The speed of modern cyber attacks means that the time to address your security is now, not later. Once a breach occurs, the resulting financial and reputational damage can become irreversible, as the cautionary tale of the Australian hedge fund Levitas Capital demonstrates. This case serves as a sharp reminder that inadequate cyber security is not just a risk; it can be an existential threat to your organisation.
The Problem: Irreversible Consequences of a Simple Click
In 2020, Levitas Capital, an Australian hedge fund managing approximately $75 million in assets at the time, was forced to close its doors after a sophisticated phishing attack.
The attack, a form of Business Email Compromise (BEC), began when a co-founder clicked on a fraudulent email appearing to be a Zoom meeting invitation. This action installed malware on the corporate network, granting attackers access to the firm’s email system.
The cyber criminals then used this access to orchestrate a series of fraudulent transfers:
- They sent multiple fake invoices totalling nearly $8.7 million to the fund’s trustee and administrator.
- The attackers mimicked the co-founder’s email, authorising the fraudulent wire transfers.
- While most of the funds were recovered, approximately $800,000 was successfully withdrawn by the cyber criminals.
The most severe consequence was not the financial loss, but the irreparable damage to trust:
- Levitas Capital’s largest institutional client withdrew its investment and cancelled a planned $16 million capital injection.
- The loss of the major client and subsequent reputational harm ultimately forced the hedge fund to shut down its operations.
The Levitas Capital incident is a potent example of how a failure to address cyber security promptly can lead to a consequence that is impossible to reverse: the complete closure of a business.
The Stakes are Higher Than Ever
Cyber attacks are increasing in sophistication and volume. Businesses of all sizes, from start-ups to large corporations, are now facing pressure to comply with robust security standards such as ISO 27001 and SOC 2. This is not just a regulatory hurdle; it is a fundamental requirement for building trust with clients, partners, and investors.
The founder of Vertex, Martin Boyd, established the company after recognising the lack of quality cyber protection available to technology, small, and medium businesses. The challenge for many organisations is that implementing effective cyber security is complex, with many options and a risk of engaging with firms that prioritise profit over quality protection.
Some providers, for example, incorrectly promise rapid certification for compliance standards like ISO 27001 or SOC 2 in as little as eight weeks. This speed often sacrifices quality, offering what can be described as “cyber lipstick” – a surface-level compliance that leaves the underlying security posture vulnerable. A correctly implemented information security management system (ISMS) often requires a minimum practical timeframe of around twelve weeks, as it involves comprehensive steps like risk assessment, control implementation, staff training, and thorough internal audits.
The Vertex Approach: Quality, Expertise, and Custom Solutions
Vertex Cyber Security was founded on the mission to provide exceptional cyber security for everyone. Our belief is that “average” or “good enough” security is insufficient against contemporary cyber threats.
For over ten years, Vertex has been delivering high-quality cyber security services to hundreds of businesses, including clients in the financial sector, technology organisations, and ASX-listed companies. Our expertise is built on a team of Cyber Security Experts and Penetration Testers with decades of collective experience in solving complex security problems for some of the world’s largest companies.
We use a combination of expert services and scalable proprietary platforms to deliver quality and affordable security:
- Security Assessments and Penetration Testing: Our experts perform ethical hacking to identify vulnerabilities in systems, networks, websites, and applications, with a retest to confirm fixes are effective.
- Compliance and Certifications: We guide clients through the process of aligning with international standards like ISO 27001 and NIST frameworks, ensuring controls are effective and genuinely suited to your business, not just documented.
- Employee Training and Awareness: We offer online and face-to-face training programmes to help your employees become a strong line of defence against threats like phishing and Business Email Compromise. Our Core platform provides online Cyber Security Employee Awareness Training.
- Managed Services: We offer tailored monthly packages that can include security maintenance, monitoring, and ongoing security advice to keep your posture strong and align with security objectives.
The Levitas Capital case illustrates that cyber security is not a task you can defer. The consequences of a breach can be immediate, devastating, and irreversible. Focus on genuine, high-quality protection over quick compliance fixes.
Contact Vertex Today
If you are considering implementing or improving your cyber security controls, need guidance on ISO 27001 or SOC 2 compliance, or have concerns about your current security posture, please contact the expert team at Vertex. We can provide tailored solutions that prioritise genuine, high-quality protection for your business.
You can visit the Vertex website at https://www.vertexcybersecurity.com.au or email us at to discuss how we can help your organisation.