Exclusive: DigiCert eyes growth in ANZ as cyber threats escalate
Cyber attacks are on the rise, quantum computing is edging closer, and businesses across Australia and New Zealand are under "increasing pressure to modernise their digital infrastructure."
According to Daniel Sutherland, Regional Vice President for ANZ at DigiCert, building digital trust is now central to enterprise resilience.
"We're seeing a growing volume in the number of cyber attacks and data breaches," he explained during a recent interview. "The Australian Signals Directorate reported over 87,000 cyber attacks last financial year alone."
Sutherland explained that with organisations expanding their digital footprints and threats becoming more sophisticated, businesses need to rethink how they secure data, manage risk, and modernise legacy systems. "Digital trust enables organisations and consumers to navigate the digital world with confidence," he said.
DigiCert, best known for its TLS certificates, has grown significantly in the past decade.
What began as a company helping people verify the legitimacy of websites has become a major player in digital trust and identity management. "It's rare to work for an organisation that covers such a wide range – from enterprise PKI to IoT device integrity and software verification," he said.
Innovation remains a key pillar. "We had 81 patents issued last financial year alone – ten of those were in post-quantum cryptography and nine in AI and machine learning technologies," Sutherland said.
He added that DigiCert's presence in the ANZ region has become increasingly significant. The company now employs over 100 people in Australia and was named a Great Place to Work in both 2023 and 2024. "We're really proud of that recognition," he said. "It shows that our people enjoy working here and that we invest in our culture."
One major milestone this year has been the local deployment of DigiCert ONE, its core digital trust platform, which is now hosted in Australia.
"It's one of only five instances globally," Sutherland noted. "This allows local customers to meet data sovereignty and residency requirements, while managing digital trust within region."
Among the most engaged sectors are those classified under critical infrastructure – from healthcare and finance to energy and government.
"The Security of Critical Infrastructure Act is driving these organisations to reassess how they manage cyber risk," he explained.
Sutherland highlighted a partnership with New Zealand health tech provider Clanwilliam as an example of digital trust in action. "They enable secure sharing of sensitive patient records and have connected 15,000 medical clinics, securing over 100 million clinical messages each year."
IoT security is another priority. Sutherland pointed out the proliferation of low-cost, insecure devices as a risk. "There are expected to be 75 billion connected devices globally this year – ten times the human population," he said. "If these devices are used in mission-critical sectors like healthcare or energy, the security risk becomes enormous."
One local project focuses on distributed energy resources (DER), such as solar panels feeding electricity back into the grid. "We're working with Australian energy providers to ensure these systems are secured with PKI technology," he said.
Quantum computing is no longer a future concept – it's a pressing issue. "Microsoft, Amazon, Google – they've all announced quantum-ready chips," he said. "It's becoming a bit of an arms race."
The timeline for businesses to prepare is short. "Gartner says organisations must migrate from legacy asymmetric cryptography by 2029," he said. "That's just four years away."
Sutherland said DigiCert's post-quantum strategy includes helping companies inventory their cryptographic assets, assess vulnerabilities, and test new algorithms. "It's about identifying your crown jewels and building cryptographic agility," he said.
Interest in this area is growing, especially in the financial services sector. DigiCert recently released a free e-book, ' Post-Quantum Cryptography for Dummies' , to help organisations take those first steps.
The company is also looking at trust in digital content amid the rise of deepfakes and misinformation.
"Did that CEO really say that on an earnings call? Is that real person trolling me on social media?" Sutherland asked. "These are real questions today."
One solution is C2PA – an emerging standard backed by over 300 global organisations – which uses digital signatures to track image authenticity.
"You take a picture, it's signed at the source. If it's altered later, you can trace that," he said.
Gen AI is another game-changer. "AI agents are no longer just assisting – they're acting," he said. DigiCert sees PKI as the key to managing AI identity. "Think of it like a cryptographic passport. Every action the AI takes is signed and traceable. And if something goes wrong, you can revoke its certificate immediately."
Looking ahead, Sutherland is excited about several initiatives, including the DigiCert Trust Summit in Sydney on 3 June. "It's a great opportunity to give ANZ a voice within our global strategy," he said.
And with quantum computing on the horizon, the need for robust, agile security systems has "never been more urgent", according to Sutherland.
"The next five years will be more important than ever to data security."
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
7 days ago
- Techday NZ
Is it time to re-think the business browser?
For Australian businesses, cybersecurity is no longer a peripheral concern - it's front-and-centre. With phishing scams, ransomware and data breaches growing more frequent and sophisticated, the cost of falling victim to cybercrime continues to mount. In the first half of 2024 alone, data breaches in Australia hit a three-and-a-half-year high - a figure that was immediately surpassed by a further 15% jump in the second half of the year. According to the Australian Signals Directorate (ASD), the average cost of a cyber attack is rising too. Despite ongoing investments in firewalls, endpoint protection and cloud security, data breaches continue to rise. One everyday tool remains overlooked: the browser. Now the main gateway to cloud apps and sensitive data, browsers weren't designed with enterprise security in mind. Their broad access, lack of visibility, and limited control make them an easy and attractive target for attackers. This raises the question: Are browsers the overlooked weak link in enterprise cybersecurity and could securing them be the missing piece in closing today's growing security and privacy gaps? The overlooked risk in every workplace Modern browsers serve as enterprise workspaces, with employees performing critical operations across SaaS apps, handling corporate data, and managing transactions entirely through browser windows. But most businesses still rely on consumer-focused browsers, which are designed for casual use, not enterprise-level protection. While browsers enable productivity, they also open the door to a range of web-based threats - such as phishing attacks, malicious extensions, and drive-by downloads. Often, employees are unknowingly using browsers that lack the protections required to defend against modern cyber risks. Every time an employee logs into sensitive systems, uploads documents or interacts with data through an unsecured browser, they're expanding their organisation's attack surface - often without knowing it. Why browsers are now a prime cyber target Cybercriminals don't need to breach firewalls to cause damage - they just need to compromise a browser. Once inside, they can gain access to everything from cloud platforms and financial tools to intellectual property and private customer data. With remote work still prominent, browser activity now spans devices, locations and networks - making it harder for IT teams to maintain visibility and control. In the 2023–2024 financial year, phishing accounted for 23% of all cybercrime reports in Australia - making it the most common form of attack. While email is usually the entry point, the browser is where the real damage happens - when a user unknowingly clicks a malicious link, enters their credentials into a fake login page or downloads malware disguised as a legitimate attachment. Despite this, many organisations lack standardised browser policies. They allow third-party extensions without review, have no centralised visibility into browser activity and rely on employees to spot increasingly deceptive scams. A smarter way to work safely To address this growing risk, a new solution is gaining traction: the enterprise browser. Built specifically for business use, these browsers embed security directly into the browsing experience - without slowing users down or requiring complex integrations. They include built-in protections like data loss prevention, centralised policy enforcement, zero-trust access controls and AI-powered threat detection. Rather than relying on separate software layers, enterprise browsers secure sensitive activity at the source - where work actually happens. Solutions like Zoho's Ulaa Enterprise offer a familiar interface with a far more secure backend. IT teams can restrict downloads, block screen captures, manage login permissions and monitor for potentially malicious activity in real time - without disrupting user experience. As threats grow more sophisticated, AI is now essential to browser security. Enterprise browsers use it to analyse behaviour in real time, block phishing pages, categorise sites and stop users from interacting with malicious content. This protection lightens the load on IT teams, enables faster responses and adapts to evolving threats. For instance, if a user clicks on a fake login page, the AI can block input immediately - stopping the breach before it begins. Enterprise browsers offer a practical, cost-effective way to strengthen security without requiring major infrastructure changes. As hybrid work continues and employees - with varying degrees of risk understanding - increasingly use unmanaged devices, securing the browser is one of the most efficient ways to reduce risks. These solutions protect businesses by catching threats right in the browser, reducing the chance of mistakes or gaps in other security tools. They also support compliance by logging activity, protecting sensitive data, and helping businesses stay audit-ready as privacy regulations evolve. With built-in protections, businesses can keep security simple and easy to manage - saving time and money while staying in control. Simultaneously, enterprise browsers respect user privacy, helping to build trust in flexible work settings. For too long, browsers have been treated as consumer tools, even in professional settings. As more business happens online and cyber threats grow smarter, this outdated approach no longer holds up. Companies today need to rethink security, putting the browser front and centre in their defence strategy. Thanks to AI-powered enterprise browsers, businesses can now safeguard their most-used tool without slowing down teams or adding strain to IT. The solution isn't to stop browsing - it's to browse smarter.
Techday NZ
26-05-2025
- Techday NZ
Exclusive: DigiCert eyes growth in ANZ as cyber threats escalate
Cyber attacks are on the rise, quantum computing is edging closer, and businesses across Australia and New Zealand are under "increasing pressure to modernise their digital infrastructure." According to Daniel Sutherland, Regional Vice President for ANZ at DigiCert, building digital trust is now central to enterprise resilience. "We're seeing a growing volume in the number of cyber attacks and data breaches," he explained during a recent interview. "The Australian Signals Directorate reported over 87,000 cyber attacks last financial year alone." Sutherland explained that with organisations expanding their digital footprints and threats becoming more sophisticated, businesses need to rethink how they secure data, manage risk, and modernise legacy systems. "Digital trust enables organisations and consumers to navigate the digital world with confidence," he said. DigiCert, best known for its TLS certificates, has grown significantly in the past decade. What began as a company helping people verify the legitimacy of websites has become a major player in digital trust and identity management. "It's rare to work for an organisation that covers such a wide range – from enterprise PKI to IoT device integrity and software verification," he said. Innovation remains a key pillar. "We had 81 patents issued last financial year alone – ten of those were in post-quantum cryptography and nine in AI and machine learning technologies," Sutherland said. He added that DigiCert's presence in the ANZ region has become increasingly significant. The company now employs over 100 people in Australia and was named a Great Place to Work in both 2023 and 2024. "We're really proud of that recognition," he said. "It shows that our people enjoy working here and that we invest in our culture." One major milestone this year has been the local deployment of DigiCert ONE, its core digital trust platform, which is now hosted in Australia. "It's one of only five instances globally," Sutherland noted. "This allows local customers to meet data sovereignty and residency requirements, while managing digital trust within region." Among the most engaged sectors are those classified under critical infrastructure – from healthcare and finance to energy and government. "The Security of Critical Infrastructure Act is driving these organisations to reassess how they manage cyber risk," he explained. Sutherland highlighted a partnership with New Zealand health tech provider Clanwilliam as an example of digital trust in action. "They enable secure sharing of sensitive patient records and have connected 15,000 medical clinics, securing over 100 million clinical messages each year." IoT security is another priority. Sutherland pointed out the proliferation of low-cost, insecure devices as a risk. "There are expected to be 75 billion connected devices globally this year – ten times the human population," he said. "If these devices are used in mission-critical sectors like healthcare or energy, the security risk becomes enormous." One local project focuses on distributed energy resources (DER), such as solar panels feeding electricity back into the grid. "We're working with Australian energy providers to ensure these systems are secured with PKI technology," he said. Quantum computing is no longer a future concept – it's a pressing issue. "Microsoft, Amazon, Google – they've all announced quantum-ready chips," he said. "It's becoming a bit of an arms race." The timeline for businesses to prepare is short. "Gartner says organisations must migrate from legacy asymmetric cryptography by 2029," he said. "That's just four years away." Sutherland said DigiCert's post-quantum strategy includes helping companies inventory their cryptographic assets, assess vulnerabilities, and test new algorithms. "It's about identifying your crown jewels and building cryptographic agility," he said. Interest in this area is growing, especially in the financial services sector. DigiCert recently released a free e-book, ' Post-Quantum Cryptography for Dummies' , to help organisations take those first steps. The company is also looking at trust in digital content amid the rise of deepfakes and misinformation. "Did that CEO really say that on an earnings call? Is that real person trolling me on social media?" Sutherland asked. "These are real questions today." One solution is C2PA – an emerging standard backed by over 300 global organisations – which uses digital signatures to track image authenticity. "You take a picture, it's signed at the source. If it's altered later, you can trace that," he said. Gen AI is another game-changer. "AI agents are no longer just assisting – they're acting," he said. DigiCert sees PKI as the key to managing AI identity. "Think of it like a cryptographic passport. Every action the AI takes is signed and traceable. And if something goes wrong, you can revoke its certificate immediately." Looking ahead, Sutherland is excited about several initiatives, including the DigiCert Trust Summit in Sydney on 3 June. "It's a great opportunity to give ANZ a voice within our global strategy," he said. And with quantum computing on the horizon, the need for robust, agile security systems has "never been more urgent", according to Sutherland. "The next five years will be more important than ever to data security."
Techday NZ
19-05-2025
- Techday NZ
The Ransomware Threat: How to respond and protect your organisation
Imagine you're an IT administrator and have just started your workday, getting ready to check the status of your organisation's critical applications. But as you turn on your laptop, you see a chilling message: "Your files have been encrypted. To recover access, you must pay a ransom of $2 million in bitcoin." The attack compromised all your organisation's important documents, customer data and product information. To make it even worse, you have 72 hours to comply. Otherwise, you will lose the data permanently. While this is a reality for many organisations, there are actions you can take to respond to ransomware and protect your data. Ransomware and data theft extortion continue to be pervasive threats, with business email compromise and fraud among the top self-reported cybercrimes for businesses and individuals in Australia during FY2023–24. These attacks are highly destructive, causing significant harm to individuals, organisations, and wider society. Professional and technical service firms have been among the primary targets of ransomware attacks in Australia, ahead of sectors such as retail trade, manufacturing, healthcare, and construction. According to the Annual Cyber Threat Report 2023–2024, approximately 71% of extortion-related cybersecurity incidents handled by the Australian Signals Directorate during the 2023–2024 financial year involved ransomware. Federal government data also reveals that the average cost of a cybercrime incident is around $71,600 for large businesses and approximately $97,200 for medium-sized ones. For small businesses, the average cost is about $46,000, an increase of roughly 14% compared to 2023. These figures highlight the growing financial impact of cyber threats and the critical need for organisations of all sizes to be prepared. Here are some key recommendations on how to survive a ransomware attack: Maintain an incident response and recovery plan. No matter how hard you work, stopping an incident from happening can be unpreventable. However, you can focus on your incident response and build a recovery plan. But make sure this is not just a written plan that you touch occasionally. Practice, test and simulate often, making sure you are ready to minimise the impacts of an attack and are confident in getting the organisation back to operational. Penetration tests and vulnerability management are good practices to use to keep you up to date with your plan. Remember to identify who the key players are in advance. Who will you call when a breach happens? Identify your recovery team and ensure they are ready, including a law firm and a cyber insurance company. You need to outline the necessary steps to work with the Australian Signals Directorate and consider cyber insurance as part of your resilience strategy. Manage your communications. Communicating effectively is key to a crisis scenario, and it's not different in a ransomware situation. You need to create communication guides as part of your Incident Response Readiness (IRR) plan. These playbooks should include a work-back plan with timely and clear communications for inside the organisation as well as consider what messages might be needed for external stakeholders. Ransomware attacks may require a media statement, and you should establish what to do in these cases. Working with your communications and legal teams is critical to adhering to regulations such as notifying authorities, customers and so on. Ensure robust data protection. Having critical data in an isolated, immutable data vault will help you recover services and systems in order of importance. As part of your recovery, you can use techniques like a "clean room," which is a method that involves creating a secure, isolated environment to rebuild systems. This approach ensures that you have a secure recovery process, and you are not using compromised resources. And most importantly, make sure the data that you can recover is complete and accurate. Paying the ransom should be your last resort as there is no guarantee the hacker will return your data. And even in that scenario, you don't get your systems back right away. You still need to get your applications and infrastructure back to operational - essentially rebuild and test everything back. Train and educate employees. Another critical part of your ransomware strategy must include training and educating employees regularly. The root cause of many breaches comes down to employee-level breakdowns. Attackers can compromise an employee's credentials to gain access to the corporate network, or someone can fall victim to a phishing scam, which opens the corporate doors to an attacker. Educating employees about phishing tactics and password management is the first line of defense. Readiness pays off. While facing ransomware can be stressful, having a strategy in place can lessen the impact of financial losses, operational disruption, data loss and reputational damage. You can survive by maintaining an incident response and recovery plan that engages your full team in minimising the impact of the attack. Make sure you have a strong data protection strategy in place and that you are constantly training and communicating with your employees. By taking proactive steps, you reap the benefits of planning in advance and preserving your most critical assets. As ransomware threats continue to evolve, it's crucial to continually review your organisation's strategy, raise awareness among employees, and reinforce your commitment to safeguarding data. Learn more about ransomware and the solutions offered by Dell Technologies here.
