1 00:00:03,960 --> 00:00:06,389 Sean Aylmer: Welcome to the Fear and Greed Business Interview. I'm Sean 2 00:00:06,390 --> 00:00:11,069 Sean Aylmer: Aylmer. Cybersecurity remains a top priority for Australian business and 3 00:00:11,070 --> 00:00:14,880 Sean Aylmer: with good reason. We're constantly hearing about new attacks, including 4 00:00:14,880 --> 00:00:17,969 Sean Aylmer: this week's hack on freight operator DP World. And there 5 00:00:17,969 --> 00:00:21,210 Sean Aylmer: are plenty more that we don't hear about too. One 6 00:00:21,210 --> 00:00:23,939 Sean Aylmer: of the biggest risks is ransomware. For the third year, 7 00:00:23,940 --> 00:00:28,080 Sean Aylmer: McGrathNicol Advisory has partnered with YouGov to survey 500 Australian 8 00:00:28,080 --> 00:00:31,320 Sean Aylmer: business owners, partners, directors, and C- suite leaders on the ransomware 9 00:00:32,190 --> 00:00:37,110 Sean Aylmer: threat facing Australian businesses. Darren Hopkins and Blare Sutton are Cyber 10 00:00:37,110 --> 00:00:40,440 Sean Aylmer: Partners at McGrathNicol Advisory, which is a supporter of this 11 00:00:40,440 --> 00:00:43,019 Sean Aylmer: podcast. Darren and Blare, welcome to Fear and Greed. 12 00:00:43,380 --> 00:00:43,890 Darren Hopkins: Thanks, Sean. 13 00:00:44,250 --> 00:00:44,848 Blare Sutton: Thanks Sean. 14 00:00:45,659 --> 00:00:47,999 Sean Aylmer: Darren, we spoke to you about this last year when 15 00:00:48,000 --> 00:00:50,848 Sean Aylmer: you did this research. What can you tell us about 16 00:00:50,848 --> 00:00:54,029 Sean Aylmer: the headline results? Has the ransomware threat changed much since this 17 00:00:54,029 --> 00:00:54,750 Sean Aylmer: time last year? 18 00:00:55,260 --> 00:00:57,570 Darren Hopkins: Sean, this is our third year of running the research, 19 00:00:57,630 --> 00:00:59,940 Darren Hopkins: and some good news this year is that the results 20 00:00:59,940 --> 00:01:03,120 Darren Hopkins: show that there's a reduction in the number of ransomware 21 00:01:03,120 --> 00:01:06,750 Darren Hopkins: attacks in Australia. Now, what we've got this year is that 56% 22 00:01:06,750 --> 00:01:10,440 Darren Hopkins: of those that we actually surveyed have said that they 23 00:01:10,440 --> 00:01:12,690 Darren Hopkins: had an attack in the last five years. Now, that's 24 00:01:12,690 --> 00:01:15,540 Darren Hopkins: actually down on last year, 69%, so that's some good 25 00:01:15,540 --> 00:01:19,200 Darren Hopkins: news. The number of businesses that also paid the ransom 26 00:01:19,200 --> 00:01:22,469 Darren Hopkins: has dropped as well, which is nice. Three years ago 27 00:01:22,469 --> 00:01:25,229 Darren Hopkins: what we saw was that it was 83% of these businesses 28 00:01:25,230 --> 00:01:27,660 Darren Hopkins: were saying that they were paying the ransom. That's dropped 29 00:01:27,660 --> 00:01:30,420 Darren Hopkins: right back now to 73%, but that's still very high. 30 00:01:30,450 --> 00:01:33,810 Darren Hopkins: That's almost three quarters of the businesses that suffered an 31 00:01:33,810 --> 00:01:37,319 Darren Hopkins: attack looked at paying. We also got some different statistics 32 00:01:37,319 --> 00:01:40,200 Darren Hopkins: this year to help try to understand why this is 33 00:01:40,200 --> 00:01:42,809 Darren Hopkins: still such a big issue for Australia. We got some 34 00:01:42,809 --> 00:01:45,389 Darren Hopkins: details on who the main threat actors were that were 35 00:01:45,389 --> 00:01:50,970 Darren Hopkins: attacking Australia, with AlphaV, or aka BlackCat, being the most prevalent in the 36 00:01:51,270 --> 00:01:54,330 Darren Hopkins: research. We had a look at how the attacks were 37 00:01:54,330 --> 00:01:57,270 Darren Hopkins: happening, and the most common way that attackers are getting 38 00:01:57,270 --> 00:02:00,660 Darren Hopkins: into systems still seems to be phishing emails and people 39 00:02:00,660 --> 00:02:04,049 Darren Hopkins: falling victim to those attacks there. And we had some 40 00:02:04,049 --> 00:02:09,630 Darren Hopkins: other information which would suggest that 83% of the respondents 41 00:02:09,690 --> 00:02:12,840 Darren Hopkins: say that if someone was to find out that they 42 00:02:12,840 --> 00:02:15,478 Darren Hopkins: had paid or if they had someone in their supply 43 00:02:15,480 --> 00:02:20,130 Darren Hopkins: chain that had paid, that would absolutely adversely impact their 44 00:02:20,130 --> 00:02:21,839 Darren Hopkins: perception of that particular business. 45 00:02:22,650 --> 00:02:25,590 Sean Aylmer: Blare, bringing you into it here, I mean, I'm astounded 46 00:02:25,590 --> 00:02:29,580 Sean Aylmer: that so many people pay the ransom. It just seems 47 00:02:29,580 --> 00:02:32,700 Sean Aylmer: businesses are still more likely to pay a ransom. They're 48 00:02:32,700 --> 00:02:36,450 Sean Aylmer: not, I mean, obviously your numbers back that up. How 49 00:02:36,450 --> 00:02:38,969 Sean Aylmer: much are they paying? Is it all because they're too 50 00:02:38,969 --> 00:02:42,239 Sean Aylmer: worried that if it gets out, it destroys their reputation? 51 00:02:42,240 --> 00:02:43,470 Sean Aylmer: What's the deal there, Blare? 52 00:02:44,190 --> 00:02:49,109 Blare Sutton: Yeah. Thanks, Sean. There's a variety of different reasons and 53 00:02:49,110 --> 00:02:54,418 Blare Sutton: drivers. As Darren just said, over three quarters of businesses 54 00:02:54,419 --> 00:02:58,499 Blare Sutton: that suffer a ransomware attack are paying the ransom, which, as 55 00:02:58,500 --> 00:03:03,388 Blare Sutton: you rightly say, is rather alarming. Probably what's equally alarming 56 00:03:03,389 --> 00:03:08,548 Blare Sutton: is how quickly they're paying and how much they're paying. We 57 00:03:08,550 --> 00:03:13,230 Blare Sutton: see through the research that most organizations, or the average 58 00:03:13,230 --> 00:03:16,738 Blare Sutton: that organizations are paying, is around about a million dollars, 59 00:03:16,770 --> 00:03:22,500 Blare Sutton: which is astounding. But actually they're prepared to pay more. 60 00:03:22,740 --> 00:03:24,240 Blare Sutton: I don't know whether we should be saying that out 61 00:03:24,240 --> 00:03:27,300 Blare Sutton: loud, but it looks like they're prepared to pay about 62 00:03:27,330 --> 00:03:31,919 Blare Sutton: 30% more when asked how much they would pay. And 63 00:03:32,070 --> 00:03:38,070 Blare Sutton: of those that paid, again, 75% paid within the first 64 00:03:38,070 --> 00:03:42,780 Blare Sutton: 48 hours. So there's a variety of drivers there. We'll 65 00:03:42,780 --> 00:03:45,390 Blare Sutton: probably explore that in more detail as we talk, but 66 00:03:45,960 --> 00:03:48,960 Blare Sutton: certainly reputation and wanting to keep out of the media, 67 00:03:48,960 --> 00:03:53,969 Blare Sutton: and possibly also trying to protect the people whose information 68 00:03:53,969 --> 00:03:55,440 Blare Sutton: has been involved in the attack. 69 00:03:55,950 --> 00:03:59,010 Sean Aylmer: Okay, Darren, so the federal government continues to advise against 70 00:03:59,130 --> 00:04:02,820 Sean Aylmer: ransom payments. Why is this the case? I mean, what 71 00:04:02,820 --> 00:04:05,400 Sean Aylmer: could happen to businesses and boards if they actually do 72 00:04:05,550 --> 00:04:07,679 Sean Aylmer: pay? Is there some sort of legal or regulatory issue 73 00:04:07,679 --> 00:04:09,239 Sean Aylmer: they're likely to run into? 74 00:04:10,559 --> 00:04:14,430 Darren Hopkins: Whilst it's still not illegal to pay a ransom in 75 00:04:14,430 --> 00:04:18,419 Darren Hopkins: this country, what businesses do need to do is first 76 00:04:18,420 --> 00:04:21,388 Darren Hopkins: get legal advice. There are times that you can't make 77 00:04:21,389 --> 00:04:24,809 Darren Hopkins: a payment. For instance, if the threat actor is one 78 00:04:24,809 --> 00:04:28,109 Darren Hopkins: that is sanctioned, therefore they're considered a terrorist organization, you 79 00:04:28,109 --> 00:04:31,260 Darren Hopkins: can't make that payment. But you generally get advice to 80 00:04:31,260 --> 00:04:33,690 Darren Hopkins: that before you look at whether or not you could 81 00:04:33,690 --> 00:04:36,539 Darren Hopkins: consider a payment. The government has said that they won't 82 00:04:36,540 --> 00:04:39,660 Darren Hopkins: ban payments, but they have come out this week and 83 00:04:39,660 --> 00:04:42,360 Darren Hopkins: said that there's got to be mandatory no liability ransomware 84 00:04:42,540 --> 00:04:47,070 Darren Hopkins: obligations for reporting in this country, and they're going to 85 00:04:47,459 --> 00:04:51,390 Darren Hopkins: expect businesses to tell them about a ransomware event that they've 86 00:04:51,390 --> 00:04:53,430 Darren Hopkins: become a victim of or if they've made a payment. 87 00:04:53,430 --> 00:04:55,890 Darren Hopkins: So that's going to be interesting. A lot of the 88 00:04:55,890 --> 00:04:59,159 Darren Hopkins: businesses that go down the path of looking to pay 89 00:04:59,610 --> 00:05:01,889 Darren Hopkins: do so for two reasons. And the research came out 90 00:05:01,889 --> 00:05:03,540 Darren Hopkins: and said that the number one reason they would do 91 00:05:03,540 --> 00:05:05,609 Darren Hopkins: that is likely to minimize harm, and they want to 92 00:05:05,609 --> 00:05:08,909 Darren Hopkins: minimize further harm to their people, their clients, or the 93 00:05:08,910 --> 00:05:11,969 Darren Hopkins: third parties that they deal with. They don't want data 94 00:05:12,089 --> 00:05:14,639 Darren Hopkins: that may have been taken to be leaked publicly, and 95 00:05:14,639 --> 00:05:17,758 Darren Hopkins: that's a way of reducing that damage. The other issue, 96 00:05:17,759 --> 00:05:19,320 Darren Hopkins: and the other thing that they pay for, is to 97 00:05:19,320 --> 00:05:23,459 Darren Hopkins: reduce brand damage. And if an event doesn't become public 98 00:05:23,459 --> 00:05:26,010 Darren Hopkins: and there's no leakage then that certainly doesn't impact your 99 00:05:26,010 --> 00:05:27,599 Darren Hopkins: brand as much if you don't tell others. 100 00:05:28,290 --> 00:05:36,479 Sean Aylmer: Stay with me. We'll be back in a minute. My 101 00:05:36,480 --> 00:05:39,869 Sean Aylmer: guests today are Darren Hopkins and Blare Sutton, Cyber Partners 102 00:05:40,109 --> 00:05:45,000 Sean Aylmer: at McGrathNicol Advisory. Okay, so we have an enormous amount 103 00:05:45,029 --> 00:05:50,099 Sean Aylmer: of companies being hit with ransomware attacks, yet nine out 104 00:05:50,099 --> 00:05:54,359 Sean Aylmer: of 10, or 88%, of executives believe their organization is prepared for 105 00:05:54,360 --> 00:05:58,560 Sean Aylmer: a ransomware attack. Tell me, Blare, where's the confidence coming from? 106 00:05:59,520 --> 00:06:02,700 Blare Sutton: It's a really good question in that the statistics that 107 00:06:02,700 --> 00:06:07,650 Blare Sutton: we see there around being prepared for a cyber attack 108 00:06:07,650 --> 00:06:12,118 Blare Sutton: or a ransomware attack versus those that have been impacted, I 109 00:06:12,120 --> 00:06:15,270 Blare Sutton: mean, maybe some of that comes from the fact that 110 00:06:15,270 --> 00:06:17,729 Blare Sutton: they've actually had to deal with this before, if we're 111 00:06:17,730 --> 00:06:21,210 Blare Sutton: looking at the large proportion of businesses that have been 112 00:06:21,210 --> 00:06:23,820 Blare Sutton: surveyed have actually had to deal with one. So there 113 00:06:23,820 --> 00:06:27,060 Blare Sutton: might be a little bit of perceived bench strength there. 114 00:06:27,540 --> 00:06:30,928 Blare Sutton: But I'd have to say from what we're seeing in 115 00:06:30,928 --> 00:06:34,949 Blare Sutton: all sectors is that it probably infers a little bit 116 00:06:34,949 --> 00:06:40,950 Blare Sutton: of overconfidence. We also shouldn't confuse people's willingness to make 117 00:06:40,950 --> 00:06:44,610 Blare Sutton: ransom payments with not being prepared. I think sometimes we 118 00:06:44,610 --> 00:06:47,669 Blare Sutton: can have a look at some of these statistics and think, " 119 00:06:47,940 --> 00:06:50,880 Blare Sutton: Well, if all this money's being paid and all these 120 00:06:50,880 --> 00:06:53,219 Blare Sutton: people are prepared to being paid, surely that means they're 121 00:06:53,219 --> 00:06:57,540 Blare Sutton: not prepared." To explain that a little, we do see 122 00:06:57,540 --> 00:07:01,349 Blare Sutton: a lot of Australian businesses improving their ability to respond 123 00:07:01,350 --> 00:07:05,130 Blare Sutton: to a ransom attack, and they do this by, obviously, 124 00:07:05,130 --> 00:07:09,178 Blare Sutton: doing all the cybersecurity work around controls, et cetera, but 125 00:07:09,178 --> 00:07:14,040 Blare Sutton: also in developing instant response plans and appointing incident responders 126 00:07:14,370 --> 00:07:17,580 Blare Sutton: and then testing those plans. And quite often when you 127 00:07:17,580 --> 00:07:21,630 Blare Sutton: test those plans, through running a simulated exercise, you're going 128 00:07:21,630 --> 00:07:24,659 Blare Sutton: to include the fact that there'll be a ransom demand 129 00:07:24,929 --> 00:07:28,049 Blare Sutton: and this will allow the boards or the executives or 130 00:07:28,049 --> 00:07:32,520 Blare Sutton: the owners of that business to plan in advance about, " 131 00:07:32,520 --> 00:07:35,640 Blare Sutton: Well, how would we deal with the ransom? Would we 132 00:07:35,640 --> 00:07:40,679 Blare Sutton: pay it?" So, yes, it doesn't necessarily add up, that 133 00:07:40,679 --> 00:07:44,280 Blare Sutton: statistic. We think there's a little bit of overconfidence, and 134 00:07:44,280 --> 00:07:48,119 Blare Sutton: especially when you start to look at the emerging trend 135 00:07:48,119 --> 00:07:52,890 Blare Sutton: of attacks on supply chains and critical infrastructure, we need 136 00:07:52,890 --> 00:07:56,550 Blare Sutton: to build out those plans to consider for people outside 137 00:07:56,550 --> 00:07:59,490 Blare Sutton: of what we're controlling in our immediate business. 138 00:08:00,030 --> 00:08:02,519 Sean Aylmer: Okay. I'll get to critical infrastructure in a moment, Blare, 139 00:08:02,520 --> 00:08:06,960 Sean Aylmer: but just on that, in terms of what McGrathNicol is seeing and what you 140 00:08:06,960 --> 00:08:10,920 Sean Aylmer: just said, it sounds like Australian business are getting better 141 00:08:11,490 --> 00:08:14,639 Sean Aylmer: at getting ready for it, at least, even if not 142 00:08:14,760 --> 00:08:17,280 Sean Aylmer: necessarily the ransomware part of it, but they're thinking more 143 00:08:17,280 --> 00:08:17,730 Sean Aylmer: about it. 144 00:08:18,360 --> 00:08:23,039 Blare Sutton: They're thinking more about it. They're certainly preparing themselves to 145 00:08:23,039 --> 00:08:28,140 Blare Sutton: respond, which is absolutely positive movement and positive sentiment. And 146 00:08:28,140 --> 00:08:32,460 Blare Sutton: we are seeing that increase in preparedness over the course 147 00:08:32,460 --> 00:08:36,780 Blare Sutton: of the surveys that we've been conducting and also from 148 00:08:36,780 --> 00:08:38,130 Blare Sutton: what we're seeing out in market. 149 00:08:38,940 --> 00:08:43,020 Sean Aylmer: Okay. Now, Blare, DP World, Australia's second- largest port operator, 150 00:08:43,020 --> 00:08:46,050 Sean Aylmer: shut down over the weekend because of the cyber attack. 151 00:08:46,980 --> 00:08:49,410 Sean Aylmer: There's all sorts of talk about what that means in 152 00:08:49,410 --> 00:08:54,270 Sean Aylmer: terms of new critical infrastructure, legislation, supply chains, et cetera. 153 00:08:54,540 --> 00:08:57,989 Sean Aylmer: Are these the sorts of areas which are likely to 154 00:08:57,990 --> 00:09:02,820 Sean Aylmer: attract more cyber attacks in the future, these critical infrastructure 155 00:09:02,820 --> 00:09:07,170 Sean Aylmer: plays like ports, maybe telcos, poles, wires, those sorts of things? 156 00:09:07,920 --> 00:09:11,730 Blare Sutton: To understand the trends, the future trends, we need to 157 00:09:11,730 --> 00:09:16,469 Blare Sutton: delve into what are the motivators for these malicious actors? 158 00:09:16,889 --> 00:09:20,429 Blare Sutton: And if we have a look at recent events, not 159 00:09:20,429 --> 00:09:25,740 Blare Sutton: just DP World, and going back a little bit further, 160 00:09:25,740 --> 00:09:29,429 Blare Sutton: Optus and Medibank and the like, if we look at 161 00:09:29,429 --> 00:09:34,350 Blare Sutton: the broader global geopolitical situation, we can understand that the 162 00:09:34,350 --> 00:09:40,200 Blare Sutton: malicious actors are both financially and politically motivated. So if 163 00:09:40,200 --> 00:09:44,489 Blare Sutton: we think about the conflicts in Ukraine and Israel, both 164 00:09:44,490 --> 00:09:49,889 Blare Sutton: of those were preempted by cyber attacks and cyber attacks 165 00:09:49,889 --> 00:09:53,159 Blare Sutton: have formed a large part of the response. So it's 166 00:09:53,160 --> 00:09:57,809 Blare Sutton: not just financial motivations, it's political motivations. And so if 167 00:09:57,809 --> 00:10:02,728 Blare Sutton: you then extend that to thinking about critical infrastructure and 168 00:10:02,730 --> 00:10:07,469 Blare Sutton: other key businesses in the supply chain, it gives dual 169 00:10:07,469 --> 00:10:12,119 Blare Sutton: motivation to attack those targets. I mean, we've seen incidents 170 00:10:12,119 --> 00:10:15,510 Blare Sutton: where an attack on a managed service provider, which is 171 00:10:15,510 --> 00:10:19,800 Blare Sutton: an IT company that manages servers and IT systems for 172 00:10:19,830 --> 00:10:25,080 Blare Sutton: various clients, that's resulted in not just a ransom demand 173 00:10:25,080 --> 00:10:28,199 Blare Sutton: against that IT company, but ransom demands on each of 174 00:10:28,199 --> 00:10:31,260 Blare Sutton: their clients. So if we think of it in that 175 00:10:31,260 --> 00:10:35,370 Blare Sutton: perspective, the ability to attack someone in the supply chain 176 00:10:35,550 --> 00:10:39,900 Blare Sutton: actually improves their likely return on investment. Instead of it 177 00:10:39,900 --> 00:10:44,579 Blare Sutton: being one possible payment, they might have 10, 20, or 30 possible payments 178 00:10:44,790 --> 00:10:48,239 Blare Sutton: of lower value, but to a better return on investment. 179 00:10:48,600 --> 00:10:51,300 Blare Sutton: And then you flip that on its side and you 180 00:10:51,300 --> 00:10:56,040 Blare Sutton: look at it from a geopolitical perspective, to infiltrate something 181 00:10:56,040 --> 00:10:58,830 Blare Sutton: at someone like DP World, whether that's an... I don't 182 00:10:58,830 --> 00:11:01,229 Blare Sutton: believe that's been confirmed that it was actually a ransom 183 00:11:01,230 --> 00:11:05,549 Blare Sutton: attack, that's certainly a great geopolitical lever, whether it's to 184 00:11:05,549 --> 00:11:09,300 Blare Sutton: get information or access to information or to even be 185 00:11:09,300 --> 00:11:12,510 Blare Sutton: able to shut down their systems whenever you like. So 186 00:11:12,570 --> 00:11:16,800 Blare Sutton: absolutely, I think given that understanding and given what we are seeing, 187 00:11:17,190 --> 00:11:20,910 Blare Sutton: there's absolutely going to be a trend of supply chain 188 00:11:20,910 --> 00:11:23,458 Blare Sutton: and critical infrastructure attacks in the year ahead. 189 00:11:24,600 --> 00:11:27,958 Sean Aylmer: Darren, what should Australian organizations be doing now to prepare 190 00:11:27,960 --> 00:11:31,230 Sean Aylmer: for and anticipate these types of major cyber disruptions? What 191 00:11:31,230 --> 00:11:32,880 Sean Aylmer: are the steps they can take right now? 192 00:11:33,599 --> 00:11:35,490 Darren Hopkins: Well, a great question and the one we get asked 193 00:11:35,490 --> 00:11:38,520 Darren Hopkins: all the time to consider. We're going through, I guess, 194 00:11:38,520 --> 00:11:42,660 Darren Hopkins: top 10, what should Australian businesses think about right now? 195 00:11:42,809 --> 00:11:45,480 Darren Hopkins: Elevate cyber to be a material risk for your business. 196 00:11:45,480 --> 00:11:47,429 Darren Hopkins: Actually put it on the top of the list and 197 00:11:47,429 --> 00:11:50,010 Darren Hopkins: actually deal with it. One thing we've seen out of 198 00:11:50,010 --> 00:11:53,880 Darren Hopkins: all the surveys is your IT hygiene needs to be 199 00:11:53,880 --> 00:11:57,150 Darren Hopkins: managed and it needs to be up- to- date. These 200 00:11:57,150 --> 00:12:00,630 Darren Hopkins: attacks generally come through very simple controls that have failed. 201 00:12:01,290 --> 00:12:04,470 Darren Hopkins: Consider guidance that government gives us, like the Essential Eight, 202 00:12:04,530 --> 00:12:06,840 Darren Hopkins: and put a program in place to deal with that. 203 00:12:07,320 --> 00:12:09,900 Darren Hopkins: Know where your information and your assets are, where are 204 00:12:09,900 --> 00:12:13,319 Darren Hopkins: the crown jewels that you're trying to protect, and protect 205 00:12:13,320 --> 00:12:16,170 Darren Hopkins: them. In a lot of cases people don't know what 206 00:12:16,170 --> 00:12:20,040 Darren Hopkins: was taken because they haven't considered that information. We always 207 00:12:20,040 --> 00:12:22,978 Darren Hopkins: ask people to go off and test their defenses and 208 00:12:22,980 --> 00:12:26,910 Darren Hopkins: their preparedness for an attack. At the same time, formalize 209 00:12:26,910 --> 00:12:30,330 Darren Hopkins: your incident response plans and actually undertake some drills. Go 210 00:12:30,330 --> 00:12:33,390 Darren Hopkins: through and see how you would respond during an incident. 211 00:12:33,420 --> 00:12:37,110 Darren Hopkins: Blare did talk about those simulations and tabletops, so important. 212 00:12:37,740 --> 00:12:41,010 Darren Hopkins: Understand your legislative landscape you're operating in. Things are changing. 213 00:12:41,010 --> 00:12:44,250 Darren Hopkins: The Privacy Act has changed and will continue to change. 214 00:12:45,059 --> 00:12:47,699 Darren Hopkins: We've got a cyber strategy coming out for the country 215 00:12:47,759 --> 00:12:50,400 Darren Hopkins: next week, we believe. There'll be information in there that 216 00:12:50,460 --> 00:12:54,179 Darren Hopkins: relates to us. We may have mandatory reporting obligations. ASIC 217 00:12:54,179 --> 00:12:56,578 Darren Hopkins: is very vocal. So be aware of what you need 218 00:12:56,580 --> 00:13:01,319 Darren Hopkins: to do and start to consider other risk management considerations, 219 00:13:01,320 --> 00:13:05,070 Darren Hopkins: such as cyber insurance, beyond your IT. But the key 220 00:13:05,070 --> 00:13:07,410 Darren Hopkins: thing is, is actually start doing something about it. 221 00:13:08,070 --> 00:13:10,199 Sean Aylmer: Darren, Blare, thank you for talking to Fear and Greed. 222 00:13:10,740 --> 00:13:11,189 Darren Hopkins: Thanks, Sean. 223 00:13:11,549 --> 00:13:12,090 Blare Sutton: Thanks, Sean. 224 00:13:12,958 --> 00:13:16,020 Sean Aylmer: That was Darren Hopkins and Blare Sutton, Cyber Partners at 225 00:13:16,020 --> 00:13:19,170 Sean Aylmer: McGrathNicol Advisory, which is a great supporter of this podcast. 226 00:13:19,470 --> 00:13:21,840 Sean Aylmer: This is the Fear and Greed Business Interview. Join us 227 00:13:21,840 --> 00:13:24,029 Sean Aylmer: every morning for the full episode of Fear and Greed, 228 00:13:24,030 --> 00:13:27,300 Sean Aylmer: Australia's best business podcast. I'm Sean Aylmer. Enjoy your day.