October is Cyber Security Awareness Month, and we’ve spent the past four weeks breaking down the big security challenges facing Australian organisations.
If you missed any of our posts on LinkedIn, or if you just want everything in one place, here’s your complete guide to the four key actions every organisation should be thinking about right now.
Week 1: You Can’t Defend What You Can’t See
The issue: Event logging and visibility
Think of event logging as your security camera system for digital activity. Without it, you’re operating blind.
Cybercriminals are using “Living off the Land” (LOTL) techniques, hiding their attacks inside legitimate system tools that your traditional security software trusts. It’s like a burglar wearing a uniform and using your tools so nobody questions their presence.
Without proper event logging, these attacks are completely invisible. It means you won’t see critical configuration changes, unauthorised access attempts, suspicious patterns, or the breadcrumb trail you need to investigate incidents.
What to do:
Implement event logging that captures the right events, stores them securely, and monitors them for actual threats. This gives you visibility into what’s really happening in your systems.
The challenge for smaller organisations is to not drown in alerts or consume resources you don’t have. Focus on logging critical systems first and work with partners like us who can help you interpret what you’re seeing.
Week 2: Old Technology Lets Threats Thrive
The issue: Legacy technology creating vulnerabilities
Legacy technology means outdated hardware and software that’s no longer supported by vendors. The longer you delay addressing it, the more vulnerable you become.
Why it’s dangerous:
- Unsupported systems don’t receive security patches when new vulnerabilities are discovered.
- Older systems can’t support modern security tools, creating gaps in your defences.
- Legacy tech lacks proper logging and monitoring capabilities.
- Compliance standards increasingly require up-to-date, supported systems.
What to do:
The most effective strategy is replacement. Identify your legacy systems, prioritise based on risk and business criticality, and create a realistic replacement roadmap.
If immediate replacement isn’t feasible, implement temporary risk mitigation:
- Network segmentation to isolate legacy systems from critical data
- Enhanced logging and monitoring to detect suspicious activity
- Strict access controls limiting who can interact with vulnerable systems
- Regular backups ensuring you can recover if something goes wrong
Prevention is always cheaper than recovering from a breach involving compromised legacy systems.
Week 3: Manage Supply Chain Risk
The issue: Your supplier’s weak security becomes your problem
Think about your supply chain: software vendors, cloud services, hardware manufacturers, and logistics providers. How confident are you about their cybersecurity?
Organisations invest heavily in their own security defences but then invite risk through their supply chain. A breach at a vendor becomes a breach in your network. Malware in a third-party tool becomes malware in your systems.
When you use a supplier’s product or service, you inherit their security posture. This is especially critical for nonprofits and small businesses that often lack resources to detect or respond to supply chain compromises quickly.
What to do:
Build an effective supply chain security strategy:
Know your supply chain –> Map every vendor, service provider, and third party that connects to your systems or handles your data.
Understand the risks –-> Not all suppliers carry equal risk. A cloud infrastructure provider handling sensitive data presents different risks than an office supply vendor.
Set clear expectations –> Your contracts should explicitly address security requirements, standards, certifications, and breach protocols.
Audit for compliance –-> Verify through audits, assessments, or third-party certifications that suppliers are doing what they promised.
Monitor and improve –-> Regularly review suppliers’ security posture and stay informed of breaches in your supply chain.
You don’t need to become a security expert in every vendor relationship, but you do need visibility and accountability.
Week 4: Prepare Now for Post-Quantum Cryptography
The issue: Quantum computing will break current encryption
Cryptographically relevant quantum computers (CRQCs) are coming, and when they arrive, they’ll render common public-key encryption protocols obsolete. The secure communication you’re counting on today could become vulnerable tomorrow.
The Australian Government is urging all organisations to prepare by 2030. That might sound far away, but transitioning your entire encryption infrastructure isn’t something you do overnight.
What’s at stake:
The encryption protecting your sensitive data, secure communications, financial transactions, and client information will become vulnerable once quantum computers reach sufficient capability. What’s worse, threat actors are already harvesting encrypted data now to decrypt it later. It’s a strategy called “harvest now, decrypt later”.
What to do:
Follow the LATICE Framework for transitioning to post-quantum cryptography:
Locate and catalogue –> Map where you’re using traditional encryption (SSL/TLS certificates, VPN connections, digital signatures, secure messaging).
Assess value and sensitivity –> Prioritise based on what data systems protect and how long it needs to remain confidential.
Triage and prioritise –> Create a roadmap addressing highest-risk systems first, then work through lower-priority systems systematically.
Implement post-quantum algorithms –> As vendors release quantum-resistant solutions, begin implementing them across your systems.
Communicate and educate –> Your team, vendors, and stakeholders need to understand what’s changing and why.
You don’t need to become a quantum physics expert, but you do need to start planning now.
The Common Thread: Start Now, Build Systematically
The solutions presented are not quick fixes. They don’t happen overnight, and none of them can wait until the last minute.
Event logging requires planning what to capture and how to monitor it effectively.
Legacy technology replacement needs careful assessment, prioritisation, and phased implementation.
Supply chain security demands ongoing vendor management and relationship building.
Post-quantum preparation involves understanding current dependencies before you can transition to new solutions.
The organisations that navigate these challenges successfully are the ones that start early, take systematic steps, and build security into their operations rather than treating it as an afterthought.
Your Next Steps
If these four areas feel overwhelming, remember: you don’t have to tackle everything at once. Start with an honest assessment of where you are:
Visibility –> Can you see what’s happening in your systems?
Infrastructure –> Are you running unsupported technology?
Supply chain –> Do you know your vendors’ security postures?
Future readiness –> Are you planning for post-quantum cryptography?
Pick one area that represents your highest risk or greatest vulnerability, and begin there. Small, consistent steps compound into significant protection over time.
The Shield’s Edge: Looking Ahead
Cyber Security Awareness Month might be ending, but the threats we’ve discussed aren’t going anywhere. Event logging, legacy technology, supply chain risk, and quantum computing aren’t one-time concerns – they’re ongoing aspects of running a secure organisation in 2025 and beyond.
The good news? You don’t have to navigate these challenges alone. We’re here to guide you through the process.
Are you ready to move from awareness to action? Let’s discuss where your organisation stands on these four critical areas and what practical steps will work for your specific situation.
Cyber Security Awareness Month is just the beginning. Building genuine resilience is the work that happens next.
Found this insightful? Share it with your network!
Leave a Reply