Collective Defence: Matthew Nevin
With cybercrime on the rise, a whole-of-nation approach is required to fight back. It’s a collaboration that Cybermerc Co-Founder Matthew Nevin is helping to build.
Cybercrime is costing the Australian economy A$3.5 billion per year – a number that is only expected to rise as ransomware attacks become more common in the coming years. It’s a worrying statistic that Matthew Nevin, Co-Founder of Cybermerc, is on a mission to tackle and is already making great headway.
After serving in the army as an infantryman fresh out of high school, Matthew went on to study law, then worked at the Australian Tax Office where he specialised in the intelligence analysis of cyberthreats. It was here his passion for cybersecurity was ignited. He went on to join the Australian Federal Police Cybercrime Operations Portfolio where he worked on some of Australia’s most complex cybercrime investigations and prosecutions, also helping to develop the government’s cybersecurity policy.
"At around this time, I started becoming concerned at the scale, complexity and sophistication of the levels of cybercrime and cyber espionage I was witnessing," he tells The CEO Magazine. "I started discussing with my brother, who also worked within cybersecurity, how we might be able to do more to combat the impact of cyber against the Australian economy. We decided that there was a real need in the private sector to build a technical capability to connect government, industry, academia and small and medium-size enterprises in threat intelligence and network protection."
And so Cybermerc was born, with the brothers swiftly landing a series of AustCyber grants, which enabled them to reject all offers of investment in order to retain true sovereign ownership. They believed this would enable them to better serve Australia’s interests by providing a commercially scalable set of capabilities to complement and extend government initiatives, and its vision of ‘A National Cyber Partnership’ and ‘Strong Cyber Defences’ as laid out in its 2016 Cyber Security Strategy.
Convinced a whole-of-nation collaboration was the only means to address the volume and significance of cyberthreats, the pair embarked on years of development, which culminated in the creation of a national threat investigation and sharing platform entitled AUSHIELD DEFEND, as well as an affordable managed security service for SMEs – AUSHIELD PROTECT. "These two capabilities work together, allowing governments and large businesses to share information on new threats and build defences, and for those to bolster the defence of SMEs using PROTECT," Matthew explains.
Their efforts have proved to be well worth it, with the company already making a big mark on this complex digital landscape. Indeed, by the arrival of COVID-19 in 2020, the company had cemented its position amid an increasingly complex digital landscape. "COVID-19 sped everything up," Matthew reveals. "We found ourselves perfectly positioned, at the right time, to provide much-needed defensive capability against the raging torrent of cybercrime that accompanied COVID-19."
The pandemic is just one of a number of milestones that mark the company’s upward trajectory. "There have been some pretty significant moments," he reflects. "When we first started to see our SME clients light up on a dashboard, showing they were under attack by an attempted ransomware, and we were able to respond and quickly update the client against that attack, we knew that we were making a real difference; protecting businesses, schools and other Australians whose whole livelihoods depend on their business operations."
"We found ourselves perfectly positioned, at the right time, to provide much-needed defensive capability against the raging torrent of cybercrime that accompanied COVID-19."
Successfully working out how to quickly update defences to protect its customers against some of the newest cybercrime campaigns is another huge achievement for Cybermerc, according to Matthew. "My brother and I were in the public sector when the WannaCry Ransomware campaign ripped around the world. We remembered the great concern we and other cybersecurity professionals had, unable to determine just how much damage WannaCry was inflicting and to whom," he recalls. "Watching AUSHIELD working, leveraging the concept of the one protecting the many in collective defence, was a golden moment."
In the face of such challenges, innovation is an absolute necessity, with research and development at the forefront of everything Cybermerc is currently working on. "We are creating next-generation cybersecurity technologies, using behavioural analytics underpinned by artificial intelligence, to detect and defend against the very latest cyber attacks," Matthew explains.
"Cybermerc is using a number of ‘deception operations’ to remain at the forefront of cyber attacks. These involve the creation of virtual networks, fake websites and fake people, all of which serve to deceive malicious cyber attackers into revealing their capability and intent as they attack these resources and demonstrate their tradecraft."
Since founding the business, the brothers have been joined by a dynamic team that they encourage to take ownership of the projects they work on. "I hire amazing people, and then get out of the way," Matthew says. While many of them come from government and defence backgrounds, many do not – a mix that makes things interesting, in a good way. "Bringing people together with that diversity of background can be a challenge, but they all share a common interest in the mission of protecting Australia, and that mission unites and sustains them."
The company’s robust reputation is another driver of its success, with its focus firmly on building long-term relationships rather than short-term gains. It’s an approach that stems from a piece of advice Matthew once received: "If you want to go fast, go alone. If you want to go far, go together."
"We are known for always getting the job done, and for being honest and fair in our dealings with others," he points out. "That has proven to be a major strength; our partners know they can rely on us and, as a result, we have built collaborative relationships with SMEs all the way through to very large primes. Everything we do is about building relationships and trust."
For Matthew, the company’s achievements are a satisfying continuation of his life’s endeavours – protecting Australia’s interests. However, in contrast to the work in his former government roles, he feels he is now able to make more of an impact than ever. "There is no noise; no extraneous chatter and all work is done for a defined purpose. Everything is done quickly and the effect is almost immediate," he shares.
"We are the only company to have built a whole-of-nation capability connecting large business, government and academic clients together in a collective defence."
"At a certain point in government, my brother and I felt there was consensus of the need to build a collective defence, but there was no Australian company positioned to build it out commercially across industry and small business, so that’s what we did."
Now Cybermerc has succeeded in establishing itself as a vital industry player and yet remains "truly sovereign" in line with Matthew’s original vision, Matthew says proudly. "We are the only company to have built a whole-of-nation capability connecting large business, government and academic clients together in a collective defence. Having avoided taking investment, we have been able to both pursue commercial successes and do significant public good," he shares.
This has been evidenced through the company’s programs of training women in cyber, in partnership with the Australian Women in Security Network and the Australian Signals Directorate. "We also work closely with Indigenous providers to upskill Indigenous Australians in cybersecurity roles," he adds.
In the next 12–18 months, the company will focus primarily on extending AUSHIELD DEFEND and PROTECT across the Australian digital economy and across the Asia–Pacific region, further encouraging collaboration, even among commercial competitors, in the fight against cybercrime.