View this email in your browser
Dear Valued Subscriber, 

Welcome to the fifth edition of the Tannhauser Monthly Newsletter, for September 2021. 

The word of the month is “Quantification”. Qualitative assessment for risk analysis (i.e. ordinal scales: red, amber and green traffic light reporting) loses fidelity when viewing combined risk exposure from an enterprise risk lens. Leading organisations have established triage processes for when qualitative vs. quantitative risk analysis is performed at speed to enable the business. We now have adequate levels of experience in modelling and impact/outcome data to support economic prioritisation through cyber risk quantification. 

This month we have collaborated with a large mining company by enhancing their risk assessment process and performed cyber risk quantification to calculate exposure on their top 10 risks. Risk workshops across their key 6 global business units provided unique insights into how the company operates, the business context and cyber risks they face on a daily basis. 

We have completed our Lo-Fi schematic of our Third Party Risk Management Platform: GATE. Next stage is further technical development, seeking customer feedback and completing the seed funding round to accelerate development and start marketing the product.

Steve has now completed the 9-week SME Surge program, from Agility Shift. This was aimed at existing businesses with international high growth potential and ambitions. The program will conclude with a formal presentation of the business plan developed over the course of the program at an event later this month. 

Carl has been busy with the FAIR Institute Perth Chapter this month, video of the session is linked below. Make sure to attend the next session in November: Cyber Insurance Panel. Alongside this community initiative, this month Carl has supported one of our clients in the legal profession to define their Cyber Security Strategy and business objectives for the next 3 years.  

Paul and Joel, our Work Integrated Learning (WIL) students, from Edith Cowan University (ECU) have continued to support research and development into our risk assessment product (RUNNER) whilst getting hands-on cyber security consulting experience at client sites. 

Tara, our new Cyber Security Consultant (GRC) has now officially joined the Tannhauser team, read her bio at the end of this newsletter. We are continuing to grow our team to meet client demands, our next hire will be focused on cyber assurance testing. There will be a number of roles coming live in the coming months, keep an eye out on our careers page.

Best Regards,

Michael Woods
Founder & CEO Tannhauser
Each month we ask a question with the results published in our monthly newsletter

IBM has released their 17th Annual Cost of a Data Breach Report

What if a criminal broke into your house and didn’t leave? Further, what if they were able to leave the back door open and remove your treasures without your knowledge? Even worse, what if this happened for over 200 days straight without you realising?

Strengthening Australia’s Cyber Security Regulations & Incentives
It was my privilege to host an outstanding panel for the August meeting for the Perth Chapter of the FAIR Institute.

Cloud Security
With Cloud vulnerabilities again in the news this week, we present our best-practice guidance to help ensure your environment is appropriately secured.

First weeks - Tara’s Experience
On August 16th 2021, I started my job at Tannhauser as their newest cyber security consultant (GRC). Coming in as a recent mathematics and statistics graduate, still studying my Graduate Certificate of Cyber Security part-time, and having never had a full-time job before, I really did not know what to expect at all!

Email Security Review
Case Study
A client had observed an increase in the volume of spam email messages they were receiving, and asked us to review their email system configuration.

  • More than a thousand web apps mistakenly exposed 38 million records
    on the open internet, including data from a number of Covid-19 contact tracing platforms, vaccination sign-ups, job application portals, and employee databases. The data included a range of sensitive information, from people’s phone numbers and home addresses to social security numbers and Covid-19 vaccination status. WIRED
  • 21 August: The U.S. State Department was recently hit by a cyber attack, and notifications of a possible serious breach were made by the Department of Defense Cyber Command. Reuters.
  • 23 August: Office of the Australian Information Commissioner (OAIC) Notifiable Data Breaches (NDB) scheme report for the period from 1 January to 30 June 2021. OAIC
  • 30 August: Melbourne council crippled by cyber attack
    Stonnington council has been paralysed by a cyber attack, leaving hundreds of staff with no work and more than 100,000 residents impacted
    Herald Sun
Other News
  • The Cryptocurrency Surveillance Provision Buried in the Infrastructure Bill is a Disaster for Digital Privacy EFF
  • The ACCC is taking Telstra, Optus and TPG to court, hoping to exact a large enough penalty to prevent future misleading conduct. The consumer watchdog is suing Telstra, Optus and TPG over allegations the three telco operators misled hundreds of thousands of customers over NBN speeds. The Sydney Morning Herald
  • Among the many long-term costs of the rapid fall of the Afghan government and the swift withdrawal of U.S. diplomatic and military personnel, count this one: Troves of sensitive U.S. government data are surely being left behind in the nation now under Taliban control. The Washington Post
  • How Australian far-right extremists fundraise online. The Australian Strategic Policy Institute Blog
  • EY tries ‘grow-your-own’ cyber specialists as salaries surge. The consulting giant is responding to the jump in demand for cyber security specialists by re-skilling its underused professionals and offering sky-high compensation of up to $360,000 a year. AFR
  • An audit of three Western Australian state government entities found none were consistently meeting all the criteria of an effective and efficient staff exit management process, with access to premises and IT systems not cancelled within 24 hours of staff leaving or, in some cases, at all. ZDNet
  • Nazis and incels are using Gotye and MGMT to evade TikTok's auto-moderators, report finds. ABC
Forward look at legislation, regulation or other threats and opportunities ahead.
Cyber adversaries around the world will be targeting this year’s census, which is certain to come under attack again, cyber security experts say. It’s just a matter of how well the lessons of 2016 have been learnt and whether measures taken by the ABS to protect against a repeat performance will prove to be effective. Government News

The volume of cyber intrusion activity globally soared in the first half of 2021, jumping 125% compared with the same period last year, according to Accenture's Cyber Investigations, Forensics & Response midyear update. TechRepublic

All event details are kept up to date on our website:

Risk Management Institute of Australasia - Odyssey:  9th September 2021

Western Australia Internal Audit Conference 2021, 16 - 17 September 2021, Duxton Hotel: 

​​Cancer200 Quiz Night (Fundraising event): 17th September 2021 (The Palms Community Centre, Subiaco):

BSides Perth 2021  September 18th, 2021 (Hacker Conference):

Roy Hill Indigenous Emerging Business Forum: 24th September 2021:

AISA PerthSEC, Friday 15 October 2021:

ISACA SecureIT Conference 2021 28th October 2021:

WA Mining Conference Wed 22 - The 23 Sept, Perth Convention and Exhibition Centre: 

ACISP 2021 The 26th Australasian Conference on  Information Security and Privacy, 1 - 3 December 2021 Perth, Australia:
Our job opportunities are kept up to date on our website:

Tara is our most recent hire, joining the Tannhauser team in mid-August. Tara is currently pursuing a Graduate Certificate of Cyber Security at ECU, and holds a Bachelor of Science degree in Mathematics & Statistics, with a second-major in Italian Studies from UWA. Tara’s interests within cyber security include governance, risk and compliance, as well as a fascination with cryptography. Her interest in cryptography, and subsequently cyber security, stemmed from a university mathematics project analysing the potential threat to current encryption caused by the development of quantum cryptography. Outside of work, Tara enjoys learning different languages - modern and classical, as well as playing the flute and social dancing. In her time with Tannhauser so far, she has seen and contributed to our day-to-day operations, and hopes to develop her professional skills to set up a promising future as a cyber security consultant.


Your feedback matters to us, to ensure we are providing value in our services, newsletters, or resources, please take a few minutes to leave your feedback on Google.

From your browser, log into your Google account and search for Tannhauser. Find the review button under the Tannhauser name in the side box. Click on the number of stars and write about your experience. Click "Post" when you're done.

From the Google Maps application on your phone, search for Tannhauser. Find the review section at the bottom. Click on the number of stars and write about your experience. Click "Post" when you're done.

About Tannhauser
Tannhauser is a cyber security and privacy consultancy. Our team specialise in Cyber Security Strategy Consulting, virtual Chief Information Security Officer staff augmentation, Cyber Risk Quantification, Cyber Security Assurance, Cyber Resilience, Privacy Engineering and Digital Transformation. Tannhauser, helping Australia to become the safest place to do business online. Security in Sync.

Facebook - Tannhauser
Twitter - tannhausersec
Copyright © 2021 Tannhauser Pty Ltd, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp