This year, Securus Global celebrates 10 years in business.

When we started off, there were very few Australian owned security consulting companies with local businesses mostly reliant upon working with large global vendors who provided security consulting as a side business – very few specialising in information security.

Our aim was always to raise the bar in terms of delivery and value we would provide our clients. We believe we have done that in Australia and also globally – having a growing list of large global clients who have chosen Securus Global over security consulting specialists in their own countries and regions.

We’ve seen the industry grow and change so much in that time and we’re proud that we’re still judged as a leader in our field. If you have never worked with us, give us a call and test us out. From management and strategy services, compliance services through to deep security research analysis and testing, find out why so many companies that have “tested” our services have never gone back to anyone else.

Having been quick to embrace the latest-generation mobile technology, Securus Global now has several years experience in iPhone and Android security testing. Over the years, we have undertaken penetration tests of mobile applications for clients in a variety of sectors, including major Australian financial institutions and media companies whose business depends on their reputation and the security of their data.

Securus Global is experienced in iOS and Android data protection and encryption, having performed years now of assessments for major banks and other mobile application developers to ensure that their customers and their own data remains secure at all times.

Likewise, we have reviewed the Android and iOS platforms themselves, alongside written numerous iOS and Android security standards, SDLC’s and hardening guides for major Australian customers.

Securus Global has also performed closed-source application reviews of both iOS and Android applications as well as on Android and iPhone system software using reverse engineering techniques including:

•     Mobile banking and finance applications
•     Email and enterprise integration applications
•     Remote access clients
•     Multimedia content provider applications

More Information:
Securus Global Mobile Security Testing Services:
http://www.securusglobal.com/services/assessment-and-assurance-services/mobile-application-security-testing/

Securus Global is engaged by our clients to not only test systems they have developed in-house but also systems they have purchased. They want that assurance prior to deploying something into production that it is as secure as it can be.

You cannot rely on a new system being secure just because the sales person told you it is and even more concerning, even security products and applications fall into this category. The scary facts are that in almost 100% of situations where we are testing such systems for clients, we are finding critical vulnerabilities that had our clients deployed the systems would have put their organisations at risk.

More information here:
http://community.securusglobal.com/2013/02/27/faq-security-considerations-for-customised-off-the-shelf-cots-product-security/#more-2708

In the 10 years that Securus Global has been helping protect Australian and Global companies, we’ve found that anything “IT” presents a risk to your organisation. Securus Global is one of few organisations with the capabilities, expertise and experience to test technologies that aren’t the “usual” applications and websites.

Anything you are looking at deploying into your network or accessible from your network both for your own organisation or for your clients should be assessed to properly understand its security posture.

Simply put, new technologies just cannot be effectively tested by automated tools alone and it’s here that the Securus Global team stands out as one of the leaders in the field.

If you are deploying a new system, give us a call.

More information:
Securus Global Penetration Testing Services:
http://www.securusglobal.com/services/assessment-and-assurance-services/product-assurance-testing/

Securus Global Product Assurance Services:
http://www.securusglobal.com/services/assessment-and-assurance-services/product-assurance-assessments/

Each year, the PCI Council forms Special Interest Groups (SIGs) to discuss the standards and their applicability in the ever-changing payment landscape. Over the last few months, the SIGs have released guidance documents on merchant responsibility for cardholder data stored in the cloud, as well as data processed through mobile point-of-sale devices. For those involved in PCI, these documents are well worth reading as they clarify many grey areas and provide tips to secure card data and systems in areas that the current standards still cannot cater for. One such area is using smart phones for payment card acceptance.

At Securus Global we encourage all of our clients to reduce their PCI scope as much as possible, to minimise the risk and the costs associated with maintaining compliance. Like all QSA's, we welcomed the release of the Point-To-Point Encryption (P2PE) standard in 2012 as it allows merchants to de-scope considerable portions of their networks by using P2PE validated solutions. However, they much be remembered, that only dedicated mobile phones or devices can be used for P2PE solutions. Merchants looking for innovative ways to engage customers and improve the shopping experience, can use smart phones that have dedicated hardware attached to encrypt the cardholder data and keep these smart devices out of scope. However, using an application on a smart phone or tablet to process the payment will increase your scope and potentially your risk. It is exactly this scenario that the latest guidelines deal with.

If you are planning to offer or use these types of mobile payment solutions, we recommend you read these guidelines to assist your planning. Alternatively, call your QSA for guidance. It is imperative to understand all the risks and how this project may actually increase your PCI DSS scope, before you start.

Link: https://www.pcisecuritystandards.org

Read More: http://www.securusglobal.com/services/assessment-and-assurance-services/mobile-application-security-testing/

Security as a Competitive Advantage - A Case Study in University Security

In 2011 Securus Global was actively involved in shaking up how security was assessed in Learning Management Systems (LMS) affecting many of the world’s universities. We were indirectly drawn into this as a result of testing we did for an Australian University.

It started with a news article from SC Magazine that came about when Australian universities starting sharing the results of our work which showed serious security issues with student and staff information. This article went global and set off a chain of events that saw the world’s largest LMS developers competing with each other in how well they protected student and staff information.

Original article:
http://www.scmagazine.com.au/News/272215,millions-of-student-exams-tests-and-data-exposed.aspx

The follow-up analysis and ongoing updates are post here. Latest update is from December 2012:
http://www.unitask.com/oracledaily/2012/12/27/open-as-in-transparent-instructure-conducts-2nd-public-security-audit-on-canvas-lms/

If you are responsible for Information Security at a University or other Educational Establishment that uses LMS, please take your time and read through the article and associated links within it. Securus Global continues its work in this field so please give us a call if you wish to discuss this with us.

Debit card usage growing much faster than credit cards

If you haven't yet taken the proper steps to strengthen your company's PCI compliance, new information released by Roy Morgan Research may give you some extra motivation to do so.

According to the latest Roy Morgan Consumer Finance Single Source Survey, total usage of debit cards in Australia is growing much faster than credit cards and even looks set to overtake them.

In the last 12 months through to February 2013, Australians aged 18 years and above reported some 109 million debit card transactions in an average month, compared to 117 million transactions for credit cards.

Read More: http://community.securusglobal.com/2013/04/15/debit-card-usage-growing-much-faster-than-credit-cards/#more-2799

A Pocked SIzed Threat

Companies are increasingly turning to mobile devices for business use as the technology becomes more and more sophisticated, but so is the threat they can pose to firms. Now risk managers are being urged to review their insurance policies to ensure they are adequately covered.

For many companies, increasing exposure to malware (software which is designed to steal information from a computer or mobile device) is likely to be the worst of these risks. The problem of malware designed to target mobile devices has grown exponentially in recent years, with the number of samples recorded per month increasing from 800 in 2011 to 6,300 in 2012, according to Nathan Steuer, business development director of PaRaBaL Inc.

Read full article: http://www.riskmanagementmagazine.com.au/article/a-pocketsized-threat-174391.aspx

Internal Team Blog

“The faster I type my password, the more secret-agenty I feel”

Our new password cracking service…

Securus Global recently implemented a new offline password cracking service that allows us to identify which user accounts have easily ‘crackable’ or guessed passwords. Identifying these accounts is key to an organization’s security, as accounts with weak passwords are an easy way for an attacker to gain a foothold into an organisation’s network. This capability has long been available to malicious hackers, and is now available to our customers as well.

Popular weak passwords:

1. password                       2. 123456                       3. 12345678

Read More: http://community.securusglobal.com/2013/03/27/the-faster-i-type-my-password-the-more-secret-agenty-i-feel/

This year, Securus Global celebrates 10 years in business. To mark the occasion we'll be hosting 'SecurusCon', a one day security event in Sydney, in September 2013. It will hope to bring together some of the most topical security issues, relevant to what our clients are currently facing, with a strong focus on the affect of Social Media on Security.
More information coming soon!