1 00:00:04,110 --> 00:00:07,470 Sean Aylmer: Welcome to the Fear and Greed Daily Interview, I'm Sean Aylmer. In 2 00:00:07,470 --> 00:00:10,409 Sean Aylmer: recent weeks, it feels like cyber crime and ransomware in 3 00:00:10,410 --> 00:00:14,160 Sean Aylmer: particular has really hit the headlines. Major attacks, including Optus 4 00:00:14,160 --> 00:00:18,149 Sean Aylmer: and Medibank have shown how vulnerable even our biggest companies 5 00:00:18,150 --> 00:00:21,720 Sean Aylmer: are. The ransomware threat is growing at an alarming rate. 6 00:00:22,050 --> 00:00:25,890 Sean Aylmer: New research from McGraw Nickel Advisory shows that almost 70% 7 00:00:25,890 --> 00:00:29,130 Sean Aylmer: of Australian businesses have suffered a ransomware attack in the 8 00:00:29,130 --> 00:00:32,070 Sean Aylmer: last five years. That's up sharply from last year's figure. 9 00:00:32,309 --> 00:00:35,279 Sean Aylmer: This morning I'm talking to two partners at McGraw Nickel 10 00:00:35,279 --> 00:00:38,250 Sean Aylmer: Advisory, Darren Hopkins and Shane Bell, and they've also brought 11 00:00:38,250 --> 00:00:41,220 Sean Aylmer: along a little bit of audio, which is of a 12 00:00:41,220 --> 00:00:46,889 Sean Aylmer: criminal asking a company to negotiate over the cyber hack 13 00:00:46,889 --> 00:00:51,358 Sean Aylmer: that just occurred. It's really fascinating listening. Darren, Shane, welcome 14 00:00:51,360 --> 00:00:52,350 Sean Aylmer: back to Fear and Greed. 15 00:00:53,730 --> 00:00:53,941 Shane Bell: Thanks, Sean. 16 00:00:53,941 --> 00:00:54,181 Darren Hopkins: Thanks, Sean. 17 00:00:54,570 --> 00:00:57,570 Sean Aylmer: Shane, let's start with you. When we spoke last year, 18 00:00:57,570 --> 00:01:00,990 Sean Aylmer: the number of businesses that had experienced an attack was 19 00:01:00,990 --> 00:01:06,030 Sean Aylmer: 31%. Now it's almost 70%, 69%. Huge growth. So what's behind 20 00:01:06,030 --> 00:01:08,940 Sean Aylmer: that increase for, whatever better term, the boom? 21 00:01:09,360 --> 00:01:13,288 Shane Bell: Thanks, Sean. Well, I think there's a few different aspects 22 00:01:13,290 --> 00:01:18,030 Shane Bell: as to what's behind that. Firstly, I think Australia has 23 00:01:18,480 --> 00:01:23,309 Shane Bell: very much become an attractive marketplace for cyber criminals. We're 24 00:01:23,400 --> 00:01:25,469 Shane Bell: not as understated as we used to be, and so 25 00:01:25,469 --> 00:01:28,139 Shane Bell: there's money to be made down here and I think 26 00:01:28,139 --> 00:01:31,890 Shane Bell: that the cyber crime groups have caught onto that. A 27 00:01:31,890 --> 00:01:35,370 Shane Bell: second aspect I think, is that there's just a lot more vulnerabilities 28 00:01:35,370 --> 00:01:38,849 Shane Bell: in the technology that we are using globally, but certainly 29 00:01:38,849 --> 00:01:42,149 Shane Bell: Australian businesses are susceptible to that. Feels like every other 30 00:01:42,150 --> 00:01:46,830 Shane Bell: day the tech companies and others are publishing vulnerabilities that 31 00:01:46,830 --> 00:01:49,110 Shane Bell: need to be patched. And so with an increase in 32 00:01:49,110 --> 00:01:54,360 Shane Bell: vulnerabilities, increases the opportunity for an attack to occur until 33 00:01:54,990 --> 00:01:58,800 Shane Bell: that vulnerability is patched. And so I think a combination 34 00:01:58,800 --> 00:02:01,530 Shane Bell: of those things as well as new entrance to the 35 00:02:01,620 --> 00:02:06,330 Shane Bell: cyber crime landscape means that the Australian businesses are feeling 36 00:02:06,330 --> 00:02:07,230 Shane Bell: the brunt, I'm afraid. 37 00:02:07,830 --> 00:02:10,290 Sean Aylmer: Okay. Darren, let's bring you into it. Optus and Medibank 38 00:02:10,290 --> 00:02:13,260 Sean Aylmer: are two very prominent examples in the last month or 39 00:02:13,260 --> 00:02:16,680 Sean Aylmer: so. We've also had the Nike group, we've had Woolworths 40 00:02:16,710 --> 00:02:19,499 Sean Aylmer: through one of its subsidiaries. What does this tell us 41 00:02:19,500 --> 00:02:22,320 Sean Aylmer: basically? It seems like no one is going to escape 42 00:02:22,859 --> 00:02:25,139 Sean Aylmer: cyber crime, at least no one's immune. 43 00:02:25,560 --> 00:02:28,739 Darren Hopkins: That's correct. We've always said it's a matter of when 44 00:02:28,740 --> 00:02:32,669 Darren Hopkins: not if an incident happens for a company and the 45 00:02:32,669 --> 00:02:35,940 Darren Hopkins: brands you've just mentioned are very large and you'd expect 46 00:02:35,940 --> 00:02:40,379 Darren Hopkins: would have good teams, good technology budgets to get good 47 00:02:40,379 --> 00:02:43,560 Darren Hopkins: systems in place, yet they've all been in the press 48 00:02:43,830 --> 00:02:46,320 Darren Hopkins: with their own issues. And I guess what it does 49 00:02:46,320 --> 00:02:49,770 Darren Hopkins: is it remind us that cybersecurity is something that every 50 00:02:49,770 --> 00:02:51,809 Darren Hopkins: business has to continually work on. It's not something you 51 00:02:51,809 --> 00:02:54,508 Darren Hopkins: can set and forget. And the other thing that we 52 00:02:54,508 --> 00:02:56,819 Darren Hopkins: have to be aware of is sometimes you can't avoid 53 00:02:57,179 --> 00:03:00,750 Darren Hopkins: an incident occurring. And as Shane just mentioned, vulnerabilities, yeah 54 00:03:01,410 --> 00:03:04,080 Darren Hopkins: we're seeing at the moment some zero day vulnerabilities, which 55 00:03:04,080 --> 00:03:07,440 Darren Hopkins: are issues that exist in technology that haven't got a 56 00:03:07,440 --> 00:03:10,169 Darren Hopkins: patch yet. So for a while, the businesses will just 57 00:03:10,169 --> 00:03:13,800 Darren Hopkins: remain at risk until someone finds a fix for that. 58 00:03:14,340 --> 00:03:18,329 Sean Aylmer: Okay. It just seems that the average ransom that businesses 59 00:03:18,389 --> 00:03:21,060 Sean Aylmer: are paying is fairly consistent with last year, just over 60 00:03:21,060 --> 00:03:24,389 Sean Aylmer: a million dollars. But the amount that companies are willing 61 00:03:24,389 --> 00:03:27,780 Sean Aylmer: to pay has almost doubled. Why is that? 62 00:03:28,230 --> 00:03:31,020 Shane Bell: Sean, I think we've over the last year gotten a 63 00:03:31,020 --> 00:03:34,739 Shane Bell: lot more visibility as to the costs associated with suffering 64 00:03:34,740 --> 00:03:37,890 Shane Bell: a ransomware event. And historically I think people will have 65 00:03:37,890 --> 00:03:42,690 Shane Bell: thought that the higher costs were legal costs, forensic costs, 66 00:03:42,690 --> 00:03:46,530 Shane Bell: incident response costs, but actually the greater costs are business 67 00:03:46,530 --> 00:03:49,830 Shane Bell: interruption costs and some of the reputational damage, which I 68 00:03:49,830 --> 00:03:51,809 Shane Bell: think is hard to quantify. And so I think the 69 00:03:51,809 --> 00:03:55,830 Shane Bell: movement in what people are willing to pay is a reflection 70 00:03:56,490 --> 00:03:59,880 Shane Bell: of the value that businesses put on that cost, the 71 00:03:59,880 --> 00:04:02,580 Shane Bell: business interruption cost and the reputation cost. And so you're 72 00:04:02,580 --> 00:04:07,139 Shane Bell: right, it's gone from $ 600,000 or so that people are willing 73 00:04:07,139 --> 00:04:10,590 Shane Bell: to pay, up to $ 1. 2 million. And so I think that's 74 00:04:10,590 --> 00:04:12,660 Shane Bell: just an indicator for us as to what the price 75 00:04:12,660 --> 00:04:16,470 Shane Bell: tag is for businesses that are suffering this and they're potentially 76 00:04:16,470 --> 00:04:17,700 Shane Bell: considering paying the ransom. 77 00:04:18,150 --> 00:04:21,630 Sean Aylmer: It just seems that it's like an option of finding 78 00:04:21,630 --> 00:04:24,779 Sean Aylmer: the criminals as opposed to paying the ransom doesn't seem 79 00:04:24,779 --> 00:04:25,500 Sean Aylmer: to be an option. 80 00:04:26,580 --> 00:04:29,850 Shane Bell: Yeah, I think that's really difficult. I mean, finding the 81 00:04:29,850 --> 00:04:34,349 Shane Bell: criminals, I think there's a lot that's required globally to 82 00:04:34,350 --> 00:04:37,860 Shane Bell: sort of get behind that and disrupt that cyber crime 83 00:04:37,950 --> 00:04:40,440 Shane Bell: marketplace. And I don't think it would be fair to 84 00:04:40,440 --> 00:04:44,279 Shane Bell: say that global law enforcement agencies aren't working on that, 85 00:04:44,279 --> 00:04:47,279 Shane Bell: but I guess the immediacy of the situation for that 86 00:04:47,369 --> 00:04:51,750 Shane Bell: organization in that moment is a really telling to pay 87 00:04:51,750 --> 00:04:53,940 Shane Bell: or not to pay equation. And we know from the 88 00:04:53,940 --> 00:04:57,479 Shane Bell: statistics that still eight out of 10 businesses appear to 89 00:04:57,480 --> 00:04:59,969 Shane Bell: be paying the ransom. And so that's still quite high, 90 00:04:59,969 --> 00:05:00,389 Shane Bell: I think. 91 00:05:00,630 --> 00:05:03,870 Sean Aylmer: Yeah, and I mean obviously that's attractive for criminal elements 92 00:05:04,080 --> 00:05:06,178 Sean Aylmer: because 80% of the time they're getting paid. 93 00:05:06,600 --> 00:05:09,150 Shane Bell: It's a self perpetuating economy, that's for sure. 94 00:05:09,690 --> 00:05:17,880 Sean Aylmer: Stay with me, We'll be back in a minute. I'm 95 00:05:17,880 --> 00:05:20,789 Sean Aylmer: talking to Darren Hopkins and Shane Bell Partners at McGraw 96 00:05:20,790 --> 00:05:24,930 Sean Aylmer: Nickel Advisory. Darren, can you talk me through the timeline 97 00:05:24,930 --> 00:05:27,000 Sean Aylmer: of a ransomware attack? And once you do that, we're just going 98 00:05:27,000 --> 00:05:28,890 Sean Aylmer: to play a little bit of audio, which is a 99 00:05:28,890 --> 00:05:32,339 Sean Aylmer: voicemail left on an executive's phone by a ransomware group 100 00:05:32,760 --> 00:05:35,190 Sean Aylmer: and not the voice you'd expect really. But first off, 101 00:05:35,190 --> 00:05:38,128 Sean Aylmer: Darren, just take me up until the time, what normally 102 00:05:38,130 --> 00:05:41,969 Sean Aylmer: happens up until the time the phone call arrives. 103 00:05:42,360 --> 00:05:45,000 Darren Hopkins: We could probably have a whole podcast just on this 104 00:05:45,000 --> 00:05:48,359 Darren Hopkins: one question, I think. If I think back to, I 105 00:05:48,360 --> 00:05:52,469 Darren Hopkins: guess, the average ransomware or extortion event that we tend 106 00:05:52,469 --> 00:05:55,859 Darren Hopkins: to deal with, often these things start well before the 107 00:05:55,860 --> 00:05:58,109 Darren Hopkins: group that you're dealing with was in your network and 108 00:05:58,109 --> 00:06:00,089 Darren Hopkins: they may actually start with a broker. And what a 109 00:06:00,089 --> 00:06:02,909 Darren Hopkins: broker is, is a group that will be the one 110 00:06:02,910 --> 00:06:05,099 Darren Hopkins: that finds a way to get into your network and 111 00:06:05,490 --> 00:06:08,700 Darren Hopkins: find the user account, so the credentials that they will then 112 00:06:08,700 --> 00:06:11,428 Darren Hopkins: use to actually get in, and that's actually part of this 113 00:06:11,428 --> 00:06:15,509 Darren Hopkins: life cycle. They will pull together you and the credentials 114 00:06:15,509 --> 00:06:17,400 Darren Hopkins: to get into your network and then they'll sell that 115 00:06:17,400 --> 00:06:19,859 Darren Hopkins: on the dark net to another group. And then we 116 00:06:19,860 --> 00:06:21,988 Darren Hopkins: get an organized crime group, which will likely be the 117 00:06:21,990 --> 00:06:24,270 Darren Hopkins: ones that will do the extortion or the ransomware. And then 118 00:06:24,270 --> 00:06:27,149 Darren Hopkins: they'll start their part, which is gaining access to your 119 00:06:27,150 --> 00:06:29,340 Darren Hopkins: system. One of the first things they try to do 120 00:06:30,270 --> 00:06:32,970 Darren Hopkins: is get your data, exfiltrate information that's going to be 121 00:06:33,120 --> 00:06:36,659 Darren Hopkins: of value because ultimately that's what you're being extorted against. 122 00:06:37,049 --> 00:06:39,360 Darren Hopkins: They will also try to be persistent, which means that they 123 00:06:39,360 --> 00:06:42,180 Darren Hopkins: can come and go into your network as they see fit, 124 00:06:42,570 --> 00:06:44,910 Darren Hopkins: get some more credentials and more accounts so that they've 125 00:06:44,910 --> 00:06:47,969 Darren Hopkins: got access in there. And generally the last thing that 126 00:06:47,969 --> 00:06:50,489 Darren Hopkins: would happen is that you'd find out that there's been 127 00:06:50,490 --> 00:06:53,339 Darren Hopkins: someone in your network. And then that could be either 128 00:06:53,400 --> 00:06:56,010 Darren Hopkins: a ransom note, it could be a text message to 129 00:06:56,010 --> 00:06:58,950 Darren Hopkins: an individual, an email, or a voice message left on 130 00:06:58,950 --> 00:07:02,428 Darren Hopkins: someone's phone. Or worst case scenario, it could be that 131 00:07:02,428 --> 00:07:05,099 Darren Hopkins: your whole network is encrypted and then everything goes offline 132 00:07:05,099 --> 00:07:06,539 Darren Hopkins: and then you've got to go and deal with that. 133 00:07:06,809 --> 00:07:09,120 Darren Hopkins: And that leads to, I guess to that particular voice 134 00:07:09,120 --> 00:07:11,430 Darren Hopkins: message, which was from a job that we had actually 135 00:07:11,430 --> 00:07:14,580 Darren Hopkins: worked on. And it was interesting to see that mechanism 136 00:07:14,700 --> 00:07:15,480 Darren Hopkins: for letting someone know. 137 00:07:16,350 --> 00:07:16,860 Sean Aylmer: Let's hear it. 138 00:07:19,890 --> 00:07:22,980 Melissa: Brett, hi, my name is Melissa. I'm calling you from 139 00:07:22,980 --> 00:07:27,689 Melissa: Quantum Group as I understand you right now, or your 140 00:07:27,690 --> 00:07:31,290 Melissa: management are trying to figure out what happened with your 141 00:07:31,290 --> 00:07:39,060 Melissa: infrastructure. I will explain that. Right now, 45 servers are encrypted 142 00:07:39,870 --> 00:07:50,130 Melissa: and 464 computers are also encrypted and more than 500 143 00:07:50,130 --> 00:07:54,930 Melissa: gigabytes of private and internal data of your company has 144 00:07:54,930 --> 00:08:01,950 Melissa: been stolen. So my recommendation is to go for negotiation, and you should 145 00:08:01,950 --> 00:08:07,410 Melissa: do this at nearest time, you have so less time 146 00:08:07,740 --> 00:08:12,870 Melissa: to come for negotiation. On the encrypted computers or laptops you'll 147 00:08:12,870 --> 00:08:18,479 Melissa: find the information how to get in our chatroom. So 148 00:08:18,480 --> 00:08:22,799 Melissa: we are waiting for your management. So please take this 149 00:08:22,799 --> 00:08:29,220 Melissa: message and inform because for right now, as I see no 150 00:08:29,220 --> 00:08:33,420 Melissa: one phone is working on your website. So as I 151 00:08:33,420 --> 00:08:39,598 Melissa: understand, right now you have a big problems and the 152 00:08:39,599 --> 00:08:42,089 Melissa: best way how to resolve this issue is to go 153 00:08:42,090 --> 00:08:44,250 Melissa: for negotiation. We are waiting. Thank you. 154 00:08:45,208 --> 00:08:46,348 Sean Aylmer: Darren, it's pretty chilling. 155 00:08:46,708 --> 00:08:51,270 Darren Hopkins: It's pretty direct, isn't it? And Melissa has quite clearly 156 00:08:51,270 --> 00:08:53,728 Darren Hopkins: said that she's there to help and all you need 157 00:08:53,730 --> 00:08:56,400 Darren Hopkins: to do is to contact her through your chatroom and 158 00:08:56,400 --> 00:08:59,639 Darren Hopkins: negotiate. And I guess it's something we're not used to, 159 00:08:59,639 --> 00:09:02,010 Darren Hopkins: which is a human element to what we're dealing with, 160 00:09:02,010 --> 00:09:04,710 Darren Hopkins: which is a cyber crime, and we are just dealing 161 00:09:04,710 --> 00:09:05,190 Darren Hopkins: with people. 162 00:09:05,580 --> 00:09:07,920 Sean Aylmer: Shane, bringing you into it. I mean, your study shows 163 00:09:07,920 --> 00:09:11,218 Sean Aylmer: that negotiation is now less likely to have taken place 164 00:09:11,219 --> 00:09:13,108 Sean Aylmer: than in the instance we just heard where the woman 165 00:09:13,259 --> 00:09:18,900 Sean Aylmer: wanted to negotiate. Why is negotiation happening less? Doesn't it work? 166 00:09:19,530 --> 00:09:22,050 Shane Bell: Yeah, I think there's a few factors to this, Sean. I 167 00:09:22,050 --> 00:09:27,450 Shane Bell: think the first is people make the decision pretty early 168 00:09:27,510 --> 00:09:31,439 Shane Bell: now to negotiate or not to negotiate. I mean, there's 169 00:09:31,440 --> 00:09:34,470 Shane Bell: a few reasons why you might negotiate, not necessarily because 170 00:09:34,889 --> 00:09:36,689 Shane Bell: you want to pay the ransom, because if you enter 171 00:09:36,690 --> 00:09:40,230 Shane Bell: into that negotiation, you can get a bit of intelligence 172 00:09:40,230 --> 00:09:43,440 Shane Bell: yourself about the information that may have been stolen or 173 00:09:43,440 --> 00:09:46,410 Shane Bell: the way that that group got access to your environment. 174 00:09:46,410 --> 00:09:48,539 Shane Bell: So there can be some valuable pieces of information that 175 00:09:48,540 --> 00:09:51,240 Shane Bell: come from that. But I think the decision as to 176 00:09:51,240 --> 00:09:54,960 Shane Bell: whether to negotiate or not is made pretty quickly. I 177 00:09:54,960 --> 00:09:59,580 Shane Bell: think the other contributing factor is that on the cyber 178 00:09:59,580 --> 00:10:04,440 Shane Bell: crime side of things, some of the demands are actually 179 00:10:04,800 --> 00:10:07,559 Shane Bell: considered reasonable, if I put it that way. So I 180 00:10:07,559 --> 00:10:11,039 Shane Bell: mean on big, sophisticated and significant events, I think the 181 00:10:11,039 --> 00:10:14,819 Shane Bell: ransom will be quite high and a negotiation might get 182 00:10:14,820 --> 00:10:17,640 Shane Bell: it down. But for some of the other ransomware events 183 00:10:17,640 --> 00:10:19,950 Shane Bell: that we see, the ask isn't actually that high. And 184 00:10:19,950 --> 00:10:22,020 Shane Bell: so that decision to pay or not to pay might 185 00:10:22,020 --> 00:10:25,499 Shane Bell: actually be a pretty quick decision for people to make. 186 00:10:25,500 --> 00:10:28,079 Shane Bell: So I think all of that contributes to the statistics 187 00:10:28,080 --> 00:10:31,380 Shane Bell: that we're seeing around the propensity for organizations to enter 188 00:10:31,410 --> 00:10:32,488 Shane Bell: into the negotiation. 189 00:10:32,850 --> 00:10:34,890 Sean Aylmer: But can you trust the person you pay, even if it's $10, 190 00:10:34,950 --> 00:10:37,620 Sean Aylmer: 000 or $20, 000 and you think, " As a cost of 191 00:10:37,620 --> 00:10:40,380 Sean Aylmer: business, I need to do this." Can you trust the 192 00:10:40,380 --> 00:10:41,759 Sean Aylmer: person who stole your data? 193 00:10:42,120 --> 00:10:45,358 Shane Bell: I think that's really difficult. My personal answer to that 194 00:10:45,360 --> 00:10:49,260 Shane Bell: question, Sean, is no, but I think people rationalize that 195 00:10:49,530 --> 00:10:55,800 Shane Bell: decision differently. And certainly there is threat intelligence that's available 196 00:10:55,800 --> 00:11:00,210 Shane Bell: now that talks to I guess how reliable some of 197 00:11:00,210 --> 00:11:04,050 Shane Bell: these cyber crime groups are at sticking to their word." 198 00:11:04,529 --> 00:11:07,110 Shane Bell: If you pay me some money, I'll delete the data, 199 00:11:07,110 --> 00:11:10,050 Shane Bell: I won't publish it or sell it on marketplaces." And 200 00:11:10,050 --> 00:11:12,929 Shane Bell: so I guess with a grain of salt, you can 201 00:11:12,929 --> 00:11:15,270 Shane Bell: maybe believe that. But my personal view would be, I 202 00:11:15,270 --> 00:11:16,828 Shane Bell: mean you're dealing with a criminal, right? 203 00:11:16,830 --> 00:11:16,920 Sean Aylmer: Yup. 204 00:11:17,759 --> 00:11:20,700 Shane Bell: So I think that trusting what they're saying would be 205 00:11:20,700 --> 00:11:21,630 Shane Bell: pretty difficult in my view. 206 00:11:22,770 --> 00:11:25,620 Sean Aylmer: I mean, when they pay the money, let's say it is $ 10, 000, do they 207 00:11:25,620 --> 00:11:28,170 Sean Aylmer: know where it goes? Is it Bitcoin? How do they pay it? 208 00:11:28,590 --> 00:11:30,840 Shane Bell: It is paid via crypto. One of the things that 209 00:11:30,840 --> 00:11:33,239 Shane Bell: we have seen that's a little different in the current 210 00:11:33,240 --> 00:11:36,570 Shane Bell: landscape is that the ask is now, at the moment, 211 00:11:36,900 --> 00:11:40,708 Shane Bell: a dollar figure rather than a crypto. 212 00:11:40,708 --> 00:11:42,870 Sean Aylmer: Inflation is killing the hackers. 213 00:11:42,870 --> 00:11:46,320 Shane Bell: Maybe inflation's getting in there. Maybe the volatility of the 214 00:11:46,559 --> 00:11:50,578 Shane Bell: crypto market is something that these cyber crime groups aren't 215 00:11:50,580 --> 00:11:53,639 Shane Bell: willing to ride the wave of. So the ask will 216 00:11:53,639 --> 00:11:55,920 Shane Bell: be a dollar figure and then it'll be sort of 217 00:11:55,920 --> 00:11:58,920 Shane Bell: calculated at the time that there's an agreement to pay. 218 00:11:58,980 --> 00:12:02,040 Shane Bell: But still, crypto is the chosen currency of choice. 219 00:12:02,040 --> 00:12:05,580 Sean Aylmer: Okay. What about Darren? What about insurance in all this? 220 00:12:05,580 --> 00:12:07,020 Sean Aylmer: Do the insurers play a role? 221 00:12:08,130 --> 00:12:11,190 Darren Hopkins: Absolutely. If you've got cyber insurance there's a few things 222 00:12:11,190 --> 00:12:14,040 Darren Hopkins: that you are actually seeking coverage on. The first one 223 00:12:14,040 --> 00:12:16,619 Darren Hopkins: is help in the event that you have an incident 224 00:12:17,010 --> 00:12:20,880 Darren Hopkins: and an insurance policy in this space gives you access 225 00:12:20,880 --> 00:12:24,059 Darren Hopkins: to experts, it gives you access to lawyers who are 226 00:12:24,059 --> 00:12:27,689 Darren Hopkins: skilled at dealing with these issues, digital forensic and incident 227 00:12:27,690 --> 00:12:30,840 Darren Hopkins: responders like Shane and myself, to bring a team in 228 00:12:30,840 --> 00:12:34,199 Darren Hopkins: there and help you respond to the issue, maybe communication 229 00:12:34,650 --> 00:12:37,020 Darren Hopkins: to help you with those comms pieces when something's gone 230 00:12:37,020 --> 00:12:39,630 Darren Hopkins: wrong. So in the first instance, you get access to 231 00:12:39,630 --> 00:12:42,660 Darren Hopkins: big teams to help you get through this quickly. And 232 00:12:42,660 --> 00:12:45,780 Darren Hopkins: at the same time, you're also getting coverage for your 233 00:12:45,780 --> 00:12:49,410 Darren Hopkins: loss to a degree. So we mentioned before the amount 234 00:12:49,410 --> 00:12:51,899 Darren Hopkins: of interruption that occurs in one of these events and 235 00:12:51,900 --> 00:12:55,140 Darren Hopkins: that is covered as well. And in some cases, if 236 00:12:55,140 --> 00:12:58,559 Darren Hopkins: you're making a ransom payment, that's covered. So the insurer 237 00:12:58,559 --> 00:13:01,470 Darren Hopkins: has a lot of areas that they support you on. 238 00:13:02,280 --> 00:13:05,099 Sean Aylmer: Okay. I mean, you mentioned the public relations exercise there. 239 00:13:05,219 --> 00:13:08,910 Sean Aylmer: Is it a good idea to come out quickly as arguably 240 00:13:08,910 --> 00:13:12,420 Sean Aylmer: Optus did, or do you perhaps wait a few days 241 00:13:12,420 --> 00:13:13,860 Sean Aylmer: because you're not really sure what's going on? I mean, 242 00:13:13,860 --> 00:13:15,420 Sean Aylmer: you're in a rock and a hard place there and 243 00:13:15,420 --> 00:13:17,608 Sean Aylmer: Medibank came out and was criticized for coming out too late. 244 00:13:18,150 --> 00:13:19,380 Sean Aylmer: But at the end of the day, you're probably not sure 245 00:13:19,380 --> 00:13:20,160 Sean Aylmer: what's going on, Darren. 246 00:13:20,160 --> 00:13:23,699 Darren Hopkins: And look, this is something that in this last month I 247 00:13:23,700 --> 00:13:27,088 Darren Hopkins: think has been debated and is changing the way many 248 00:13:27,089 --> 00:13:29,309 Darren Hopkins: business would approach how they communicate in one of these 249 00:13:29,309 --> 00:13:32,400 Darren Hopkins: instances. The expectation I think is that you come out 250 00:13:32,400 --> 00:13:35,700 Darren Hopkins: quickly and you're very honest and open in that communication. 251 00:13:36,000 --> 00:13:39,360 Darren Hopkins: At the same time, one thing that you've never really 252 00:13:39,360 --> 00:13:42,540 Darren Hopkins: wanted to do is tell people that maybe we've lost 253 00:13:42,540 --> 00:13:44,608 Darren Hopkins: your identity when you don't know if that's the case. 254 00:13:44,610 --> 00:13:47,789 Darren Hopkins: Because that can actually be causing them harm, psychological harm 255 00:13:47,789 --> 00:13:50,280 Darren Hopkins: in the instance that they think that they're now at risk. 256 00:13:50,370 --> 00:13:53,488 Darren Hopkins: So getting that balance is really hard. I think at 257 00:13:53,490 --> 00:13:55,530 Darren Hopkins: this point you've got to come out early and say 258 00:13:55,530 --> 00:13:59,219 Darren Hopkins: something and say it in a way that is honest. And in some 259 00:13:59,219 --> 00:14:01,290 Darren Hopkins: cases you just have to say, " Look, we just don't 260 00:14:01,290 --> 00:14:03,569 Darren Hopkins: know yet, but what we want to do is tell 261 00:14:03,570 --> 00:14:06,090 Darren Hopkins: you what we do know." And that's something that I 262 00:14:06,090 --> 00:14:08,250 Darren Hopkins: think we're all sort of coming to grips with at the moment. 263 00:14:09,059 --> 00:14:12,208 Sean Aylmer: Okay. Shane, presumably everyone is at risk now. I mean, 264 00:14:12,210 --> 00:14:15,328 Sean Aylmer: I would think the banks, and retailers, and people who 265 00:14:15,330 --> 00:14:18,119 Sean Aylmer: have huge amounts of data would be more likely to 266 00:14:18,120 --> 00:14:20,490 Sean Aylmer: be at risk. But is that not true? 267 00:14:21,270 --> 00:14:24,750 Shane Bell: Yeah, well, I think unfortunately Sean, if you're connected to 268 00:14:24,750 --> 00:14:28,110 Shane Bell: the internet, you're at risk. Now, I think there's obviously 269 00:14:28,110 --> 00:14:32,730 Shane Bell: degrees of risk. We talk about that in the cyber sphere as 270 00:14:33,210 --> 00:14:37,199 Shane Bell: confidentiality and integrity and availability. So if you have a 271 00:14:37,200 --> 00:14:39,839 Shane Bell: large amount of data that's confidential in nature, then that 272 00:14:39,839 --> 00:14:44,190 Shane Bell: will probably increase your risk profile. And that's someone like 273 00:14:44,190 --> 00:14:48,270 Shane Bell: the Optus scenario, integrity. So if you've got data that 274 00:14:48,330 --> 00:14:52,380 Shane Bell: the accuracy of that information is really quite critical, then 275 00:14:52,380 --> 00:14:54,540 Shane Bell: that can put you at risk as well. Not necessarily 276 00:14:54,540 --> 00:14:58,379 Shane Bell: the volume of that data, but the accuracy and availability. That 277 00:14:58,379 --> 00:15:01,170 Shane Bell: becomes less about a data risk and more about system 278 00:15:01,170 --> 00:15:04,860 Shane Bell: availability and those types of things. So I think there's 279 00:15:04,860 --> 00:15:08,550 Shane Bell: ways that you can calculate what your cyber threat risk 280 00:15:08,550 --> 00:15:12,690 Shane Bell: profile might be, but at a base level, if you have 281 00:15:12,690 --> 00:15:15,809 Shane Bell: a digital supply chain and you're connected to the internet, 282 00:15:15,809 --> 00:15:16,560 Shane Bell: then you're in play. 283 00:15:17,490 --> 00:15:20,130 Sean Aylmer: Okay, Darren, final question. What should a company be doing 284 00:15:20,130 --> 00:15:23,610 Sean Aylmer: right now to prepare for the risk of cyber hacking 285 00:15:23,850 --> 00:15:24,720 Sean Aylmer: or ransomware? 286 00:15:25,740 --> 00:15:28,650 Darren Hopkins: Well, as I said, expect it will happen. So the 287 00:15:28,650 --> 00:15:30,689 Darren Hopkins: first thing you should be doing is actually having a 288 00:15:30,690 --> 00:15:35,940 Darren Hopkins: plan to respond to these incidents. Building resilience to cyber 289 00:15:35,940 --> 00:15:38,790 Darren Hopkins: takes some time, but you can absolutely have a plan 290 00:15:38,790 --> 00:15:40,500 Darren Hopkins: and know how to respond. And the one thing that 291 00:15:40,500 --> 00:15:43,110 Darren Hopkins: we would encourage all businesses to sort of think about 292 00:15:43,110 --> 00:15:45,900 Darren Hopkins: is make sure the basics are still in play. Do 293 00:15:45,900 --> 00:15:48,630 Darren Hopkins: you have backups and could you respond to an event 294 00:15:48,960 --> 00:15:51,359 Darren Hopkins: if it occurred? You just don't want to be left 295 00:15:51,360 --> 00:15:53,850 Darren Hopkins: in the situation where you only have one outcome, which 296 00:15:53,850 --> 00:15:56,880 Darren Hopkins: is possibly having to deal with and pay a threat 297 00:15:56,880 --> 00:15:58,170 Darren Hopkins: actor group for what they've done. 298 00:15:58,590 --> 00:16:01,170 Sean Aylmer: Darren, Shane, thank you for talking to Fear and Greed. 299 00:16:01,260 --> 00:16:02,010 Shane Bell: Thanks, Sean. 300 00:16:02,370 --> 00:16:02,820 Darren Hopkins: Thanks, Sean. 301 00:16:03,120 --> 00:16:05,550 Sean Aylmer: That was Darren Hopkins and Shane Bell, Cyber Partners at 302 00:16:05,550 --> 00:16:09,150 Sean Aylmer: McGraw Nickel Advisory and supporters of this podcast. This is 303 00:16:09,150 --> 00:16:11,430 Sean Aylmer: the Fear and Greed Daily interview. Join us every morning 304 00:16:11,430 --> 00:16:13,710 Sean Aylmer: for the full episode of Fear and Greed, Australia's most 305 00:16:13,710 --> 00:16:17,190 Sean Aylmer: popular business podcast. I'm Sean Aylmer, enjoy your day.