Southern Cross Media engages CISO-as-a-service

Southern Cross Media Group - owner of the Triple M and Hit radio network brands - has taken up a 'CISO-as-a-service' offering from Telstra Purple.

The company said today [pdf] that it had appointed Telstra Purple in February this year “to provide an outsourced chief information security officer (CISO) service.”

“This arrangement is helping us to strengthen our processes and controls to protect our systems and confidential data,” the company said.

“The CISO will continue to test and refine our systems and processes to ensure SCA [the group] is on top of emerging cyber threats.”

The company said that Telstra Purple is also assisting an “independent review” of the media group’s information security management system, which is described as “underway”.

“As part of the comprehensive review, several significant work packages will be executed, including business impact analysis, information risk management framework, asset discovery, threat assessment, risk assessment and current controls assessment,” the company said.

“This review will result in an updated information security risk register, comprehensive IT asset registers, and cyber security controls gap assessment, which will inform the benchmarking of our cyber security controls and prioritise areas for future improvement and investment.”

Southern Cross Media Group was impacted by two data breaches involving third-party suppliers in the last financial year.

The first incident involved its “preferred direct marketing platform” and resulted in “subscriber email addresses” being compromised.

The incident appeared to be enough to trigger a platform switch: the company said it has now “selected a replacement direct marketing platform, which will go live in the second half of 2022.”

The second incident, in January this year, saw “personal details of a small number of Triple M club members” exposed via a third-party survey link in an email.