Cythera earns ISO 27001 & upgrades cybersecurity services
Cythera has achieved ISO 27001 certification and announced enhancements to its Managed Detection and Response (MDR) service.
The Melbourne-based cybersecurity service provider revealed that attaining ISO 27001 certification reflects its dedication to maintaining the highest standards in information security management. Cythera also disclosed noteworthy developments in its MDR service, aimed at offering increased protection and support to businesses amidst evolving cyber threats.
Craig Joyce, Cythera's Director, stated, "Our customers demand it and have a low tolerance for security providers and technologies that experience product faults or cybersecurity breaches. As a security provider, we need to lead by example and be best in class. This certification then helps our customers streamline the procurement process and sets a clear expectation that we prioritise our own internal security."
The certification process involved a thorough analysis of all business operations within Cythera. According to Ben Cuthbert, Co-Founder and Services Director, "Unlike others who only certify portions of their business, we put everything in scope – sales, technology, tools, and platforms. We mapped policies and controls to cover the entire scope and then enforced them as a standard, subjecting ourselves to multiple external audits."
Cuthbert further acknowledged the challenges in achieving this certification, noting, "The real challenge lies in getting the whole organisation's tooling, people, processes, and controls up to the same standard. It's easy to get a team or part of the organisation up to a level, but achieving consistency across the whole company is where organisations will struggle the most."
Cythera's ISO 27001 certification benefits its clients significantly, as Tim Sank, Co-Founder and Sales Director, articulated, "It builds standards in safeguarding information and continuously uplifts those standards, meaning our customers are continually in safe hands. It also sets consistency and quality of outcomes for our customers' security response, demonstrating best practices in cyber that are externally audited."
In tandem with the ISO 27001 achievement, Cythera has enhanced its MDR service with significant investments in automation capabilities, which allows for more streamlined operations and expedited incident response managed by an onshore team of Australian-based experts.
Cuthbert highlighted the enhancements by stating, "We've opened up our automation capabilities to our customers. If we detect a threat, we can now take immediate action, such as disabling an account, containing a machine while we do forensics, or reaching out to firewalls to block IP ranges."
Joyce pointed out that their MDR service is distinguishing itself from standard MDR technology products through a personalised approach and human expertise. He commented, "Our service is entirely onshore staffed, not outsourced. Each account has a named lead analyst, providing a personal touch and demonstrating deep domain knowledge. We ensure this context is rolled into our service, so we're aware of all the moving parts of their business."
Sank mentioned the transparency aspect of Cythera's MDR offering, stating, "Everything is recorded, and there's nowhere to hide, and we serve up security information to our customers' key stakeholders at a moment's notice. Our service is also expansive; it's not limited to one area. If there's a problem within a Microsoft environment, for example, we have the skills to address it or redirect services. We check configurations without interrupting the customer."
Joyce additionally remarked on the cooperative nature of their service, noting, "It's a much more collaborative service, rather than an offshore ticketing system. Customers get a service where they're dealing with someone onshore who understands how they work and the commercial environment of our country. They also get access to a team of specialists, regardless of the time of day."
Real-world impact of the MDR service has been noticed, as Cuthbert explained, "We've seen organisations turn on tools like Microsoft Sentinel and realise it's far more complex than they imagined and that they are at the behest of an offshore inexperienced and rotating support team. In actual fact, they need 24/7 coverage and a known analyst team who learns about their company, and that's where our service comes in. We provide the expertise and support they need to effectively manage their security posture reliably."