Episode 307 Deep Dive: Simon Hodgkinson | Current Affairs Of State-Sponsored Cyber Attacks And Their Evolving Tactics

[00:00:00] Speaker A: So if you think now about AI, the amount of people that talk about they just want to deploy AI and they let a, you know, an AI engine loose over their, their data internally to try and find things like ability to standardize, optimize processes, reduce cost, et cetera, all good intents, but actually they often don't understand the data. [00:00:27] Speaker B: This is kvcz. [00:00:28] Speaker A: Are they completely scientific as a primary. [00:00:30] Speaker B: Target for ransomware campaigns, security and testing. [00:00:34] Speaker C: And performance risk and compliance? [00:00:36] Speaker A: We can actually automatically take that data and use it. [00:00:43] Speaker C: Joining me back on the show is Simon Hodgkinson, strategic advisor at Cempris. And today we're discussing current affairs of state sponsored cyber attacks and their evolving tactics. So Simon, welcome back. [00:00:55] Speaker A: Thanks kb. It's a pleasure to talk to you again. [00:00:58] Speaker C: Okay, so Simon, let's get a bit of a snapshot from you on how you are seeing state sponsored cyber actors continually target Australian organizations. So maybe walk us through it and how that looks in your eyes. [00:01:10] Speaker A: Thanks kb. I think first, first I'll say that I've just pulled down the Australian Signals Directorate report, their annual cyber threat report from 2023, 2023 to 2024. And they very specifically call out state sponsored cyber actors. Persistently is the term they use. Target Australian governments, critical infrastructure and businesses using evolving tradecraft. The ASD saw a 12% increase over the previous year in terms of cyber attacks reported. So this is very real. It's very real to Australia. State sponsored attacks are typically advanced persistent threats. So nation state actors typically don't have constraints. So they don't have time constraints, they don't have financial constraints. So they typically operate where they infiltrate networks. They try to remain undetected for extended periods of time, sort of gathering intelligence and at some point potentially exfiltrating data and disrupting systems. Typically they're in it for a few reasons. It could be espionage. So cyber espionage is a common tactic. So stealing sensitive information, it could be around critical infrastructure attacks. So we've seen obviously nation state sponsored attacks in Ukraine around things like the power grid. Disinformation campaigns are fairly common within state sponsored attacks. And again we've seen lots of disinformation campaigns including allegedly activity around US elections in 2016. And then obviously there is cyber warfare, but that's at the sort of extreme end. So Australian organizations are subject to all of those types of attacks, as are most Western organizations actually. And like I said, it's critical people recognize that if a nation state comes after an organization, whether it's public or private, they only need to be successful once, to get in where the defenders need to be successful kind of 100% of the time. And because they don't have any constraints in terms of time and resources, they can constantly be trying to breach your defenses. So it's absolutely critical organizations focus not only on trying to prevent or withstand those attacks, but they also focus on their ability to recover from them as well. [00:03:41] Speaker C: Okay, so there's a couple of things in there which is interesting. So going back to the top of the interview, I sort of said, you know, state sponsored cyber actors are continually targeting Australian organisations. So quick questions. Our GDP here in Australia is significantly lower to other places like the United States, even the United Kingdom for example. So what sort of would you say the reasoning behind that? [00:04:01] Speaker A: Well, a lot of the cyber attacks are not to do with from nation states are not financially motivated. It's more about espionage, stealing secrets, sensitive information. It's also potentially actually attacking critical national infrastructure. Not necessarily deploying an attacks to disrupt, but actually pre positioning put in, put in essentially, essentially either malicious software or leaving back doors in environments which they could exploit in future should, should they require it. So if you think about people like China, if the geopolitical tension increases with Taiwan and ends up resulting in, in some kind of, some kind of warfare, you know, the Chinese would be pre positioning activity to potentially disrupt critical national infrastructure should those things occur. So typically it's not financially motivated with nation states. There are some nation states and I've personally seen when sanctions increase on certain, certain jurisdictions. So Iran and North Korea spring to mind when sanctions increase on those, those countries. I've seen cyber activity increase as a mechanism to actually get revenue organization the loss revenue that they have as a result of trade sanctions. But typically that's not the motivation of nation states, but maybe just to build. [00:05:26] Speaker C: On that a little bit more. So if you look at like the US in terms of critical infrastructure, there's a lot more options than like Australia for example. So what would sort of be more of the motivation to sort of target like in Australia versus like even our population's pretty small, we've got quite a large country, et cetera. But is there any sort of thing there even if it's you know, maybe in tandem to the gdp, but more so just hey, like if people are going to focus their efforts, wouldn't they try to focus it on bigger targets like the US Even though they are doing that? But what's sort of your reasoning as to why like Australia sort of comes up as like a continual focus? [00:06:01] Speaker A: Well, I Think Australia is part of kind of the five Eyes organizations. They're very interlinked with most Western countries from a defense perspective. So if you think about orcas, et cetera, those are. And we were at the ORCAS event, which is the last time we had an interview. But you know, so there is a very tight connection between Australia and the rest of the world. So should an event occur, Australia likely would be involved alongside the US and European countries. So therefore they would just be and New Zealand and therefore they would be another interested party to those nation states. And equally there's a lot of sensitive information that will be shared between the Australian government and other governments across the world as well. So from an espionage perspective, if they were able to breach Australia's defenses, they may get information about that's being shared with, with other countries as well. So I think Australia is as interesting to nation states as any other organization. Again, not related to a financial motivation. [00:07:05] Speaker C: Yeah, that's interesting. So would you say this is, I want to get into this a little bit more because would you say from your experience perhaps people in Australia like lose sight of that? So people will say, oh yeah, but Simon, like our GDP smaller so therefore we'd have to worry about it as much or oh, but our population smaller. Like do you think sometimes people may lose the, the mindset that hey, we are part of the five Eyes? And to your point, perhaps part of their plan would be, yes, okay, us is big target, but what we can do is like weaken their allies like Australia and New Zealand and friends. Right. So do you think people maybe forget about that a little bit? [00:07:39] Speaker A: I think they probably do. And it's a little bit surprising actually to me in Australia because there's so many, not necessarily nation states attacks, but there's been so many cyber attacks in Australia over the, the past few years where probably every individual in, in the country has had their sensitive information leaked through, through one of those breaches, presumably alerted to the fact. And therefore I would have thought cyber would be fairly high up on their, on their radar. That said, you know, lots of people don't necessarily then think through the sort of state implications of cyber attacks. Obviously we do as being part of the whole industry. It's very natural to us. But I guess most people are just focused on their own personal cyber hygiene. [00:08:28] Speaker C: The other thing that's come in my interviews as well from people like yourself sort of saying like just us being geographically like so far away, it's kind of like, you know, out of sight, out of mind, a little bit so do you think that that could play into it a little bit in terms of like, oh, Australia is so far away, despite being part of an allied five eyes, you know, conglomerate, we just seem to forget about Australia a lot. I often just hear that a lot in my interviews. [00:08:51] Speaker A: It's interesting because that, that may be the perspective of people in Australia. Actually. I think that's not the perspective of certainly myself and people in the, in the uk. I mean, Australia seems like a very tightly integrated nation alongside many of the other Western allies, so. So yeah, that's an interesting perspective. I'd not thought of, of how Australia view Australian citizens view themselves so much as, you know, actually how intertwined Australia is in terms of sort of the geopolitical landscape. So, yeah, interesting. [00:09:27] Speaker C: And I think another point I would sort of add to that as well is because we're surrounded by water, right? So I think that's another thing that people think that we've got this moat around us that people think that we may or may not be invincible. Right. So I think that is something that I've often heard on the show in terms of just the general sort of perception in terms of Australia that we're quote, unquote, safer. [00:09:48] Speaker A: Well, so is the uk. We're surrounded by water and clearly we aren't. We're in the same position, actually potentially a worse position in terms of the level of cyber activity against UK critical infrastructure. But yeah, I guess that could be a perspective. But I would imagine most people now recognize that the world's kind of flat from a, from a digital perspective. I mean, most in, most people will be using some form of social media, they'll be using their banking apps if they happen to travel across the world. Of course, all of that is accessible. So you would start to think that people would recognize that actually they're part of this global, interconnected digital ecosystem now that, you know, something that's happening in, in, in the US or Europe is likely to impact Australia as any other, as any other country. It was interesting, I think, I actually think there is a little bit of desensitization globally going around cyber attacks, certainly around data breaches. I think everybody now recognizes that data in some form has been breached through some form of attack. And you know, if you think back to 2017 when NotPetya occurred and WannaCry occurred, cyber was right in the public domain. It was, you know, the NHS was impacted. So for people in uk, you know, that's something they know and love. So people really got engaged with the whole cyber messaging, not Petya was another in organizations that really woke up the executives and leadership teams and boards to the fact that cyber could be, they could be collateral damage for that. You know, if you look at the likes of maersk and merck etc. They were just collateral damage from a nation state attack. So maybe that one of the things is we haven't necessarily had one of those massive cyber events in the last couple of years that have continually bring that to people's attention. I don't want one by the way, but maybe that is part of the thing that it's just, you know, data bridges is an everyday event and people see it and they just move on. [00:12:00] Speaker C: Yeah, that's an interesting observation because I have asked people on the show, in the industry, etc, like hey, do you think people are becoming desensitized to breaches? I'll give you an examples. So when I'm doing like certain interviews I'll go out and do some recon, even look at like what people are commenting online etc and a lot of like every day Australians, I said like, oh well, who cares? I was caught up in the Optus breach, the Medibank breach, like who cares now? But how does that, that doesn't really help like the security industry sort of cause, right. If people are becoming desensitized. So do you have any sort of thoughts on that, on how do we sort of overcome that? [00:12:34] Speaker A: Well, I do have some thoughts and they're not necessarily based on facts but you know, one of the things that I've seen a massive increase in is attacks on health care. And I wonder whether there's any. Not necessarily, again not necessarily nation state attacks, but this is, you know, from a criminal motivation perspective. I wonder if there's a couple of reasons for that. One might be that actually that's one area where people would get particularly perturbed by losing things like sensitive medical data. Whereas actually people now recognize that, you know, your email address, telephone number, potentially home address, all of that, potentially passport information, all of that is, is out there in somewhere in the ether through the variety of different data breaches and you know, hundreds if not thousands of different data breaches that have happened over the last couple of years and people are less concerned about that. But actually, you know, there's been a direct increase in a huge increase in attacks on, on health organizations and I wonder if that mean that part of the reason for that is actually they're more likely to try and prevent that data from being leaked to the Dart web and therefore potentially more likely to pay the ransom. So you know, I think overcoming the problem is going to be difficult because you know, most people's personal information is out there already and I think, yeah, a lot of people are in that place. Oh, it's another data breach. There's nothing particularly concerning about this one, but if it was medical records, I think that would be different. [00:14:07] Speaker C: So I mentioned before that, you know, there are evolving tactics from these state sponsored cyber actors. For example, is there anything you can sort of elaborate on, on like what this looks like? [00:14:17] Speaker A: Sure. Well, first, first thing to say, KB is actually nation states will launch very sophisticated attacks. As I said, they tend to be advanced, persistent threats. So they tend to be low and slow. They'll get into an organization and just sit there. You know, they're not, as I said, they're not necessarily constrained by having to do something in a particular time frame. But what I would say is a lot of the initial compromise is through kind of tried and tested mechanisms. Credential theft. So phishing still part of it. Spear phishing still part of it. Exploiting Internet facing vulnerabilities still, that's how people get their foothold into, into organizations. And if you think about Australia, but also most countries, the critical national infrastructure is made up of public and private organizations. There's not one organization we're trying to defend here. All of them have different security postures. And despite enormous amounts of regulation, often those organizations are still way behind on their security posture with huge amounts of technical debt. And even fundamental things like multifactor authentication are still not consistently deployed across critical national infrastructure. So therefore, you know, getting into the organization doesn't necessarily need any form of sophistication. So I thought I'd raise that first because those foundational controls and getting those foundational, as some people call them, basic. Nothing in security is basic, but I would call them foundational. Controls in place are absolutely critical. But when a nation state is actually in your organization, typically they use a technique called living off the land. So this is where they use widely used tools, legitimate tools that people running their organizations all the time. And they use those tools to effectively deploy whatever capability they want. So if you think about it, in a Windows environment there's things like PowerShell, the Windows management instrumentation that's known as WMI, desktop protocols, they're all standard things that people run in organizations and the nation states will leverage those because actually they're much more difficult to detect. Malicious activity versus normal activity. They don't typically put malware out there because when you put something like malware in an environment, you know, people will detect those kind of things. So they're trying to lay low and just use normal activity that won't get spotted by your traditional security technology. So that's one way. Obviously they still do things like exploit vulnerabilities. So exploit zero vulnerabilities in software. If you go back to one of the most high profile attacks, that was Stuxnet back in the day, that was the attack on the Iranian nuclear facility. But also there was a more recent one where Cisco firewalls were attacked and that was a nation state campaign to leverage those firewalls and to leverage, leverage vulnerabilities in those firewalls from an espionage perspective. So, you know, that's another typical attack supply chain. You know, software is, there's always a supply chain in software. You know, there's typically say open source libraries, there's commercial off the shelf products that's used. Nation states will potentially attack that supply chain. If you think back to notpetya, that was an attack on a Ukrainian tax system that then spread globally. You think about solar winds, that was another nation state attack that was attributed to Russia. I talked about at the start, you know, we got disinformation campaigns as well. That's a fairly standard approach for nation states. So, you know, manipulating things like social media, deep fakes, propaganda websites, you can see that with, with Russia at the moment and disseminating misleading in order to further their cause with the Ukrainian crisis. So there's a variety of techniques they use. I'll come back to though that initial compromise typically is following a tried and tested path to get into the organization. And from there they go low and slow and therefore are very difficult to detect. [00:18:44] Speaker C: So in terms of the, the rise of AI, I've spoken to a lot of people on the show around, you know, cyber criminals leveraging AI, which increases like the velocity, the agility to get into these organizations. So in terms of going back to the evolving t, how do you sort of see this piece now fitting into everything that you just discussed? And what does that sort of look like now as we sort of traverse forward into somewhat uncharted, uncharted territories for people? But anything you can sort of share? [00:19:10] Speaker A: Well, I think, I think first, AI is both a positive and a negative from a cyber security perspective. I mean, on the positive side, obviously it improves our ability to detect threats, our ability to automate response. As you're well aware, in a cyber context, speed is everything. So if you can see something quickly and automate your response quickly, then you're likely to limit the blast radius if you have an attack internally. And of course, every organization, be it public or private, always has constraints from a financial perspective and therefore AI can help us with that sort of efficiency in terms of our security operations and therefore cost. But on the other side of that is the negative side. So I think you're just going to see more and more sophistication in things like phishing attacks, deepfakes, and also you'll see software now evolving, malicious software now effectively being deployed, but actually learning about the environment which is deployed and evolving to avoid detection. And the final thing would be organizations are obviously deploying AI themselves to either commercial upside or operational efficiency or to get, you know, much more insight into their own organizations, again, be it public or private. And what I think you'll see is that, you know, nation state attackers will try to influence those models by what they call poisoning the data. So, you know, if you can feed the model misinformation or disinformation that actually affects the model in a way that changes the prescribed outcomes, then AI can be very successful. From a deepfake perspective, I think there was a fairly high profile attack in 2024. I don't think actually the company was ever, ever fully disclosed. But you know, there was a deepfake IA AI that impersonated the CFO of an organization through a video conference call. And the finance person in that organization transferred 25 million to a fraudulent account because they were absolutely convinced that the person on the other end of the call was the cfo. So deepfakes are incredibly good. Now I personally worry for us as individuals around the deepfakes. If I think about my elderly mother, she turns 90 in a few weeks. If she thought my son was calling and needed help by transferring money, she could be easily convinced if it sounded like one of my sons asking for that. And I have to remind her all the time, if something doesn't appear right, check, call me and check. And I think us as individuals will have to become very, very sensitive to what's going to happen in the world of deepfakes. It only takes a couple of seconds of a recording of a voice in order to be able to create a deep fake audio and, you know, and not a lot more to, to create video as well. So I think you'll see a lot more activity around deep fakes as well. So I'm, I'm really concerned about that because I think this is the next scammers paradise. [00:22:34] Speaker C: So speaking of scammers paradise, as you know now like you can just, there are certain sort of in the cyber criminal supply chain you can, if you don't know how to do something, you can get someone to do it, you can buy a tool, et cetera, as you would know. So overall, like back in the day you had to be somewhat technically sophisticated. Nowadays you don't. Right. So any sort of Joe Blow could sort of start getting into cybercrime despite not necessarily knowing everything like you had to historically. So now that sort of the bar for entry is lower. Do you see this now being an added problem to the already the problems already have or what are your thoughts on that? [00:23:10] Speaker A: I absolutely do. I think, you know, if you describe it cybercrime, it's very low cost of entry, low sophistication in terms of, you know, the knowledge you need to do it. The rewards tend to be pretty high and the risk of being apprehended is virtually zero. So if you, if you would look at that in a traditional business, low cost of entry, very low risk, high reward, people would be piling into it. And you know, I'm afraid, afraid we've seen that from a cybercrime perspective. Add to that across the world with the geopolitical instability, rising inflation, rising cost of living challenges, then I'm sure more and more people will be attracted to that, you know, potential cybercrime as a mechanism to fund their lifestyles. 99.99% of people are good and honest. So you know, I don't think we're going to see the whole world move to it. But you could see, you know, an increasing number of people trying to leverage that of way of making money and affording to live. [00:24:12] Speaker C: So before you said speed. So I want to go into this a bit more. So recently one of my interviews, I was interviewing someone and they were talking around like businesses need to make faster decisions. Faster decisions, meaning when obviously we're responding to a breach, but then also when we're procuring technology because things are just moving so much quicker than they ever have before. So in terms of like responding to a breach, etc, like obviously people talk a lot about, you know, get a plan and all the basic stuff we've all heard, etc, practice your IRP etc. But, but in terms of speed now, in terms of companies making decisions and look at, you know, I'm ex a big bank, like things just weren't happening quickly but now we're sort of seeing a shift that businesses have to make decisions with speed behind them because if they don't, they're going to get left behind. So what is your sort of view then on that now as we're sort of getting into this sort of territory of, hey, we can't sit around for ages and make a decision. We just need to make a decision and perhaps time box those decisions in order to move forward. [00:25:18] Speaker A: Two things there, I think that is absolutely true, that commercial imperative is absolutely critical to organizations because if you're not quick enough, somebody else will take the market. So I think speed is really important for businesses to evolve and adapt and be successful. So that's a good thing. That's what they should be doing. I think one of the challenges now is with the democratization of digital is it used to be that they would go to the digital organization to go and procure whatever technology they wanted to deploy in order to deliver that strategic outcome for the business. Now they can do it themselves. And one of my biggest challenges in my previous employer, that the core of our technology landscape, we were really good at, at securing that. It was all the things that go around the edges. So businesses spinning up their own solutions, not necessarily coming to it to do it because it had been traditionally quite slow. So I think the IT organizations need to speed up as well and recognize that, you know, we have to be able to solution things much faster in order to enable the business to be successful, but still make sure that you put those foundational controls in place. So if you think now about AI, the amount of people that talk about they just want to deploy AI and they let a, you know, an AI engine loose over their, their data internally to try and find things like ability to standardize, optimize processes, reduce cost, et cetera, all good intents. But actually they often don't understand the data. They don't understand the sensitivity of the data. It's not classified in any way. It's not necessarily invented in the right way that is meaningful. So if you do that, you're essentially then if you go fast and you don't put those foundational controls in place, you don't put the things like asset discovery and inventory to understand what you're dealing with. What you're doing is actually expanding your attack surface, amplifying it by an order of magnitude, frankly, when you think about what AI can do with that data. So you have to, you know, whenever you're going through that, you can still do it quickly, but you still have to make sure that whenever you bring technology in. And every business now is a digital, digital business. So anything a business is doing is fundamentally going to be underpinned by digital, you need to make sure that those foundational controls are in place. It's so much more expensive to retrofit cybersecurity than getting it right first time. But you know, the speed point is really well made. But you know, and IT organizations within their organizations need to recognize that we, you know, we need to evolve and make sure that we are much faster at delivering what the business require. [00:28:08] Speaker C: So that being said, would you say, Simon, that people generally are. Afraid's not the right word but perhaps are apprehensive about making those decisions because it's like, oh well, I don't have a lot of time because back in the day we'd have to run it through risk and tech risk and business risk and all this sort of stuff just to procure, for example, a product. Now it's like, well, we don't have that time on a hand anymore. This is something that I'm seeing coming up a lot of my conversations now. So do you think that as a result people are going to be more worried about making these decisions because it's really on their head then or what do you, what's your view on that? [00:28:39] Speaker A: Digital technology is now so easy to procure a cloud service, a SaaS service, anybody can do it, right? And I've seen lots of examples where people are using SaaS applications and they log in with their credentials, they're@joe blogs.com organization and they assume that's part of their company at that point. And it isn't because they're not federated in terms of the identity down to those digital solutions. And therefore you've got orphan data in a SaaS environment. You can't let that happen. You need enough process, you can still do it quickly, but you need enough process in an organization that can make sure those foundational controls are in place. So speed is important, but you can imagine the cost. You've seen the cost of data breaches. I think the average is in the millions now in large scale events it's in the hundreds of millions and therefore there is a massive cost of getting it wrong as well. So we've got to find a nice balance between helping the business procure that technology but putting those foundational controls in place. Such you don't leave yourself in a world where you've got a whole bunch of orphan data in SAS environments because you haven't put the right controls around identity in place. And then it is lots of examples. It's not just identity, but you just, you know, speed is Great. But you also need to make sure you do it right. And of course, the other thing, kb, is the regulators. Now, especially when we get to things like critical national infrastructure, there's huge implications of getting those decisions wrong and having either disruptive ransomware or data breaches in those environments. So, you know, people have got to be thoughtful about their regulatory commitments as well. [00:30:34] Speaker C: So where do you think people are at at the moment? Do you think they're scrambling or what are you sort of hearing? Because there's all this, you know, like said, the regulators and the socky and then there's the AI component and there's, you know, there's an election coming up, so people get nervous around that in Australia. Where do you think though, people are, where's their head at, generally speaking? [00:30:53] Speaker A: So certainly all the organizations that I speak to, there's a spectrum, there's, there's, you know, you've got people that are very much in the control side of things, so things are still fairly slow to deliver capability. And you've got the other end of the spectrum where people are just throwing technology at the problem. So I don't think there is a standard thought on, you know, about things like AI adoption. I mean, everywhere you'll read, you'll read the demand of the business to make sure they can adopt AI. But I actually think there's lots of organizations putting a lot of good work into making sure that they have the right frameworks in place to make sure whatever AI they deploy is secure. But it also has good ethical boundaries in place within that AI engine as well. So I think people are massively keen to adopt it, to see the benefits for their businesses. But I do think, think there's almost like a bell curve, I guess there's those that are very, very slow at the adoption curve, probably won't do it for many years. There's those at the other end which are throwing the AI at it. And then you've got a good bunch of people in the middle, the 80% which are doing the right things around making sure that you've got good controls in place. And whatever AI you're deploying or whatever technology you're deploying isn't going to leave your organization vulnerable. [00:32:17] Speaker C: And where do you think we sort of go as an industry from here now with everything that we've sort of discussed today, what you're seeing, etc. I know that's a big question, but people are curious to know. [00:32:28] Speaker A: Oh, what a question. If I think back to just generally in, in the cyber world, it's kind of an asymmetric war, right? I mean it's, it's nation states and to a degree, some of the more sophisticated criminal gans, they have significant better resource and no constraints in order to achieve their objective. So for organizations, they have to focus on resilience. For a long time we have been focused on trying to withstand through good protective and detective controls. And I think we need to rebalance that now. Every organization should have an assumed breach mentality and they need to really rebalance their resources, working hard to withstand attacks where they can, but really focusing on that capability to recover. So part of that is. And that's a really complex thing to do, right? So if you have a major ransomware attack, you can't recover everything all at the same time. So it takes real work between the business and the technology organization to really understand what are those business activities have to be restored first. You know, there's this concept of minimum viable business, public sector as much as private sector. But in order to recover your minimum viable business, to get your business back and running up and running is really important. And in order to do that, you then need to map your strategic outcomes to your business processes and from your business processes, then map that down to the technology landscape. And interestingly, as one goes through that exercise, every organization will realize there are a few core capabilities that they have to really recover quickly. And identity. I've mentioned identity a couple of times through this. Identity is the lifeblood of the digital ecosystem. So in order to recover anything, you have to have your identity platform back. So people need to really focus on, on, you know, how do we, how do we protect where we can withstand those attacks. But when the bad things happen, how can you recover quickly from those, those events? So I think there's going to be a rebalance in, in the kind of thought process and I've even seen, I think Gartner have produced something on it recently about this, this need to rebalance where we're spending our time, money, people, resources, on focusing on actually let's assume breach, let's assume something really bad is going to happen at some point, it's inevitable. And therefore let's figure out how we're going to recover quickly from that event should it occur. [00:35:13] Speaker C: So Simon, do you have any sort of closing comments or final thoughts you'd like to leave our audience with today? [00:35:18] Speaker A: Well, yes, so there are a couple of things really. I think I talked about recovery and as I said, I'm strategic advisor with Sempras. You know, one of the Things that Cempras does is make sure you've got people process and technology to actually recover should you have that, that big event occur. God forbid it happens to people. But if it does occur, you can recover your identity system. That's the first system you've got to recover. But there's a key thing you have to think about and you've got to recover with integrity. We talked at the very early stage about, you know, the nation states and this notion of persistent threats either leave back doors in the environment such that once you think you've recovered from a destructive attack, they'll be leaving backdoors so they can reach you again. And I would encourage people to pull down Sempras ransomware report because in there the amount of, there was massively substantial amount of organizations if they'd been ransomware once, they would be ransomware 2, 3, 4 times within the same 12 months. And that's typically because back doors have been left and when they've recovered, they've recovered that either malicious software or that capability in their environment. That's really, really important. It's also really important that you've got technology deployed that can look for anomalous behavior. They're very difficult to spot. But actually the thing that the attackers want to do is own your own your identity system, own your domain. Because once they've got domain admin capability in that environment, they can pretty much go anywhere, do anything within your digital ecosystem. And therefore you've got to deploy sophisticated technology in order to spot those anomalies. And again that's where kind of semperus provide the security capability as well as the recovery capability to help you spot that activity in your identity system but critically auto automate the response to that as well. So if they see something bad happening, we can back that out immediately. So I want to leave people with rebalance your resources not only on the ability to withstand but also the, you know, focus a lot on your ability to recover. And it's critical that you know, we, we deploy the right technology that makes sure that when we do recover from one of those events, we've got integrity in the system. The last thing I'd say is produced two ransomware reports last year. I encourage people to go to their website and read both of those. They're kind of a fascinating read, pretty scary read actually. And there's a report coming out in the next few days, hopefully where they surveyed about 350 utility organizations. So water, water treatment, electricity operators in the US and the UK and it really, that report really highlights, you know, real crucial lessons for public or private organizations in the Kratko national infrastructure area. And you know, just share a couple of stats. 63% said their organizations have been targeted by threat actors in the past 12 months and 80% of those were attacked multiple times. I would hazard a guess that, you know, it's larger than bigger numbers than that. It's just people don't necessarily have visibility of those attacks. But 59% confirmed that nation state sponsored cybercriminals were behind the attack. So that comes back to the Australian Signals Directorate report. You know, Australia, along with all of these, all of the Western organizations are a target for nation states. So you've got to think about that ability not only to withstand but your ability to recover from those sort of attacks as well. [00:39:12] Speaker B: This is KBCast, the voice of Cyber. [00:39:16] Speaker C: Thanks for tuning in. For more industry leading news and thought provoking articles, visit KBI Media to get access today. [00:39:25] Speaker B: This episode is brought to you by MercSec. Your smarter route to security talent MercSec's executive search has helped enterprise organizations find the right people from around around the world since 2012. Their on demand talent acquisition team helps startups and mid sized businesses scale faster and more efficiently. Find out [email protected] today.