Attack mode
Jim Tolson has been with Namoi Cotton for almost ten years. After eight years as an IT Systems Field Engineer working with the bespoke systems used to run the business’s factories and warehouses, he took on the role of IT Manager in 2020.
Although Fusion5 had been Namoi Cotton’s technology partner for some years, Tolson didn’t engage directly with them until the end of the 2019 drought. At this time, the business downsized its IT team, and Tolson’s systems admin roles increased, adopting several of Namoi’s systems including its Fusion5-supported JD Edwards ERP and maintaining several cybersecurity systems.
Sleepless nights
Like most businesses, Namoi Cotton is under constant attack by cybercriminals. To help mitigate the impact, the company utilises an automated system to deliver monthly training videos and issue email alerts of any new scams. “Our human firewall is just as important as the system firewalls,” says Tolson.
But Tolson was simply running out of hours in the day to protect the business’s technology environment from ongoing attacks, let alone juggle all the other IT priorities.
"Unfortunately, the hackers don't sleep, and neither do our servers. While we had successfully maintained our borders, it was difficult to sleep at night knowing that no one was watching our servers around the clock. Anything could happen overnight, and you wouldn't know about it until morning.”
Jim Tolson | IT Manager, Namoi Cotton
Cyber sentinel
Tolson had already enabled a cloud-native security information and event manager (SIEM) platform that uses built-in AI to help rapidly analyse large volumes of data across an enterprise.
But being already time-poor and overwhelmed with a high volume of system alerts, he turned to Fusion5 for advice.
"Namoi Cotton had done a lot of the groundwork with their SIEM implementation and had just started down the path of getting our on-premises servers to pump data into it. Fusion5 confirmed that what we'd done to date was correct; then, they took over fine-tuning the platform to improve what we’d already started. Given their depth of knowledge, it was a seamless handover.”
Jim Tolson | IT Manager, Namoi Cotton
Impressed with the response to optimising the SIEM, Tolson engaged Fusion5’s Security Centre to fully manage and help mature the business’s operational cybersecurity.
“Fusion5’s Security Centre offering included 24/7 coverage of the metrics and data coming out of our security systems,” says Tolson, “and gave us the much-needed confidence that someone was keeping an eye on our environment all the time.
“They’ve used threat hunting to detect unusual behaviour in the system that the automated systems hadn’t picked up. So, they’re really going above and beyond what we expected. We have no complaints at all!”
The case for change
Tolson says that although Namoi Cotton has never experienced a significant breach, there was little need to build a business case for using Fusion5’s Security Centre. “Our executive team was aware of the need to increase our focus on cybersecurity. They’d already formed a risk subcommittee, with compliance high on the agenda. Security is a very prominent topic around the boardroom table right now.
“While we were doing well, our cybersecurity wasn’t getting the attention it deserved. So, I ticked the box, and away we went. With Fusion5 onboard, it’s now being done to the level needed. And their Security Centre service lets me focus my time more fully on other business priorities.”
Jim Tolson | IT Manager, Namoi Cotton
Tolson says the flat, predictable cost of the Security Centre service makes it easy to budget for. And as the cyber threat landscape casts a growing shadow over Australian businesses, he expects the board to require on-demand reporting on their security posture. Something Tolson is now well equipped to do thanks to his fingertip access to detailed, real-time data.
Tolson uses the SIEMS’s out-of-the-box security dashboards to monitor the Namoi Cotton environment and drill down into incidents as required.
Other outcomes
To date, Fusion5 has about 1000 rules under management for Namoi Cotton.
They’ve tuned fifty of these so new threats can be identified and false positives eliminated, so only genuine items of interest are escalated. The Security Centre team has configured the SIEM to support the Advanced Security Information Model (ASIM), allowing even greater coverage of existing rules to pick up more threats.
Fusion5 also reviewed and made best-practice recommendations on Namoi Cotton’s Azure Active Directory policies and location-based recommendations to reduce the threats posed by countries the business doesn’t operate in to allow staff to work securely while travelling.
Fusion5 is currently setting up Threat Intelligence to help Namoi Cotton stay ahead of threats and be aware of them (and react appropriately) at the same time as the Australian Cyber Security Centre (ACSC). Not when it’s too late and a data breach has already happened.
“While Fusion5’s cybersecurity offering was quite new when we signed up, we’ve worked together well and have significantly improved Namoi Cotton’s security posture. Their team has not only been open to ideas but is always asking us, ‘what could we do better?’. It's been really cool to see our system and Fusion5’s security offering develop in tandem and be a part of their journey.”
Responsive support
Tolson says the service from Fusion5 is always responsive and efficient.
“If I lodge a case with support, it’s always promptly picked up and assigned to the appropriate person. And if it’s a priority, they jump on it straight away. The fact that they are always responsive when I need them, even though I know they are busy, is very much appreciated."
Jim Tolson | IT Manager, Namoi Cotton