Toll Group unveils year-long 'accelerated' cyber resilience program

Toll Group is taking its first major action since recovering from two devastating ransomware attacks, kicking off a one year “accelerated cyber resilience program” run by a rebuilt security team across two countries.

The logistics giant unveiled the first details of the expansive program of work on Wednesday night, including plans to recruit an undisclosed number of new roles into its cybersecurity team.

“Toll has embarked on an accelerated cyber resilience program and we are working closely with world class cyber experts to drive large-scale projects across key pillars, such as identity and access management, security architecture, security risk management, and many more,” Toll Group’s global head of data Diana Peh said.

“We are growing our cybersecurity team, and will be recruiting for a variety of roles in the coming months that will be based here in Australia and in Pune, India.”

The first stage of the recruitment drive sees Toll in the market for a new ‘global head of IT security operations’, based in Melbourne.

This role has responsibility to “set the cybersecurity vision and strategy by establishing operational foundations and defining metrics to drive governance, quality and efficiency.”

It also has direct “ownership and accountability for incident management, vulnerability management and threat intelligence”, and for building, developing and leading “an empowered high-performing cyber security team while promoting an outcome-based delivery model.”

Peh said the global head of IT security operations is “a new and vital role in our security leadership team”.

“We are looking for an energetic and resilient change leader who has experience leading security operation centres, and who can collaborate and partner with others to drive change,” she said.

“This is a great opportunity to lead change at the time when cybersecurity is the key focus for governments and business.”

The “accelerated cyber resilience program” and security team rebuild comes after Toll Group was hit by two ransomware attacks in the first six months of 2020.

It was first hit by a “targeted ransomware attack” at the end of January, with attackers using a variant of the Mailto malware.

It took more than six weeks for the company to rebuild its IT environment and fully restore services.

However, the company then experienced a second ransomware attack in early May, this time via a type of malware called Nefilim.

Though it had been initially confident of a quick recovery, the Nefilim attack turned out to be similarly devastating, with systems offline for weeks and this time also a large amount of corporate data stolen and progressively leaked onto the dark web.

Between the two attacks, Toll Group also underwent an IT leadership reshuffle.

Its new CIO, King Lee, said late Wednesday that Toll IT had an important purpose both for internal operations as well as to support Toll’s customers.

“Information Technology at Toll is not just about supporting internal IT needs - the same team is also responsible for building services supporting our customers globally,” Lee said.

“The world has totally changed from the beginning of 2020. We are adapting well in the current remote working environment, but we need to think further and move faster to create a better future that's exciting, innovative and safe. 

“Toll IT plays a critical role in that transformation.”