Optus to acquire Hivint in cyber security deal
The deal is expected to bolster the telco’s security pedigree in a market that is grappling with more data breaches and cyber incidents
The cyber security consulting arm of Australian telco Optus is acquiring Hivint for A$23.3m in a bid to bolster its security pedigree in a market that is facing more data breaches and cyber incidents.
According to Singtel, the parent company of Optus, Hivint’s advisory services will be integrated into Trustwave’s security offerings across Australia and the Asia-Pacific region. Trustwave was acquired by Singtel in 2015 for $810m.
Founded in 2015, Hivint is privately-held, and offers a suite of cyber security professional services including technical, governance, risk and compliance services, chiefly in Australia.
One of its key strengths is what it calls “security colony”, a collaborative software as a service (SaaS) platform that allows subscribers to access a library containing security management systems, policies, standards, and templates derived from Hivint’s consulting engagements with hundreds of enterprises across Australia.
“This acquisition is timely as an overwhelming 85% of over 200 Australian enterprises we surveyed cited cyber and information security as having the highest disruptive impact on their industries in the next three years,” said John Paitaridis, managing director of Optus Business.
“Hivint’s reputation for providing high-quality advisory services to businesses facing the challenges of increased cyber security threats and digitalisation will strengthen Optus’ position as one of Australia’s leading cyber security service providers and trusted advisor to both government and enterprise customers,” he added.
Noting that business leaders are concerned with protecting their organisations against data breaches, disruption of operations and loss of economic assets, Arthur Wong, CEO of global cyber security at Singtel and Trustwave, said the acquisition will deliver a “powerful combination” of cyber security capabilities from both Hivint and Trustwave.
Key growth area
Australia is a key growth area for cyber security services in the Asia Pacific, with Gartner forecasting the professional services market in Australia to grow to US$600m in 2021.
Although Australia has the capability to stop many denial-of-service, malware and phishing attacks directed at the government, it is not stopping every attack, Angus Taylor, minister for law enforcement and cyber security, said at the Technology in Government conference in Canberra in August 2018.
In response, Taylor called for a new national cyber agenda, starting with a cyber defence network comprising law enforcement and intelligence agencies, as well as private sector partners, to fend off cyber attacks that fall through the cracks.
“As Australia’s cyber security maturity grows and evolves, we must adopt a posture of moving towards zero,” he said. “Zero successful attacks, zero mistakes and zero negative impact,” he said.
Read more about cyber security in Australia
- Australia’s national cyber security blueprint has been a catalyst for improvements, but its long-term impact remains to be seen.
- Nearly a quarter of data breaches reported under Australia’s new mandatory data breach regime took place in the healthcare sector.
- Australia and Singapore will conduct joint cyber security exercises, among a raft of measures to secure critical infrastructure and bolster cyber security knowhow in the two countries.
- Besides bridging the security gap between IT and operational technology teams, Australia is driving efforts to bolster the security of IoT devices.
The cyber defence network will focus on blocking and targeting threats, developing a framework for strong attribution and response to cyber attacks, as well as sharing threat data, among other areas.
In singling out the importance of threat blocking, Taylor said there have been too many attacks from known sources that have not been shut down.
“And when I say shutting down we are mostly talking about blocking their traffic,” he said, adding that he was not referring to an internet content filter but about blocking known malicious domains.