- Market services
-
Compliance audits & reviews
Our audit team undertakes the complete range of audits required of Australian accounting laws to help you to help you meet obligations or fulfil best practice procedures.
-
Audit quality
We are fiercely dedicated to quality, use proven and globally tested audit methodologies, and invest in technology and innovation.
-
Financial reporting advisory
Our financial reporting advisory team helps you understand changes in accounting standards, develop strategies and communicate with your stakeholders.
-
Audit advisory
Grant Thornton’s audit advisory team works alongside our clients, providing a full range of reviews and audits required of your business.
-
Corporate tax & advisory
We provide comprehensive corporate tax and advisory service across the full spectrum of the corporate tax process.
-
Private business tax & advisory
We work with private businesses and their leaders on all their business tax and advisory needs.
-
Tax compliance
We work alongside clients to manage all tax compliance needs and identify potential compliance or tax risk issues.
-
Employment tax
We help clients understand and address their employment tax obligations to ensure compliance and optimal tax positioning for their business and employees.
-
International tax
We understand what it means to manage tax issues across multiple jurisdictions, and create effective strategies to address complex challenges.
-
GST, stamp duty & indirect tax
Our deep technical knowledge and practical experience means we can help you manage and minimise the impact of GST and indirect tax, like stamp duty.
-
Tax law
Our team – which includes tax lawyers – helps you understand and implement regulatory requirements for your business.
-
Innovation Incentives
Our national team has extensive experience navigating all aspects of the government grants and research and development tax incentives.
-
Transfer pricing
Transfer pricing is one of the most challenging tax issues. We help clients with all their transfer pricing requirements.
-
Tax digital consulting
We analyse high-volume and unstructured data from multiple sources from our clients to give them actionable insights for complex business problems.
-
Corporate simplification
We provide corporate simplification and managed wind-down advice to help streamline and further improve your business.
-
Superannuation and SMSF
Increasingly, Australians are seeing the benefits, advantages and flexibility of taking control of their own superannuation and retirement planning.
-
Payroll consulting & Award compliance
Many organisations are grappling with a myriad of employee agreements and obligations, resulting in a wide variety of payments to their people.
-
Cyber resilience
The spectrum of cyber risks and threats is now so significant that simply addressing cybersecurity on its own isn’t enough.
-
Internal audit
We provide independent oversight and review of your organisation's control environments to manage key risks, inform good decision-making and improve performance.
-
Financial crime
Our team helps clients navigate and meet their obligations to mitigate crime as well as develop and implement their risk management strategies.
-
Consumer Data Right
Consumer Data Right (CDR) aims to provide Australians with more control over how their data is used and disclosed.
-
Risk management
We enable our clients to achieve their strategic objectives, fulfil their purpose and live their values supported by effective and appropriate risk management.
-
Controls assurance
In Australia, as with other developed economies, regulatory and market expectations regarding corporate transparency continue to increase.
-
Governance
Through fit for purpose governance we enable our clients to make the appropriate decisions on a timely basis.
-
Regulatory compliance
We enable our clients to navigate and meet their regulatory and compliance obligations.
-
Forensic accounting and dispute advisory
Our team advises at all stages of a litigation dispute, taking an independent view while gathering and reviewing evidence and contributing to expert reports.
-
Investigations
Our licensed forensic investigators with domestic and international experience deliver high quality results in the jurisdictions in which you operate.
-
Asset tracing investigations
Our team of specialist forensic accountants and investigators have extensive experience in tracing assets and the flow of funds.
-
Mergers and acquisitions
Our mergers and acquisitions specialists guide you through the whole process to get the deal done and lay the groundwork for long-term success.
-
Acquisition search & strategy
We help clients identify, finance, perform due diligence and execute acquisitions to maximise the growth opportunities of your business.
-
Selling a business
Our M&A team works with clients to achieve a full or partial sale of their business, to ensure achievement of strategic ambitions and optimal outcomes for stakeholders.
-
Operational deal services
Our operational deal services team helps to ensure the greatest possible outcome and value is gained through post merger integration or post acquisition integration.
-
Transaction advisory
Our transaction advisory services support our clients to make informed investment decisions through robust financial due diligence.
-
ESG and sustainability due diligence
As environmental, social, and governance (ESG) considerations become increasingly pivotal for dealmakers in Australia, it is important for investors to feel confident in assessing transactions through an ESG lens.
-
Business valuations
We use our expertise and unique and in-depth methodology to undertake business valuations to help clients meet strategic goals.
-
Tax in mergers & acquisition
We provide expert advice for all M&A taxation aspects to ensure you meet all obligations and are optimally positioned.
-
Corporate finance
We provide effective and strategic corporate finance services across all stages of investments and transactions so clients can better manage costs and maximise returns.
-
Debt advisory
We work closely with clients and lenders to provide holistic debt advisory services so you can raise or manage existing debt to meet your strategic goals.
-
Working capital optimisation
Our proven methodology identifies opportunities to improve your processes and optimise working capital, and we work with to implement changes and monitor their effectiveness.
-
Capital markets
Our team has significant experience in capital markets and helps across every phase of the IPO process.
-
Debt and project finance raising
Backed by our experience accessing full range of available funding types, we work with clients to develop and implement capital raising strategies.
-
Private equity
We provide advice in accessing private equity capital.
-
Financial modelling
Our financial modelling advisory team provides strategic, economic, financial and valuation advice for project types and sizes.
-
Payments advisory
We provide merchants-focused payments advice on all aspects of payment processes and technologies.
-
Voluntary administration & DOCA
We help businesses considering or in voluntary administration to achieve best possible outcomes.
-
Corporate insolvency & liquidation
We help clients facing corporate insolvency to undertake the liquidation process to achieve a fair and orderly company wind up.
-
Complex and international insolvency
As corporate finance specialists, Grant Thornton can help you with raising equity, listings, corporate structuring and compliance.
-
Safe Harbour advisory
Our Safe Harbour Advisory helps directors address requirements for Safe Harbour protection and business turnaround.
-
Bankruptcy and personal insolvency
We help clients make informed choices around bankruptcy and personal insolvency to ensure the best personal and stakeholder outcome.
-
Creditor advisory services
Our credit advisory services team works provides clients with credit management assistance and credit advice to recapture otherwise lost value.
-
Small business restructuring process
We provide expert advice and guidance for businesses that may need to enter or are currently in small business restructuring process.
-
Asset tracing investigations
Our team of specialist forensic accountants and investigators have extensive experience in tracing assets and the flow of funds.
-
Independent business reviews
Does your company need a health check? Grant Thornton’s expert team can help you get to the heart of your issues to drive sustainable growth.
-
Commercial performance
We help clients improve commercial performance, profitability and address challenges after internal or external triggers require a major business model shift.
-
Safe Harbour advisory
Our Safe Harbour advisory helps directors address requirements for Safe Harbour protection and business turnaround.
-
Corporate simplification
We provide corporate simplification and managed wind-down advice to help streamline and further improve your business.
-
Director advisory services
We provide strategic director advisory services in times of business distress to help directors navigate issues and protect their company and themselves from liability.
-
Debt advisory
We work closely with clients and lenders to provide holistic debt advisory services so you can raise or manage existing debt to meet your strategic goals.
-
Business planning & strategy
Our clients can access business planning and strategy advice through our value add business strategy sessions.
-
Private business company secretarial services
We provide company secretarial services and expert advice for private businesses on all company secretarial matters.
-
Outsourced accounting services
We act as a third-party partner to international businesses looking to invest in Australia on your day-to-day finance and accounting needs.
-
Superannuation and SMSF
We provide SMSF advisory services across all aspects of superannuation and associated tax laws to help you protect and grow your wealth.
-
Management reporting
We help you build comprehensive management reporting so that you have key insights as your business grows and changes.
-
Financial reporting
We help with all financial reporting needs, including set up, scaling up, spotting issues and improving efficiency.
-
Forecasting & budgeting
We help you build and maintain a business forecasting and budgeting model for ongoing insights about your business.
-
ATO audit support
Our team of experts provide ATO audit support across the whole process to ensure ATO requirements are met.
-
Family business consulting
Our family business consulting team works with family businesses on running their businesses for continued future success.
-
Private business taxation and structuring
We help private business leaders efficiently structure their organisation for optimal operation and tax compliance.
-
Outsourced CFO services
Our outsourced CFO services provide a full suite of CFO, tax and finance services and advice to help clients manage risk, optimise operations and grow.
-
ESG, sustainability and climate reporting
There is a growing demand for organisations to provide transparency on their commitment to sustainability and disclosure of the nonfinancial impacts of their business activities. Commonly, the responsibility for sustainability and ESG reporting is landing with CFOs and finance teams, requiring a reassessment of a range of reporting processes and controls.
-
ESG, sustainability and climate advisory
With the ESG and sustainability landscape continuing to evolve, we are focussed on helping your business to understand what ESG and sustainability represents and the opportunities and challenges it can provide.
-
ESG, sustainability and climate reporting assurance
As the demand for organisations to prepare information in relation to ESG & sustainability continues to increase, through changes in regulatory requirements or stakeholder expectations, there is a growing need for assurance over the information prepared.
-
ESG and sustainability due diligence
As environmental, social, and governance (ESG) considerations become increasingly pivotal for dealmakers in Australia, it is important for investors to feel confident in assessing transactions through an ESG lens.
-
Management consulting
Our management consulting services team helps you to plan and implement the right strategy to deliver sustainable growth.
-
Financial consulting
We provide financial consulting services to keep your business running so you focus on your clients and reaching strategic goals.
-
China practice
The investment opportunities between Australia and China are well established yet, in recent years, have also diversified.
-
Japan practice
The trading partnership between Japan and Australia is long-standing and increasingly important to both countries’ economies.
-
India practice
It’s an exciting time for Indian and Australian businesses looking to each jurisdiction as part of their growth ambitions.
-
Singapore practice
Our Singapore Practice works alongside Singaporean companies to achieve growth through investment and market expansion into Australia.
-
Vietnam practice
Investment and business opportunities in Vietnam are expanding rapidly, driven by new markets, diverse industries, and Vietnam's growing role in export manufacturing, foreign investment, and strong domestic demand.
-
Report Agribusiness, Food & Beverage Dealtracker 2024Merger & Acquisition (M&A) and equity market activity in the Agribusiness, Food & Beverage (Ag, F&B) sector is undergoing a strategic shift, as investors have become more selective and increasingly cautious in response to global economic uncertainty.
-
Client Alert Government Grants in FY25As we embark on a new financial year, it’s crucial to take a strategic approach to understanding the government grants landscape.
-
Client Alert Consultation on foreign resident CGT rules commencesTreasury is taking steps to ensure fairer tax treatment for foreign resident investors by tightening Australia's foreign resident Capital Gains Tax (CGT) regime. Proposed changes aim to broaden the CGT base and enhance integrity, impacting infrastructure, energy, agriculture, and more.
-
Insight Australian wine export strategies post-China tariff removalFollowing the recent removal of tariffs on Australian wine by China, the industry is keen to rebuild relations and explore the right export markets. This presents Australian wine producers with a chance to reassess their position in the global market.
-
Renewable Energy
Transformation through energy transition
-
Flexibility & benefits
The compelling client experience we’re passionate about creating at Grant Thornton can only be achieved through our people. We’ll encourage you to influence how, when and where you work, and take control of your time.
-
Your career development
At Grant Thornton, we strive to create a culture of continuous learning and growth. Throughout every stage of your career, you’ll to be encouraged and supported to seize opportunities and reach your full potential.
-
Diversity & inclusion
To be able to reach your remarkable, we understand that you need to feel connected and respected as your authentic self – so we listen and strive for deeper understanding of what belonging means.
-
In the community
We’re passionate about making a difference in our communities. Through our sustainability and community engagement initiatives, we aim to contribute to society by creating lasting benefits that empower others to thrive.
-
Graduate opportunities
As a new graduate, we aim to provide you more than just your ‘traditional’ graduate program; instead we kick start your career as an Associate and support you to turn theory into practice.
-
Vacation program
Our vacation experience program will give you the opportunity to begin your career well before you finish your degree.
-
The application process
Applying is simple! Find out more about each stage of the recruitment process here.
-
FAQs
Got questions about applying? Explore frequently asked questions about our early careers programs.
-
Our services lines
Learn about our services at Grant Thornton
-
Current opportunities
Current opportunities
-
Remarkable people
Our team members share their remarkable career journeys and experiences of working at Grant Thornton.
-
Working at Grant Thornton
Explore our culture, benefits and ways we support you in your career.
-
Current opportunities
Positions available.
-
Contact us
Get in touch
Coronavirus and the dark web: if you haven’t experienced a cyberattack yet, you will
Spray and pray, script kiddies, phishing, bring your own network, wardriving. Sounds like newfangled Gen Z lingo, but it’s actually part of the cybercrime lexicon that you need to be aware of to protect yourself and your business.
There is a whole economy on the dark web built upon your stolen data – with an economic cost of approximately US$5t worldwide and US$1b in Australia alone. With the sudden and swift shift to remote working, cyber criminals now have around 40% more “open doors”, wifi weaknesses and gaps in security to exploit. If you haven’t already experienced a cyberattack, you will. There’s a lot of money in this and when it only takes a few seconds to download ransomware script, it’s little wonder we are seeing more hackers and cybercriminals testing our systems.
Hear from Matt Green and Chris Watson, Partners and cyber security experts, as they shine a light on the dark web and what businesses (and more importantly, their people) can do now to ensure they have the right security measures and culture in place to protect yourself and your business from becoming a cybercrime statistic.
Available on Apple Podcasts, Spotify or within your browser
Podcast transcript
Velvet-Belle Templeman
Welcome to Boardroom.Media. My name is Velvet-Belle Templeman and I'm here talking to Matt Green and Chris Watson, Cyber Resilience Partners at Grant Thornton. Matt’s cybersecurity experience spans across governance, operations, technical testing, controls, assurance and incident response. And Chris has extensive experience in cybersecurity and forensic investigations including 12 years in the City of London police as a detective in the crime scene investigation unit. Today we'll be talking about the dark web economy built on stolen data and how working from home has created a bonanza for cybercriminals. Thanks so much for joining us, Matt and Chris.
Matt Green
Thanks very much.
Chris Watson
Thanks, Velvet-Belle.
Velvet-Belle Templeman
Now Matt, in this sudden remote working environment with so many people working from home, the dark web really is having a field day. What has set this in motion?
Matt Green
Well, what we have is an exponential increase in people no longer working from the office and there's a number of factors in this, but let's just put a figure around it. Since the whole coronavirus remote working shift occurred, we've seen a 40% thereabouts increase in remote desktop and that's the technology used by a lot of organisations to connect remote employees back to corporate systems. So what we now have is if I'm a hacker, I've got 40% increase in targets. What we have also is remote desktop that's been turned on in a rush. So lots of organisations not prepared for work from home necessarily. So in really short time they've gone from having a network at work to getting people to access their kit from home. And that requires exposing your technology, which is, you know, really complex to the internet once it's exposed to the internet, the dark web, the hacker community, all the nefarious villains that we talk about start trying to get in.
It's just the way they do it. They have tools out there that are scanning permanently for new desktop instances of remote desktop. They have tools to go and look for what they call open ports, which is essentially new front doors. And so they're out there, they're looking for these things. They see a whole bunch of new ones, potentially ones that have been rushed out really quickly so they don't have the right kind of security enabled. They may have already had some vulnerability in their system already and that system that's now turned on and facing the internet allows those vulnerabilities to be exploited from the internet. If we then combine that with the fact that really rubbish passwords such as password one, two, three, welcome one or one two three, four, five, six, are still really common passwords, that's a recipe for high risk, poorly implemented technology and really weak security credentials.
And you sort of wrap that up in COVID-19 themed ransomware where they send out dodgy emails to try and get you to click on the link or download the piece of software to lock your system up. That's a great opportunity for the hacker community in the dark web to roll out their old tricks, which are very effective. We know everything these days can be bought as a service. You know, you buy your music as a service, you buy your cloud storage space as a service. You can buy ransomware as a service. If you want to get a ransomware up and running, COVID-19 themed, you can have that done in 30 seconds if you know where to go on the dark web. So we've got all this melting pot of new things from the hacker's perspective and they've just decided they're going to redouble their efforts because there's lots of targets and lots of targets they'll be successful against.
Velvet-Belle Templeman
So on the hacker scale, what should we be preparing ourselves and our businesses for?
Chris Watson
That’s a great question, Velvet-Belle. The first thing to think about for any business is actually you are vulnerable. If you haven't already been attacked, you will be attacked. So don't for one moment think that you are not going to be an attractive target or that you're not a big player, so no one's going to be interested in you. The global economy or the economic cost of cybercrime is thought to be around US$5 trillion. For Australia specifically that's thought to be about $1 billion. There's a lot of money in this and that means that everybody is a target, but really, as you inferred there, there is a bit of a scale and depending on the type of business that you are, depending on where you're located, the type of services that you offer, you'll be more or less attractive, to a different kind of hacker and the scale ranges from at one end you have, what are known as script kiddies.
They’re people who literally just download pre-packaged attacks and they fire and forget and they do that for a variety of reasons. It might just be mischievous. It may be that they have a bit of an axe to grind with a particular company, but more often than not they're just starting to look see because they can. Then you get to, I guess, organised crime where in days gone by, you’d have bank robbers going in with shotguns into the bank. Very dangerous, quite a high likelihood of being caught or shot and put away. Now they don't need to go out. They can just perform exactly the same extortion, ransom and fraud, but do it with the comfort of being behind a screen. And then you get onto the James Bond end of things, the state sponsored terrorists where it is very often with state sponsored cybercrimes they’re very often sort of in the news, things where X, Y, Z country has hijacked the internet of another country or they’re behind the bringing down of certain government websites in another country.
So there's a broad range of hackers out there and their skills generally speaking, increase as you go up that scale. So you'd find that the organised crime will have a very professional, well organised, well drilled and very skilled workforce. And then the state sponsored cybercrime, up another level again. So you have to really think about what kind of target you're posing out there. If you're a defence contractor, you're probably going to be more concerned about state sponsored or organised crime because you've got some pretty valuable data in there. If you're the high street sausage seller, you're probably more concerned about sort of more mischievous or malicious attacks and you would put your defence in accordingly.
So the key thing there is in order to understand where you might fit in on that scale, is to rethink about undertaking a risk assessment of what your business does, where you're located and the kind of information that you hold so that you can best prepare yourself for these kinds of attacks. Remember $1 billion is a big pot of money that people are definitely motivated to go for.
Velvet-Belle Templeman
And Chris, can I ask you, how does this actually work? I mean, how do cyber criminals identify these vulnerabilities?
Chris Watson
Yeah. And Matt already sort of referred to a couple of aspects there, but the number one method for, I guess, starting this whole process off is to get information and the key thing about information is about obtaining the information and I'll touch a bit more on sort of the value of that in the moment. But it’s something like, it's estimated to be 6.4 billion emails are sent a day that are phishing attacks and the whole purpose of those phishing attacks is to lure or to force somebody into giving up some information to have them click a link that takes them to a dodgy site or that downloads malicious software onto the network that they're operating from. The key there is around getting access to information and that information is highly commoditised, it's incredibly valuable.
I think we've all heard of, you know, the dark web, it’s that sort of mysterious thing that's out there. And if you think of the classic iceberg, you've got the internet, which is a little bit poking out that the stuff that the Googles and the news sites that we go to, poking out the top. Then there's a large part which is called the deep web, which is a lot of databases and private information repositories that sit there. But then sitting right below that, right at the bottom of that is the dark web. Now that is in and of itself, its own economy. There’s organised crime, there's the script kiddies and the state sponsored actors that we mentioned before, but they are their own businesses buying and selling information. And again, it’s estimated, it's very difficult to put an actual figure on this because you know, by its very nature, it's dark and unseen, but it’s thought to be doing at least US$500,000 a day in transactions.
Now to try and break that down a little bit further, there's things that these people are after. As I mentioned, it’s information and very often it's personal information that can be used to de-fraud bank accounts or to get money from somebody else. Now, credit cards, one of the key traded items and credit card details and one of the most key traded items out there on the dark web can go from anywhere between 9 and 12 US dollars a card depending on the particular flavour of card and the country of origin. So you see to get up to this billion dollars that we're talking about in Australia alone, that's a lot of credit card information. It's a lot of personal information that needs to be gathered. So these phishing exercises, that's why we see that there’s billions of these being sent out a day.
Velvet-Belle Templeman
So this all really must be keeping IT teams up at night, I would imagine.
Matt Green
Without a doubt, Velvet-Belle, and it's important to understand that, you know, IT has a really defined function if you like, in terms of they're usually looking after the things they expect to look after, whether that's a help desk ticket, whether that's, you know, backing up data, whether that's providing a new laptop to a company employee, things of that nature. This shift to remote work has exponentially expanded the environment they have to look after. So in the past where we had a relatively neat and defined network where we could reasonably understand where the network edge was and basically had control over which devices were allowed to connect or indeed, where we weren't doing remote desktop or we weren't exposing our business to the internet in a big sense, the fact that we had a weak password was perhaps less of a risk, for example.
Now it's a really high risk. This quick switch to remote working we’ve probably turned on new technical services. So this might be something that the IT guys have not necessarily been used to managing in the past. We’ve more than likely turned on a bring your own device environment. So if I was in my office and I used a desktop machine and we didn't have a ready supply of laptops, I might be using my computer at home now to access work systems. And we are almost certainly reliant on home wi-fi, and we've moved to this bring your own device and bring your own network construct. So in the past where I looked after maybe one office or multiple offices, I might now be looking after tens or hundreds of networks as opposed to just the two, the four of the six I was looking after when we knew about our little defined environment.
If we combine that with, you know, as I said, weak passwords, combine that with a $5 trillion economy, there's lots of people who want to get in and now IT have to defend against a whole bunch more of security threats and security risks. They might not have the tools to do that as well. Good security does require software to let you know what's going on and if the new remote environment has been rolled out, but we don't have the software to have visibility over it as an IT manager, I'm probably really quite concerned that I don't have security tightly wrapped up like I need it to be. If I then throw in home routers, maybe it's got a default configuration on it where the, you know, the original username and password hasn't changed. That's a weakness. If we talk about, you know, all these connected Amazon Alexas and Google Assistants and things like that. Maybe I've got some wi-fi enabled light bulbs. Maybe I've got a home video camera system for security purposes.
Not all of these devices are designed really well. Not all of them are designed with security in mind. So they too can create weak points. If we then sort of wrap this into a bundle with the phishing emails that Chris referred to earlier, combine that with a weak password as an IT manager, the risk and complexity that I have to manage, not to mention just the geographical spread of my network, that's a real recipe for trouble.
Velvet-Belle Templeman
So there's a lot of responsibility for our IT teams then. Now Matt, are all businesses targets or are there some that are more attractive than others?
Matt Green
All companies, all industries, all targets, big or small sophisticated or not, it doesn't matter. You're going to be targeted, as Chris mentioned earlier, and if you haven't been hacked you're almost certain to have attempts at being hacked. And we only have to look to the media to see recent examples, Austal Shipbuilders, Toll Holdings, things like that, they were really prominent cyberattacks on really big organisations. They had, you know, processes and tools and techniques and people in place. So they were, you know, relatively prepared perhaps. But what we've got out there is a community of lots of soft targets as well and that's organisations that haven't really paid any attention to security in the past other than sort of the default settings that come out of the box or some minor tailoring perhaps. And Chris mentioned earlier, if you've got a particular set of IP or something you might be quite attractive.
What we see from our experience is, if I want to say break into the Defence Department, that's probably going to be too hard. But if I want to get the Defence Department's information, I'm going to target one of the third parties that supplies to Defence and has access to that information because their systems may have a weak point that hasn't been covered off or their systems may not be as strong enough or their training of their teams and their staff members may not be strong enough. So I might be successful with a tailored phishing campaign. At the other end of the scale, those script kiddies, the person that goes and buys the ransomware in 30 seconds, they're just going to become part of that. That network of emails going out, doing what we call spray and pray, which is where you just send out volume.
You hope that someone clicks on the link or downloads that bit of software and that your ransomware kicks into gear, encrypts their system, you hope they don't have a backup. And we've seen a number of examples in the press about organisations that have had a ransomware hit them and they don't have a data backup. And then they're liable to have to just pay the ransom or rebuild their systems and they're too often very big exercises. And when you’re paying ransomware it gets you into a whole sort of legal debate as to well, you don't know who you're paying, so can you pay that? Can you pay that ransomware legally? So there's a real challenge around dealing with some of these issues as well. But everyone's a target. Most always organisations will have some sort of vulnerability in there, if it’s not a technical vulnerability. It will be a vulnerability of a staff member who's not fully trained or fully aware and therefore the security risk increases again and again.
Velvet-Belle Templeman
Okay. So if we go out and we buy Symantec or Norton 360 or McAfee, would that be enough to stem the tide?
Chris Watson
Look, it’s a start and I certainly wouldn't discourage anybody from installing them and running any of those great products, but they are not the complete solution. Matt has already mentioned a number of other different aspects to it. One of the key ones is making sure that you have robust passwords and having been involved in forensic investigations and cybercrime for the last 20/30 years. The fact that we are still routinely using password 123 as one of the most common passwords is both depressing and frightening to be quite honest. So antivirus is a great start but we need to be better educated with it. There needs to be a greater understanding and particularly in the environment of, as Matt has described, it's not so much a bring your own device but a bring your own network. We, you know, companies, are all relying on the end point security or individuals in their homes.
Now these are, you know, somebody has just popped along to JB Hi-Fi bought a router and installed it. It's going to probably be a basic configuration. If somebody has done something with it, they have changed out new passwords or they've created new accounts, they’ve probably given it a simple password. So an education around what security means for the home network is really, really important as well. Switching on multifactor authentication is another key thing that needs to be done. I also wonder whether we might see a bit of a resurgence in some old school hacking techniques such as back in the, I think, Matt, was it early 2000s or mid-2000s, 2005 something like that, there was a thing called war driving and it was quite sort of comical. They were all these articles on how to build a wireless sniffing device out of a tube of Pringles, and you’d see all these script kiddie types wandering around the streets at that time in London with a can of Pringles trying to detect wireless signals that that had very little security on them and then hack into them.
And they would then actually mark a nearby location that indicated what kind of wireless network it was, how secure it wasn't, whether it had been hacked on it so that others could come around and do the same thing themselves to try and get more information. We might see a resurgence in that kind of activity. You know, if you think about an apartment block in a well built up area, it would be child's play to try and find any number of vulnerable wireless networks there that could then be used to get into the organisation. So antivirus, yes, but education is absolutely key. Robust passwords are absolutely essential, wherever you can switch on multifactor authentication.
One organisation that I did an investigation on as a result of some social engineering and phishing, a CFO of an organisation, received an email from somebody who purported to be the CEO of the parent company. As a result of that email, the CFO sent $12 million of the company's money offshore. That company no longer exists now and that's simply down to a lack of understanding around the threats that are out there, understanding how phishing attacks are constructed and asking some basic questions of the information that they're receiving. So if there's one thing that I want people to take away is educate yourself as to the threats that exist out there and how to suitably protect yourself.
Velvet-Belle Templeman
I don't think many of us really appreciated the scale of the economy built on these cyber vulnerabilities, which is really being highlighted with so many working remotely. Looking to the future, Matt, how will this experience change the way businesses operate?
Matt Green
So Velvet-Belle, we're seeing a lot of commentary on the permanent increase in work from home. It appears to be working really well. A number of people are liking the social adjustment, the lack of a commute, the ability to be home more frequently, more easily and a sense of feeling that they can, with the right technology, continue to be as productive as they were in an office space. So that's going to drive, I think a permanent shift in what IT teams need to manage. This fragmented nature of the workforce will be bigger than it already is and therefore IT will need to manage things differently. They'll need to put a strategy together around managing a remote workforce. So bring your own device policy. They might even need to extend that to actually how they might educate their users about what a good home network security setup looks like.
So something really basic like that. They might need to increase their own level of corporate security. So they might need some new tools, they might need some new software, they might need a new staff member. These are all future focused things that they need to sort of start thinking about now as we return to the new work environment in however many weeks or months’ time. Most definitely, organisations are going to need to clean up what they've already put out. So if we rushed to put remote desktop out there, we're probably going to have to go back and have a really good look at what our configuration is and whether it's appropriate. What we did see straightaway when coronavirus kicked off was lots of organisations offered up their software tools, at either heavy discounts or even for free for a three or six month period.
A lot of those tools will have been adopted, but IT sort of needs to take a step back now and say, Is this the right product, particularly when this free period is coming to an end, is it the right product and have we actually deployed it properly? Is it deployed in a secure as possible manner? And have we implemented it across our existing IT properly? Just because that's the one I sort of tactically chose at the time, doesn't mean it's the strategic choice that I should retain. And there probably needs to be a little bit of an extension of thinking outside of the IT environment. Lots of organisations will have moved, their workforce is remote but still need to do work with things like paper signing documents for example. So what am I doing as an organisation about the fact that people are now printing these documents at home potentially and disposing of this document, say in the recycling bin.
So we've got to extend our thinking around data security and data privacy as opposed to just information security. I think it's really important that organisations do a bit of a health check around what their security is and what their vulnerabilities are so that they can find them, patch them. As Chris said, do a risk assessment, understand what your risks are. This is all really important to do's on the list for when we return to normal. And then most importantly, training your staff on how to spot security issues, how to deal with security issues and how to behave in a secure manner. Because not only does that help you from an employee awareness perspective and in securing the organisation, but it also helps the end user from a personal security perspective and a security of their home internet and their home technology. And because we all do so much on that now, that's a win-win for the organisation and the staff member.
Velvet-Belle Templeman
Some really critical information there. Matt and Chris, thank you for your time.
Chris Watson
Thank you very much, Velvet-Belle.
Matt Green
Thank you.