Cyber Part 3: Data Protection, Privacy and Information Technology with Alex Hutchens


Manage episode 274396569 series 2681625
By 3YS Owls Governance Consultants, Ainslie Cunningham and Deb Anderson, 3YS Owls Governance Consultants, Ainslie Cunningham, and Deb Anderson. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.
In this episode of YS Up Governance and Boards Podcast, 3YS Owls Governance Consultants, Ainslie Cunningham and Deb Anderson interview Alex Hutchens. Alex is a Partner and Head of Technology, Media, and Telecommunications Industry Group at McCullough Robertson. We explore with Alex his passion for the intersection of law and technology, the most common forms of cyber-attack, reporting on and responding to data breaches, the importance of a robust data breach response plan and some useful resources if your organisation is the victim of a cyber-attack including: Australian Cyber Security Centre (ACSC) and Office of the Australian Information Commissioner (OAIC) and so much more.

Spear phishing is actually one of the most common attacks that we see today. And the reason behind that is it's a form of social engineering… which enables attackers to get access to other information, which might then be more useful from a cybersecurity perspective. So, there's a very famous now white hat hacker called Kevin Mitnick. And he used to be, back in the 80s, one of the FBI's most wanted people, such were his skills in penetrating IT networks. One of the things he talks about is that individuals are still the weakest link. It's the human factor that really is the best way into a system.

Spear phishing is really about not just blanket attacks, but quite targeted attacks, understanding that a particular person, it might be an IT manager, it might be a CEO, someone who's got very highly credentialed permissions within an IT system. If you can compromise them personally, get their information then perhaps you can then log in as them and exercise those credentials or pretend to be them and force other people to divulge information.”

“There's a report, I believe, and I have no reason not to believe it, although I imagine because it's part of sort of state security, it would be partly contentious. But there is a report of a virus or malware called Stuxnet, which was originally promulgated by the US security services. And reportedly, it was used in an attack on an Iranian nuclear reactor several years ago now. And basically, the vector through which that was brought in was an individual who worked in that nuclear reactor was compromised or working with the US, and managed to, through a USB port, introduce a compromised USB device, which then deployed some code into the system, and then affected the system so it would overheat and meltdown. And so that led to sort of physical destruction through the introduction of malware code.

Now, that's obviously a very different scenario from what most businesses are dealing with. But it's a really great example of how those USB ports are really still a major vulnerability.”
Alex Hutchens

Summary of episode
· Ransomware, spear phishing, Stuxnet and other forms of cyber attack
· Cyber security insurance
· Privacy
· Some examples of well-known entities that have experienced data breaches including the Australian Red Cross and Toll Holdings Limited
· Cyber criminals and malicious actors
· Kevin Mitnick the world’s most famous hacker
· Password protection
· The importance of cyber security awareness training for employees
· Threat vectors and activists
· The dark web

Alex is a Partner and Head of Technology, Media, and Telecommunications Industry Group at McCullough Robertson. His key practice areas are data protection and privacy, information technology, and telecommunications. In that role, he advises clients extensively on cybersecurity and data protection matters, particularly in connection with the rollout of new technologies, the mobilisation of workforces, and reporting and responding to data breaches.

Review, Like and Comment
If you enjoyed this episode please remember to review, like and comment. You can leave a rating and subscribe for the latest episode at iTunes using the apple icon in the player above.

About Us - 3YS Owls – Governance Consultants
3YS Owls are a corporate governance firm and incorporated legal practice who specialise in providing a variety of services and solutions across corporate governance, company secretary, board advisory, strategy, risk and business consulting. Contact the team today to see how we can help you.

Download a full copy of the transcript here.

Suggest a topic or join us as a guest on the show
If you have a topic you would like us to explore, or you would like to join us as a guest on the podcast, we would be delighted to hear from you Lets Get in touch!

YS Up - Governance and Boards Podcast is an easy to understand educational podcast covering hot topics in governance, risk, latest regulatory changes and issues keeping directors and executives awake at night. A practical guide to assist in navigating the complex regulatory minefield, increased public scrutiny, erosion of trust, climate change, modern slavery, non-financial risks, systemic cultural problems and other challenges facing companies in Australia in 2020 and beyond. Are you a company secretary, director, board member, C-Suite, executive or senior manager with an interest in governance, risk and regulatory change? Then this is the podcast for you!

35 episodes