In this episode of YS Up Governance and Boards Podcast, 3YS Owls Governance Consultants, Ainslie Cunningham and Deb Anderson interview Alex Hutchens. Alex is a Partner and Head of Technology, Media, and Telecommunications Industry Group at McCullough Robertson. We explore with Alex his passion for the intersection of law and technology, the most common forms of cyber-attack, reporting on and responding to data breaches, the importance of a robust data breach response plan and some useful resources if your organisation is the victim of a cyber-attack including: Australian Cyber Security Centre (ACSC) and Office of the Australian Information Commissioner (OAIC) and so much more.

"Spear phishing is actually one of the most common attacks that we see today. And the reason behind that is it's a form of social engineering... which enables attackers to get access to other information, which might then be more useful from a cybersecurity perspective. So, there's a very famous now white hat hacker called Kevin Mitnick. And he used to be, back in the 80s, one of the FBI's most wanted people, such were his skills in penetrating IT networks. One of the things he talks about is that individuals are still the weakest link. It's the human factor that really is the best way into a system.

Spear phishing is really about not just blanket attacks, but quite targeted attacks, understanding that a particular person, it might be an IT manager, it might be a CEO, someone who's got very highly credentialed permissions within an IT system. If you can compromise them personally, get their information then perhaps you can then log in as them and exercise those credentials or pretend to be them and force other people to divulge information."

"There's a report, I believe, and I have no reason not to believe it, although I imagine because it's part of sort of state security, it would be partly contentious. But there is a report of a virus or malware called Stuxnet, which was originally promulgated by the US security services. And reportedly, it was used in an attack on an Iranian nuclear reactor several years ago now. And basically, the vector through which that was brought in was an individual who worked in that nuclear reactor was compromised or working with the US, and managed to, through a USB port, introduce a compromised USB device, which then deployed some code into the system, and then affected the system so it would overheat and meltdown. And so that led to sort of physical destruction through the introduction of malware code.

Now, that's obviously a very different scenario from what most businesses are dealing with. But it's a really great example of how those USB ports are really still a major vulnerability."
- Alex Hutchens

Summary of episode
· Ransomware,