations. Meanwhile, IoT machines are not impacted in any way. Machine ID is tamper resistant, utilises a unique key for every transaction and, with no known source of encryption, exposes no user authentication information. It is a simple and cost effective solution for securing all device data and communications. For more information: VeroGuard Protecting the IoT