Security update

In 2024, operators of critical infrastructure and organisations that service critical infrastructure faced a surge in cyberattacks amidst escalating geopolitical tensions. According to the Australian Signals Directorate’s (ASD) 2024 Annual Cyber Threat Report, state-sponsored actors persistently targeted essential sectors like energy, healthcare, and telecommunications, employing sophisticated tactics such as zero-day exploits and custom malware. Notably, this year, the Australian government repeatedly warned Australian companies about Chinese-sponsored threat actors specifically targeting western (and Australian) critical infrastructure.

Given that we at Mipela service the critical infrastructure sector, staying ahead in our cybersecurity efforts is of paramount importance. The threat is real, and we must do what we can to protect both ourselves and our customers.

We are staying on top of cyber threats through automated patching; enforced device compliance for access to company resources; and security training for our team on the latest phishing techniques. Central to our approach is our robust Security Information and Event Management (SIEM) system and Security Operations Centre (SOC), operated in collaboration with Fortian, our trusted Australian cybersecurity partner.

Our SIEM collects and analyses logs from across our business systems in real-time, enabling us to detect and respond swiftly to emerging threats. Unlike conventional SOCs that rely heavily on generic vendor-provided detections, our SOC employs a tailored, threat-informed methodology. This approach ensures that our detection capabilities align closely with our unique threat profile. For example, in 2024, the ASD reported a campaign by Iranian threat actors targeting Australian critical infrastructure through brute force and MFA fatigue attacks originating from specific VPN IP addresses. Within hours of this disclosure, our SOC conducted a comprehensive threat hunt to identify potential indicators of compromise within our environment. New analytic rules were deployed promptly, ensuring continuous monitoring for these activities on an hourly basis.

By combining strict access controls, a partnership with a leading cyber security provider, and a tailored threat-informed approach, we aim to ensure that Mipela remains secure in a hostile digital landscape where critical infrastructure and their suppliers remain at constant risk.

Christmas trading hours

Staying Ahead of Key Security Concerns for Asset Owners

In today’s digital landscape, asset owners, particularly those managing critical infrastructure, face an increasing variety of security threats. Recent reports from leading security providers highlight the growing prevalence of ransomware attacks and their severe impact on critical infrastructure industries like energy, utilities, and financial services. In Australia, cyberattacks such as brute force attacks, compromised credentials, and unpatched vulnerabilities are the top causes of security breaches. In particular, energy and utility organisations, can be vulnerable due to their reliance on older technology, while IT and telecommunication companies often fall victim to brute force attacks despite strong identity controls.

At Mipela, we understand these risks and proactively address them through our X-Info Suite of products and robust security processes. Our approach includes multi-layered security measures, such as AES-256 encryption for data at rest and TLS/HTTPS protocols for data in transit, ensuring the protection of sensitive information. We operate our own Security Information and Event Management (SIEM) and Security Operations Centre (SOC) to monitor our systems and client data in real time. In partnership with Fortian, a leading Australian company specialising in cybersecurity, privacy, and technology risk management, we implement centralised logging and advanced monitoring to swiftly detect and respond to potential security threats. Fortian’s team brings deep technical expertise, supporting our commitment to comprehensive data security.

Additionally, our security practices include vulnerability assessments, testing, and monthly automated patching to identify and mitigate risks and keep our systems up to date. Our solution further emphasises identity based controls through OAuth2 integration with Azure Entra ID, ensuring secure and efficient user access.

By adopting these comprehensive security practices and leveraging Fortian’s industry-leading expertise, we not only address key security concerns, but also position ourselves as a trusted partner for asset owners. This approach sets us apart from competitors, safeguarding critical infrastructure assets against the evolving threat landscape.