In the lead up to National Cyber Week, we are working with Austcyber Canberra Cyber Security Innovation Node in featuring some of Canberra’s leading cyber companies.

We spoke to Rachael Greaves, Chief Executive Officer of Castlepoint Systems.  Learn about what they do, what they are proud of and why Canberra is the best place to do business.

Tell us about your company, when and why was it founded?

Castlepoint answers the question – what could you achieve if you knew what every document, email, database, and message in your environment was about? Castlepoint tells you this using AI, and it also tells you who is doing what to your data, what risk or value it has, what rules apply to it, and whether they are being met. Importantly, it does this invisibly to users, and with no complex system integration. Castlepoint was launched in Canberra in 2019, and now names dozens of Federal Government, State Government, higher education, and international clients. Some of our clients have used Castlepoint to: halve the cost of their data migrations; improve the accuracy of records sentencing by 75%; replace compliance systems that are not user-friendly; reduce the effort cost of FOIs by 98%; and identify hundreds of data spills in insecure systems (and help to remediate them).

What products and services do you provide?

Castlepoint is a single system that controls all your data. It reads and registers every item in every business system, and acts as a single pane of glass to find, relate, manage and audit every item in your network, no matter what system or format it is stored in — and it does this without any impact on your existing systems or your user base, and without complex rules engines you need to maintain. Castlepoint can tell you what types of information you have, its risk and value, where it is held, who is doing what to it, what rules apply, and whether they are being met.

Tell us about the skillset and dynamic of the team?

Our team is comprised of core technologists (data science, development, AI/ML, infrastructure, and operations), and a business team focused on managing our internal processes, client success, and business development. Around 75% of our team are women, including on the tech side, and we have some amazing diversity in backgrounds, age, and experience. Almost all of our team are Canberra locals, although we do have some really key members working remotely interstate. Gavin McKay and Rachael Greaves have been based in Canberra for a few decades, and have extensive experience in the government, defence, and compliance sector.

Tell us about the current cyber landscape in Australia?

Australia has 1.1 million regulated companies, partnerships, and public sector bodies. All of these organisations, large and small, have an obligation to manage their information in accordance with law, policy, and standards. But it’s impossible to manage the wide array of information, in the ever-increasing number of systems, in accordance with all these rules, using traditional approaches.

Recently, the new head of the Australian Signals Directorate, Rachel Noble PSM stated that the fundamental obligation of organisations was to understand what data they have, where it is, who has access to it, and what they are doing with it. We agree that this is the most important step in any compliance, security, or efficiency campaign. Understanding your data, what rules apply to it, and whether those rules are being met, is the only way to gain command and control over your most valuable and sensitive asset – your information.

The Australian National University suffered a major network breach by an advanced persistent threat in 2018, which exposed 19 years’ worth of personal student information to what is believed to be the Chinese government, including details on students in the Strategic and Defence Studies Centre, records of students from China, and records of other students studying topics of interest to the Chinese government. The University had no records management of that data, meaning that high-risk student records were never sentenced or disposed of after their 7-year retention period. If they had been, the impact of the breach would have been up to 60% smaller. This is a clear example of why Rachel Noble’s advice is so pertinent to organisations – if you don’t know what you have, what it is about, where it is, and who is doing what with it, you simply cannot manage your enterprise risk. Australian organisations fundamentally understand this, and have one of the strongest global appetites for proactively addressing their security and compliance gaps.

What advice do you have for startups and business around cyber security?

The key thing to understand is your business risk. It is easy to tick boxes for the Essential 8 or the ISM, but technology controls and widgets can’t address enterprise risk – that can only be addressed by understanding business impacts. Most large organizations, including many government departments, don’t understand the risk profile of their own data types, and smaller businesses and startups often have no maturity around this at all. The first thing to do is to understand what types of information you have, then systematically think about what the impact would be (on your business, your clients, and the wider community) if you had a confidentiality, integrity, or availability breach of those assets. The results are often surprising, but knowing what your risk profile is is the absolute foundation of doing something about managing it.

What are you most proud of so far?

This year we have won several industry awards, including the ACT Records and Information Management Professionals Association Award for Outstanding Group, and we have been selected as a finalist for the Australian Technology Competition. We hosted a webinar series, to engage experts across Australian and international government and industry in a discussion about information security and control. The series has helped bring the conversation on information governance and control to viewers around the world in the finance, crime prevention, national security, academic, public health, banking, and finance sectors. And we grew our client base beyond federal government into State, higher education, commercial, and international customers.

However, the single achievement that I am most proud of is that we have achieved this success with a wonderful and diverse Canberra based team, comprised mainly of women. We have tripled our staffing, and recently opened new larger premises in Canberra. We have embedded our corporate social responsibility into all of our operations, and have worked together to provide significant benefits to our clients, and through them, Australian citizens.

What quote or philosophy do you stand by?

We are a progressive company, and we have a strong focus on always being aware of how we could help or harm the world by our actions and inactions. Every time we make a decision, we need to think about who will be impacted. This might be individuals, communities, other companies, or the environment at large. We must always strive to have a positive impact, and avoid having a negative one. Sometimes, a negative impact on someone else will mean we choose not to take advantage of something that would otherwise be positive for us. We always have to consider more than just our own interests.

Why do you think Canberra is a great place to do business?

Canberra is the seat of government, and government has the highest responsibility to act ethically, compassionately, and compliantly. Security and regtech solutions are vital to the success of those agencies in providing services to the community, as they have an enormous burden of responsibility, being trusted with huge amounts of personal and commercial information. They cannot afford to be careless with data, and they have a strong appetite to do the right thing. We have found fedgov to be a fantastic partner for our business as it grows, both as a customer and a collaborator. Supporting government are our local universities, which have incredible research programs with a keen interest in partnering with emerging technology businesses like ours. Finally, the Canberra lifestyle is so well suited to a modern, people-centred business model, as we have great amenities, rapid transport, and lots of outdoor spaces for helping to achieve that work/life balance that’s so important for success.