1
00:00:00,240 --> 00:00:03,279
Speaker 1: Welcome to Fear and Greed Sunday feature. I'm Michael Thompson.

2
00:00:03,680 --> 00:00:06,320
Speaker 1: Late in the week, news broke of a big cyber attack,

3
00:00:06,400 --> 00:00:09,560
Speaker 1: a data breach at computer company Dell, with the details

4
00:00:09,600 --> 00:00:13,480
Speaker 1: of tens of millions of customers allegedly stolen. It got

5
00:00:13,520 --> 00:00:16,640
Speaker 1: me thinking about the many interviews that we've done over

6
00:00:16,640 --> 00:00:19,720
Speaker 1: the last few years on cybersecurity, and one in particular

7
00:00:19,760 --> 00:00:23,280
Speaker 1: stands out from October twenty twenty two. It was with

8
00:00:23,360 --> 00:00:26,840
Speaker 1: two people, Darren Hopkins and Shane Bell, cyber partners at

9
00:00:26,920 --> 00:00:29,640
Speaker 1: mcgrah nickel Advisory, and Fear and Greed was doing some

10
00:00:29,680 --> 00:00:32,639
Speaker 1: work with them at the time. The reason this interview

11
00:00:32,680 --> 00:00:35,760
Speaker 1: stands out is not just because they really know their

12
00:00:35,760 --> 00:00:39,479
Speaker 1: stuff when it comes to cyber attacks ransomware, but because

13
00:00:39,479 --> 00:00:43,040
Speaker 1: the interview also contained some really chilling audio. It's a

14
00:00:43,120 --> 00:00:46,879
Speaker 1: recording of a ransom demand and it's completely not what

15
00:00:46,920 --> 00:00:51,280
Speaker 1: you'd expect, demonstrating that really it's not just a random

16
00:00:51,400 --> 00:00:55,400
Speaker 1: threat that you need to be mindful of for scammers

17
00:00:55,440 --> 00:00:58,600
Speaker 1: and hackers. It's business, and it's actually big business. This

18
00:00:58,640 --> 00:01:02,200
Speaker 1: is a terrific interview. Sean Almer, I hope you find

19
00:01:02,240 --> 00:01:06,959
Speaker 1: it just as fascinating as I did.

20
00:01:09,319 --> 00:01:12,160
Speaker 2: Welcome to the Fear and Greed Daily Interview. I'm Sean Almer.

21
00:01:12,520 --> 00:01:15,640
Speaker 2: In recent weeks, it feels like cybercrime and ransomware in

22
00:01:15,680 --> 00:01:19,360
Speaker 2: particular has really hit the headlines. Major attacks including Optus

23
00:01:19,440 --> 00:01:23,759
Speaker 2: and Medibank have shown how vulnerable even our biggest companies are.

24
00:01:23,920 --> 00:01:27,480
Speaker 2: The ransomware threat is growing at an alarming rate. New

25
00:01:27,520 --> 00:01:31,080
Speaker 2: research from mcgar nickel Advisory shows at almost seventy percent

26
00:01:31,120 --> 00:01:34,360
Speaker 2: of Australian businesses have suffered a ransomware attack in the

27
00:01:34,440 --> 00:01:37,319
Speaker 2: last five years. That's up sharply from last year's figure.

28
00:01:37,480 --> 00:01:41,000
Speaker 2: This morning, I'm talking to two partners at mcgrah nickel Advisory,

29
00:01:41,080 --> 00:01:43,800
Speaker 2: Darren Hopkins and Shane Bell, and they've also brought along

30
00:01:44,160 --> 00:01:47,000
Speaker 2: a little bit of audio which is of a criminal

31
00:01:47,480 --> 00:01:52,200
Speaker 2: asking a company to negotiate over the cyber hack that

32
00:01:52,280 --> 00:01:56,600
Speaker 2: that just occurred. It's really fascinating listening, Darren, Shane, Welcome

33
00:01:56,640 --> 00:02:00,400
Speaker 2: back to Fear and Greed. Thanks Sean. Thanks Sean. Let's

34
00:02:00,400 --> 00:02:03,200
Speaker 2: start with you. When we spoke last year, the number

35
00:02:03,200 --> 00:02:07,080
Speaker 2: of businesses that had experienced an attack was thirty one percent.

36
00:02:07,240 --> 00:02:10,920
Speaker 2: Now it's almost seventy percent, six huge growth. So what's

37
00:02:10,960 --> 00:02:14,600
Speaker 2: behind that increase for one of a better term, the boom.

38
00:02:14,639 --> 00:02:18,360
Speaker 3: Thanks Sean Well. I think there's a few different aspects

39
00:02:18,440 --> 00:02:23,119
Speaker 3: as to what's behind that. Firstly, I think Australia has

40
00:02:23,800 --> 00:02:28,240
Speaker 3: very much become an attractive marketplace for cyber criminals. We're

41
00:02:28,760 --> 00:02:30,640
Speaker 3: not as understated as we used to be, and so

42
00:02:30,639 --> 00:02:33,360
Speaker 3: there's money to be made down here, and I think

43
00:02:33,400 --> 00:02:36,799
Speaker 3: that the groups, the cyber crime groups have gotten onto that.

44
00:02:37,000 --> 00:02:39,280
Speaker 3: A second aspect I think is that there's just a

45
00:02:39,320 --> 00:02:43,440
Speaker 3: lot more vulnerabilities in the technology that we're using globally,

46
00:02:43,520 --> 00:02:46,920
Speaker 3: but certainly Australian businesses is susceptible to that. Feels like

47
00:02:46,960 --> 00:02:51,079
Speaker 3: every other day the tech companies and others are publishing

48
00:02:51,160 --> 00:02:53,840
Speaker 3: vulnerabilities that need to be patched, and so with an

49
00:02:53,840 --> 00:02:58,720
Speaker 3: increase in vulnerabilities increases the opportunity for an attack to

50
00:02:58,800 --> 00:03:01,960
Speaker 3: occur until that until that vulnerability is patched. And so

51
00:03:02,280 --> 00:03:05,320
Speaker 3: I think a combination of those things, as well as

52
00:03:05,320 --> 00:03:10,000
Speaker 3: a new entrance to the cyber crime landscape means that

53
00:03:10,240 --> 00:03:11,920
Speaker 3: the Australian businesses are feeling the brunt.

54
00:03:11,919 --> 00:03:14,880
Speaker 2: I'm afraid okay, Darren, let's bring you into it. Optus

55
00:03:14,960 --> 00:03:17,480
Speaker 2: and Many Bank are two very prominent examples in the

56
00:03:17,560 --> 00:03:20,760
Speaker 2: last month or so, we've also had the Nine Group,

57
00:03:20,800 --> 00:03:24,239
Speaker 2: We've had Woolworth through one of its subsidiaries. What does

58
00:03:24,280 --> 00:03:26,520
Speaker 2: this tell us? Basically, it seems like no one is

59
00:03:26,560 --> 00:03:30,520
Speaker 2: going to escape cyber crime, at least no one's immune.

60
00:03:30,840 --> 00:03:33,840
Speaker 4: That's correct. We've always said it's a matter of when,

61
00:03:34,040 --> 00:03:37,840
Speaker 4: not if, an incident happens for a company, and the

62
00:03:37,880 --> 00:03:41,280
Speaker 4: brands you've just mentioned are very large, and you'd expectable

63
00:03:41,320 --> 00:03:45,600
Speaker 4: to have good teams, good technology budgets to get good

64
00:03:45,640 --> 00:03:48,680
Speaker 4: systems in place, yet they've all been in the press

65
00:03:49,040 --> 00:03:51,640
Speaker 4: with their own issues. I guess what it does is

66
00:03:51,760 --> 00:03:55,440
Speaker 4: remind us that cybersecurity is something that every business has

67
00:03:55,480 --> 00:03:57,360
Speaker 4: to continually work on. It's not something you can set

68
00:03:57,360 --> 00:04:00,080
Speaker 4: and forget. And the other thing that we have to

69
00:04:00,080 --> 00:04:03,520
Speaker 4: be aware of it Sometimes you can't avoid an incident occurring.

70
00:04:03,560 --> 00:04:07,640
Speaker 4: And as Shane just mentioned, vulnerabilities, we're seeing at the moment,

71
00:04:07,720 --> 00:04:11,080
Speaker 4: some zero day vulnerabilities, which are issues that exist in

72
00:04:11,120 --> 00:04:14,120
Speaker 4: technology that haven't got a patch yet. So for a

73
00:04:14,160 --> 00:04:17,760
Speaker 4: while the businesses will just remain at risk until someone

74
00:04:17,800 --> 00:04:18,919
Speaker 4: finds a fix for that.

75
00:04:19,560 --> 00:04:21,920
Speaker 2: Okay, it just seems that businesses are paying renal. The

76
00:04:21,960 --> 00:04:25,320
Speaker 2: average ransom that businesses are paying is fairly consistent with

77
00:04:25,440 --> 00:04:28,320
Speaker 2: last year, just over a million dollars, but the amount

78
00:04:28,480 --> 00:04:32,560
Speaker 2: that companies are willing to pay has almost doubled. Why

79
00:04:32,600 --> 00:04:35,880
Speaker 2: is that, Sean, I think we've over the last year

80
00:04:35,960 --> 00:04:39,240
Speaker 2: gotten a lot more visibility as to the costs associated

81
00:04:39,240 --> 00:04:42,880
Speaker 2: with suffering a ransomware event. And historically, I think people

82
00:04:42,880 --> 00:04:46,039
Speaker 2: will have thought that the higher costs were you know,

83
00:04:46,160 --> 00:04:50,440
Speaker 2: legal costs, forensic costs, incident response costs, but actually the

84
00:04:50,480 --> 00:04:53,880
Speaker 2: greater costs are business interruption costs and some of the

85
00:04:53,920 --> 00:04:56,160
Speaker 2: reputational damage, which I think is hard to quantify.

86
00:04:56,320 --> 00:04:59,040
Speaker 3: And so I think the movement in what people are

87
00:04:59,040 --> 00:05:03,080
Speaker 3: willing to pay is a reflection of the value that

88
00:05:03,120 --> 00:05:06,160
Speaker 3: business has put on that cost, the business interruption cost

89
00:05:06,200 --> 00:05:08,400
Speaker 3: and the reputation cost. And so you're right, it's gone

90
00:05:08,480 --> 00:05:11,719
Speaker 3: from you know, six hundred thousand dollars or so that

91
00:05:11,760 --> 00:05:13,640
Speaker 3: people are willing to pay up to one point two

92
00:05:13,920 --> 00:05:16,840
Speaker 3: million dollars. And so I think that's just an indicator

93
00:05:16,839 --> 00:05:18,960
Speaker 3: for us as to what the price tag is for

94
00:05:19,040 --> 00:05:22,400
Speaker 3: businesses that are suffering this and they're potentially considering paying

95
00:05:22,400 --> 00:05:22,839
Speaker 3: the ransom.

96
00:05:23,720 --> 00:05:26,800
Speaker 2: It just seems that it's like an option of finding

97
00:05:26,880 --> 00:05:30,039
Speaker 2: the criminals as opposed to paying the ransom doesn't seem

98
00:05:30,040 --> 00:05:30,560
Speaker 2: to be an option.

99
00:05:31,880 --> 00:05:35,800
Speaker 3: Yeah, I think that's really difficult. I mean finding the criminals.

100
00:05:36,360 --> 00:05:39,800
Speaker 3: I think there's a lot that's required globally to sort

101
00:05:39,800 --> 00:05:43,960
Speaker 3: of get behind that and disrupt that cybercrime marketplace. And

102
00:05:44,040 --> 00:05:46,360
Speaker 3: I don't think it would be fair to say that

103
00:05:46,360 --> 00:05:49,560
Speaker 3: the global law enforcement agencies aren't working on that. But

104
00:05:49,640 --> 00:05:53,400
Speaker 3: I guess the immediacy of the situation for that organization

105
00:05:53,839 --> 00:05:57,120
Speaker 3: in that moment is a really telling to pay or

106
00:05:57,120 --> 00:05:59,760
Speaker 3: not to pay equation. And we know from the statistics

107
00:05:59,760 --> 00:06:02,880
Speaker 3: that's still eight out of ten businesses appear to be

108
00:06:02,880 --> 00:06:05,160
Speaker 3: paying the ransom, and so that's still quite high.

109
00:06:05,240 --> 00:06:08,000
Speaker 2: I think, yeah, And I mean, obviously that's attractive for

110
00:06:08,120 --> 00:06:11,440
Speaker 2: criminal elements because eighty percent of the time they're getting paid.

111
00:06:11,839 --> 00:06:14,520
Speaker 3: It's a self perpetuating economy, that's for sure.

112
00:06:14,960 --> 00:06:23,080
Speaker 2: Stay with me. We'll be back in a minute. I'm

113
00:06:23,120 --> 00:06:26,039
Speaker 2: talking to Darren Hopkins and Shane Bell, partners at mcgrad

114
00:06:26,120 --> 00:06:30,120
Speaker 2: Nickel Advisory. Darren, can you taught me through the timeline

115
00:06:30,160 --> 00:06:32,000
Speaker 2: of a ransomware attack? And once you do that, we're

116
00:06:32,000 --> 00:06:33,920
Speaker 2: just going to play a little bit of audio, which

117
00:06:33,960 --> 00:06:36,600
Speaker 2: is a voicemail left on an executive's phone by a

118
00:06:36,680 --> 00:06:39,800
Speaker 2: ransomware group and not the voice you'd expect. Really, But

119
00:06:39,920 --> 00:06:42,280
Speaker 2: first off, Daran, just take me up until the time

120
00:06:42,680 --> 00:06:47,080
Speaker 2: what normally happens up until the time the phone call arrives.

121
00:06:47,640 --> 00:06:50,200
Speaker 4: We could probably have a whole podcast just on this

122
00:06:50,279 --> 00:06:53,560
Speaker 4: one question. I think if I think back to I

123
00:06:53,600 --> 00:06:57,720
Speaker 4: guess the average ransomware or extortion event that we tend

124
00:06:57,720 --> 00:07:01,039
Speaker 4: to deal with. Often these things start well before the

125
00:07:01,080 --> 00:07:03,440
Speaker 4: group that you're dealing with within your network, and they

126
00:07:03,440 --> 00:07:05,680
Speaker 4: may actually start with a broker. And what a broker

127
00:07:05,760 --> 00:07:08,240
Speaker 4: is is a group that will be the one that

128
00:07:08,240 --> 00:07:11,080
Speaker 4: finds a way to get into your network and find

129
00:07:11,360 --> 00:07:13,920
Speaker 4: the user account, so the credentials that they will then

130
00:07:14,040 --> 00:07:16,480
Speaker 4: use to actually get in and that's actually part of

131
00:07:16,520 --> 00:07:20,200
Speaker 4: this life cycle. They will pull together you and the

132
00:07:20,200 --> 00:07:22,440
Speaker 4: credentials to get into your network, and then they'll sell

133
00:07:22,440 --> 00:07:24,960
Speaker 4: that on the darknet to another group, and then we

134
00:07:25,080 --> 00:07:27,240
Speaker 4: get an organized crime group which will likely be the

135
00:07:27,240 --> 00:07:29,360
Speaker 4: ones that will do the extortion or the ransomware, and

136
00:07:29,360 --> 00:07:32,280
Speaker 4: then they'll start their part, which is gaining access to

137
00:07:32,320 --> 00:07:34,360
Speaker 4: your system. One of the first things they try to

138
00:07:34,360 --> 00:07:37,840
Speaker 4: do is get your data, expl trade information that's going

139
00:07:37,880 --> 00:07:40,920
Speaker 4: to be of value, because ultimately that's what you're being

140
00:07:40,920 --> 00:07:44,200
Speaker 4: extorted against. They will also try to be persistent, which

141
00:07:44,200 --> 00:07:46,040
Speaker 4: means that they can come and go into your network

142
00:07:46,040 --> 00:07:49,120
Speaker 4: as they see fit, get some more credentials and more

143
00:07:49,160 --> 00:07:52,440
Speaker 4: accounts so that they've got access in there. And generally

144
00:07:52,480 --> 00:07:54,880
Speaker 4: the last thing that would happen is that you'd find

145
00:07:54,920 --> 00:07:57,280
Speaker 4: out that there's been someone in your network, and then

146
00:07:57,320 --> 00:08:00,119
Speaker 4: that could be either a ransom note, it could be

147
00:08:00,160 --> 00:08:03,000
Speaker 4: a text message to an individual, an email, or a

148
00:08:03,120 --> 00:08:06,679
Speaker 4: voice message left on someone's phone, or worst case scenario,

149
00:08:06,800 --> 00:08:09,120
Speaker 4: it could be that your whole network is encrypted and

150
00:08:09,120 --> 00:08:11,040
Speaker 4: then everything goes offline and then you've got to go

151
00:08:11,120 --> 00:08:13,040
Speaker 4: and deal with that. And that leads to I guess

152
00:08:13,080 --> 00:08:15,800
Speaker 4: to that particular voice message, which was which from a

153
00:08:15,880 --> 00:08:18,000
Speaker 4: job that we had actually worked on, and it was

154
00:08:18,040 --> 00:08:22,120
Speaker 4: interesting to see that mechanism for letting someone know, let's here.

155
00:08:25,160 --> 00:08:28,120
Speaker 5: Bread. Hi, my name is Melissam. I'm calling you from

156
00:08:28,240 --> 00:08:32,679
Speaker 5: Quantum Group. As I understand to you right now or

157
00:08:32,720 --> 00:08:36,040
Speaker 5: your management are trying to figure out what happened with

158
00:08:36,280 --> 00:08:41,760
Speaker 5: your infrastructure, I will explain that for it now, forty

159
00:08:41,760 --> 00:08:48,719
Speaker 5: five servers are encrypted and or for soundand sorry, four

160
00:08:48,840 --> 00:08:54,280
Speaker 5: hundred sixty four work computers are also encrypted and more

161
00:08:54,320 --> 00:08:58,240
Speaker 5: than five hundred year bytes of private and internal data

162
00:08:58,280 --> 00:09:04,160
Speaker 5: of your company has been stolen. So my recommendations to

163
00:09:04,240 --> 00:09:08,720
Speaker 5: come for negotiation and you should do this it nearest

164
00:09:08,760 --> 00:09:14,040
Speaker 5: time you have so less time to come from negotiation.

165
00:09:14,720 --> 00:09:19,960
Speaker 5: On the en computers or laptops, you will find the

166
00:09:20,080 --> 00:09:23,800
Speaker 5: information how to get in our chat room. So we

167
00:09:23,880 --> 00:09:28,480
Speaker 5: are waiting for your management. So please take this message

168
00:09:28,520 --> 00:09:32,560
Speaker 5: and in the form because for it now as I see,

169
00:09:34,240 --> 00:09:39,360
Speaker 5: no one phone is working on your website. So understand

170
00:09:40,360 --> 00:09:45,080
Speaker 5: right now you have a big problems and the best

171
00:09:45,120 --> 00:09:48,120
Speaker 5: way how to resolve these issues to come for negotiation.

172
00:09:48,360 --> 00:09:50,760
Speaker 5: We are waiting. Thank you, Darren.

173
00:09:50,760 --> 00:09:51,520
Speaker 2: It's pretty chilling.

174
00:09:51,920 --> 00:09:55,559
Speaker 4: It's pretty direct, isn't it. And you know Melissa has

175
00:09:55,880 --> 00:09:58,679
Speaker 4: quite clearly said that she's there to help and all

176
00:09:58,679 --> 00:10:01,040
Speaker 4: you need to do is to contact through your chat

177
00:10:01,080 --> 00:10:04,480
Speaker 4: room and negotiate. And I guess it's something we're not

178
00:10:04,600 --> 00:10:06,760
Speaker 4: used to, which is a human element to what we're

179
00:10:06,760 --> 00:10:09,640
Speaker 4: dealing with, which is a cybercrime, and we are just

180
00:10:09,679 --> 00:10:10,760
Speaker 4: dealing with people.

181
00:10:10,840 --> 00:10:13,120
Speaker 2: Shane bringing you into it. I mean, your study shows

182
00:10:13,120 --> 00:10:16,400
Speaker 2: that negotiation is now less likely to have taken place

183
00:10:16,480 --> 00:10:18,319
Speaker 2: than in the instance we just heard where the woman

184
00:10:18,559 --> 00:10:24,120
Speaker 2: wanted to negotiate. Why is negotiation happening less? Doesn't it work?

185
00:10:24,760 --> 00:10:24,960
Speaker 5: Yeah?

186
00:10:25,000 --> 00:10:27,280
Speaker 3: I think there's a few factors to this, Sean. I

187
00:10:27,320 --> 00:10:32,520
Speaker 3: think the first is people make the decision pretty early

188
00:10:32,840 --> 00:10:36,640
Speaker 3: now to negotiate or not to negotiate. I mean, there's

189
00:10:36,679 --> 00:10:39,680
Speaker 3: a few reasons why you might negotiate, not necessarily because

190
00:10:40,080 --> 00:10:41,880
Speaker 3: you want to pay the ransom, because if you enter

191
00:10:41,920 --> 00:10:45,480
Speaker 3: into that negotiation, you can get a bit of intelligence

192
00:10:45,480 --> 00:10:48,680
Speaker 3: yourself about the information that may have been stolen or

193
00:10:48,679 --> 00:10:51,600
Speaker 3: the way that that group got access to your environment.

194
00:10:51,679 --> 00:10:53,760
Speaker 3: So there can be some valuable pieces of information that

195
00:10:53,800 --> 00:10:56,400
Speaker 3: come from that. But I think the decision as to

196
00:10:56,440 --> 00:11:00,120
Speaker 3: whether the negotiate or not is made pretty quickly. I

197
00:11:00,160 --> 00:11:04,640
Speaker 3: think the other contributing factor is that on the cyber

198
00:11:04,880 --> 00:11:09,440
Speaker 3: crime side of things, some of the demands are actually

199
00:11:10,040 --> 00:11:12,959
Speaker 3: considered reasonable, if I put it that way. So I mean,

200
00:11:13,320 --> 00:11:16,720
Speaker 3: on big, sophisticated and significant events, I think the ransom

201
00:11:16,720 --> 00:11:20,440
Speaker 3: will be quite high and a negotiation might get it down.

202
00:11:20,520 --> 00:11:23,400
Speaker 3: But for some of the other ransomware events that we see,

203
00:11:23,600 --> 00:11:26,000
Speaker 3: the ask isn't actually that high, and so that decision

204
00:11:26,040 --> 00:11:27,800
Speaker 3: to pay or not to pay might actually be a

205
00:11:27,800 --> 00:11:30,920
Speaker 3: pretty pretty quick decision for people to make. So I

206
00:11:30,920 --> 00:11:33,600
Speaker 3: think all of that contributes to the statistics that we're

207
00:11:33,600 --> 00:11:37,520
Speaker 3: seeing around the propensity for organizations to enter into the negotiation.

208
00:11:38,040 --> 00:11:40,000
Speaker 2: But can you trust the person you pay? Even if

209
00:11:40,000 --> 00:11:42,240
Speaker 2: it's ten thousand dollars or twenty thousand dollars? Then you think,

210
00:11:42,240 --> 00:11:43,920
Speaker 2: as a cost of business, I need to do this.

211
00:11:44,640 --> 00:11:46,920
Speaker 2: Can you trust the person who stole your data?

212
00:11:47,360 --> 00:11:50,960
Speaker 3: I think that's really difficult. My personal answer to that question,

213
00:11:51,000 --> 00:11:56,280
Speaker 3: Sean is no. But I think people rationalize that decision differently,

214
00:11:56,640 --> 00:12:01,480
Speaker 3: And certainly there is thread intel eigence that's available now

215
00:12:01,559 --> 00:12:05,800
Speaker 3: that talks to I guess how reliable some of these

216
00:12:05,920 --> 00:12:09,920
Speaker 3: cybercrime groups are at sticking to their word. If you

217
00:12:10,040 --> 00:12:12,720
Speaker 3: pay me some money, I'll delete the data. I won't

218
00:12:12,720 --> 00:12:16,600
Speaker 3: publish it or sell it on marketplaces. And so I guess,

219
00:12:16,920 --> 00:12:19,000
Speaker 3: with a grain of salt, you can maybe believe that.

220
00:12:19,040 --> 00:12:21,079
Speaker 3: But my personal view would be, I mean, you're dealing

221
00:12:21,080 --> 00:12:24,480
Speaker 3: with a criminal, right, so I think that trusting what

222
00:12:24,520 --> 00:12:27,120
Speaker 3: they're saying would be pretty difficult in my view.

223
00:12:27,400 --> 00:12:29,560
Speaker 2: And do I mean when they pay the money? Let's

224
00:12:29,559 --> 00:12:31,560
Speaker 2: sad is ten thousand dollars, Do they know where it goes?

225
00:12:31,640 --> 00:12:33,880
Speaker 2: Is it bitcoin? How do they pay it?

226
00:12:33,880 --> 00:12:36,040
Speaker 3: It is paid via crypto. One of the things that

227
00:12:36,080 --> 00:12:38,440
Speaker 3: we have seen that's a little different in the current

228
00:12:38,520 --> 00:12:41,720
Speaker 3: landscape is that the ask is now at the moment

229
00:12:42,120 --> 00:12:45,920
Speaker 3: a dollar figure rather than a crypto.

230
00:12:46,080 --> 00:12:48,079
Speaker 2: Inflation is killing the hackers.

231
00:12:48,200 --> 00:12:51,280
Speaker 3: Maybe inflation's getting in there. Maybe the volatility of the

232
00:12:51,800 --> 00:12:56,120
Speaker 3: crypto market is something that these cybercrimes groups aren't willing

233
00:12:56,160 --> 00:12:58,960
Speaker 3: to ride the wave of. So the ass will be

234
00:12:58,960 --> 00:13:01,720
Speaker 3: a dollar figure and then it'll be sort of calculated

235
00:13:01,760 --> 00:13:04,280
Speaker 3: at the time that there's an agreement to pay. But

236
00:13:04,400 --> 00:13:07,559
Speaker 3: still crypto is the chosen currency of Joyce.

237
00:13:08,080 --> 00:13:10,640
Speaker 2: Okay, what about Darren? What about insurance? In all this

238
00:13:11,080 --> 00:13:14,040
Speaker 2: the insurance play a role absolutely.

239
00:13:14,240 --> 00:13:16,480
Speaker 4: If you've got cyber insurance, there's a few things that

240
00:13:16,520 --> 00:13:20,080
Speaker 4: you're actually seeking coverage on. The first one is help

241
00:13:20,240 --> 00:13:22,720
Speaker 4: in the event that you have an incident, and in

242
00:13:22,760 --> 00:13:26,760
Speaker 4: an insurance policy in this space gives you access to experts.

243
00:13:27,040 --> 00:13:29,800
Speaker 4: It gives you access to lawyers who are skilled at

244
00:13:30,120 --> 00:13:33,599
Speaker 4: dealing with these issues, digital forensic and incident responders like

245
00:13:34,040 --> 00:13:36,520
Speaker 4: Channing myself to bring a team in there and help

246
00:13:36,559 --> 00:13:39,880
Speaker 4: you respond to the issue. You know, maybe communication experts

247
00:13:39,920 --> 00:13:42,480
Speaker 4: to help you with those comms pieces when something's gone wrong.

248
00:13:42,559 --> 00:13:45,080
Speaker 4: So in the first instance, you get access to big

249
00:13:45,120 --> 00:13:47,960
Speaker 4: teams to help you get through this quickly. And at

250
00:13:47,960 --> 00:13:51,400
Speaker 4: the same time, you're also getting coverage for your loss

251
00:13:51,840 --> 00:13:54,040
Speaker 4: to a degree. So you know, you've got we mentioned

252
00:13:54,080 --> 00:13:56,160
Speaker 4: before the amount of interruption that occurs in one of

253
00:13:56,200 --> 00:13:59,240
Speaker 4: these events, and that is covered as well. And in

254
00:13:59,280 --> 00:14:02,520
Speaker 4: some cases, if you're making a ransom payment, that's covered.

255
00:14:02,679 --> 00:14:05,840
Speaker 4: So you know, the insurer has a lot of areas

256
00:14:05,840 --> 00:14:06,719
Speaker 4: that they support you on.

257
00:14:07,520 --> 00:14:10,319
Speaker 2: Okay, I mean you mentioned the public relations exercise. There,

258
00:14:10,480 --> 00:14:13,240
Speaker 2: is it a good idea to come out quickly, as

259
00:14:13,679 --> 00:14:17,360
Speaker 2: arguably Optis did, or do you perhaps wait a few

260
00:14:17,400 --> 00:14:19,080
Speaker 2: days because you're not really sure what's going on. I mean,

261
00:14:19,120 --> 00:14:20,520
Speaker 2: you've been in a rock and a hard place there

262
00:14:20,480 --> 00:14:22,440
Speaker 2: and many bank came out was criticized for coming out

263
00:14:22,440 --> 00:14:24,120
Speaker 2: too late. But at the end of the day, you're

264
00:14:24,120 --> 00:14:25,400
Speaker 2: probably not sure what's going on there.

265
00:14:26,560 --> 00:14:28,920
Speaker 4: And this is something that in this last month I

266
00:14:28,960 --> 00:14:32,280
Speaker 4: think has been debated and is changing the way many

267
00:14:32,320 --> 00:14:35,080
Speaker 4: businesses would approach how they communicate. In one of the instances,

268
00:14:35,680 --> 00:14:38,080
Speaker 4: the expectation I think is that you come out quickly,

269
00:14:38,320 --> 00:14:41,400
Speaker 4: and you're very honest and open in that communication. At

270
00:14:41,400 --> 00:14:44,840
Speaker 4: the same time, one thing that you've never really wanted

271
00:14:44,920 --> 00:14:47,800
Speaker 4: to do is is tell people that maybe we've lost

272
00:14:47,800 --> 00:14:49,800
Speaker 4: your identity when you don't know if that's the case,

273
00:14:49,800 --> 00:14:53,000
Speaker 4: because that can actually be causing them harm psychological harm

274
00:14:53,040 --> 00:14:55,400
Speaker 4: in the instance that they think that they're now at risk.

275
00:14:55,600 --> 00:14:58,720
Speaker 4: So getting that balance is really hard. I think at

276
00:14:58,720 --> 00:15:00,600
Speaker 4: this point you've got to come out early and to

277
00:15:00,600 --> 00:15:03,880
Speaker 4: say something and say it in a way that is honest,

278
00:15:04,040 --> 00:15:05,960
Speaker 4: and in some cases you just have to say, look,

279
00:15:05,960 --> 00:15:08,400
Speaker 4: we just don't know yet. But what we want to

280
00:15:08,440 --> 00:15:10,320
Speaker 4: do is tell you what we do know. And that's

281
00:15:10,680 --> 00:15:12,560
Speaker 4: something that I think we're all sort of coming to

282
00:15:12,600 --> 00:15:13,480
Speaker 4: grips with at the moment.

283
00:15:14,280 --> 00:15:17,400
Speaker 2: Okay, Shane, presumably everyone is at risk now. I mean

284
00:15:17,440 --> 00:15:20,680
Speaker 2: I would think the banks and retailers and people have

285
00:15:20,800 --> 00:15:23,440
Speaker 2: huge amounts of data would be more likely to be

286
00:15:23,480 --> 00:15:25,840
Speaker 2: at risk. But is that not true?

287
00:15:26,560 --> 00:15:26,760
Speaker 5: Yeah?

288
00:15:26,960 --> 00:15:30,520
Speaker 3: I think unfortunately, Sean, if you're connected to the Internet,

289
00:15:30,640 --> 00:15:31,280
Speaker 3: you're at risk.

290
00:15:31,440 --> 00:15:31,600
Speaker 1: Now.

291
00:15:31,680 --> 00:15:35,480
Speaker 3: I think there's obviously degrees of risk. We talk about

292
00:15:35,520 --> 00:15:41,120
Speaker 3: that in the cybersphere as confidentiality and integrity and availability.

293
00:15:41,280 --> 00:15:43,560
Speaker 3: So if you have a large amount of data that's

294
00:15:43,600 --> 00:15:47,200
Speaker 3: confidential in nature, then that will probably increase your risk profile.

295
00:15:47,440 --> 00:15:52,160
Speaker 3: And that's someone like the optus scenario integrity. So if

296
00:15:52,200 --> 00:15:56,080
Speaker 3: you've got data that the accuracy of that information is

297
00:15:56,160 --> 00:15:58,720
Speaker 3: really quite critical, then that can put you at risk

298
00:15:58,760 --> 00:16:00,920
Speaker 3: as well, not necessarily the lume of that data, but

299
00:16:01,280 --> 00:16:04,800
Speaker 3: the accuracy and availability. That becomes less about a data

300
00:16:04,880 --> 00:16:08,600
Speaker 3: risk and more about system availability and those types of things.

301
00:16:08,680 --> 00:16:11,880
Speaker 3: So I think there's ways that you can calculate what

302
00:16:11,960 --> 00:16:16,280
Speaker 3: your cyber threat risk profile might be. But at a

303
00:16:16,320 --> 00:16:19,840
Speaker 3: base level, if you have a digital supply chain and

304
00:16:19,840 --> 00:16:21,720
Speaker 3: you're connected to the Internet, then you're in play.

305
00:16:22,440 --> 00:16:25,400
Speaker 2: Okay, Darren, final question, what should a company be doing

306
00:16:25,520 --> 00:16:28,800
Speaker 2: right now to prepare for the risk of cyber hacking

307
00:16:29,160 --> 00:16:29,920
Speaker 2: or ransomware?

308
00:16:30,920 --> 00:16:33,840
Speaker 4: Well, as I said, expect it will happen. So the

309
00:16:33,880 --> 00:16:35,960
Speaker 4: first thing you should be doing is actually having a

310
00:16:35,960 --> 00:16:41,160
Speaker 4: plan to respond to these incidents. Building resilience to cyber

311
00:16:41,240 --> 00:16:43,960
Speaker 4: takes some time, but you can absolutely have a plan

312
00:16:44,000 --> 00:16:45,720
Speaker 4: and know how to respond. And the one thing that

313
00:16:45,720 --> 00:16:48,320
Speaker 4: we would encourage all businesses to sort of think about

314
00:16:48,440 --> 00:16:50,880
Speaker 4: is make sure the basics are still in play, like

315
00:16:51,000 --> 00:16:53,440
Speaker 4: do you have backups and could you respond to an

316
00:16:53,440 --> 00:16:56,320
Speaker 4: event if it occurred. You just don't want to be

317
00:16:56,360 --> 00:16:58,720
Speaker 4: left in the situation where you only have one outcome,

318
00:16:58,800 --> 00:17:01,800
Speaker 4: which is possibly having to deal with and pay a

319
00:17:01,840 --> 00:17:03,560
Speaker 4: threat actor group for what they've done.

320
00:17:03,840 --> 00:17:06,280
Speaker 2: Darren Shane, thank you for talking to Fear and Greed.

321
00:17:06,520 --> 00:17:08,080
Speaker 4: Thanks Sean, Thanks Sean.

322
00:17:08,320 --> 00:17:10,760
Speaker 2: That was Darren Hopkins and Shane Bell, cyber partners at

323
00:17:10,800 --> 00:17:14,119
Speaker 2: mcgrah and Nicol Advisory and supporters of this podcast. This

324
00:17:14,280 --> 00:17:16,359
Speaker 2: is the Fear and Greed Daily Interview. Join us every

325
00:17:16,359 --> 00:17:18,800
Speaker 2: morning for the full episode of Fear and Greed, Australia's

326
00:17:18,840 --> 00:17:22,320
Speaker 2: most popular business podcast. I'm Sean Elmer. Enjoy your day.