Cyber News Roundup Oct 2020 | From fake jobseeker ads to DFAT email blasts + Hype vs utility of AI & ML

The Get Cyber Resilient team are back again for the monthly cyber news roundup! Gar and Dan take a look back over the month that has been and the insights that our October guests brought to the show. Brad and Dan discuss the latest in cyber security news including the fake jobseeker ads, how cyber criminals are using celebrity gossip as a lure for Australian targets, the importance of resilience even in a SaaS world, the most recent ransomware attacks and the DFAT email blast that exposed email addresses of Australians stuck over seas. After the news, Dan and Gar jump into a discussion on hype vs utility of  Artificial Intelligence and Machine Learning. 

Where to listen

The Get Cyber Resilient Show Episode #37 Transcript

Garrett O'Hara: [00:00:00] Welcome to the Get Cyber Resilient podcast. I'm Garrett O'Hara, and today is our monthly news roundup. Co-host Dan McDermott will take us through the episode today, and we start with our traditional reflection on the guests and the learnings from each interview this month. Regular guest, Bradley Sing then joins Dan to cover the latest news where they talk about the fake job seeker ads and what to watch out for, how cyber criminals are using celebrity gossip as a lure for Australian targets.

I never expected at Cyber Resilience podcast to mention Chris Hemsworth, but here we are, the importance of resilience, even in a SAS world, based on the recent O365 availability issues, the most recent spate of runs more texts, and the default email blasts that exposed email addresses of Australians stock overseas. We finish the episode out with Dan and I covering the hype versus utility of, dare I mention it, artificial intelligence and machine learning. So, we really kind of get into that one. Over to the episode. Please enjoy.

Dan McDermott: [00:01:05] Hi, all. And welcome to the October review edition of the Get Cyber Resilient Show. Uh, yes, that's right. October. This crazy year seems to, uh, just be going faster and faster, um, yet slower and slower all at the same time. But, uh, certainly, uh, I'm Dan McDermott and, uh, really, uh, happy to be with you today and sort of reflecting back on what we've seen in the cyber security industry in Australia and New Zealand over the last month.

Um, I'm joined firstly, uh, by our regular host, uh, Garrett O'Hara, who, uh, who's done an amazing job, again of, uh, getting some great guests onto the show over the last month, um, and ta- talking about a number of, of, wide variety of topics, which has been fantastic to see. Garrett, welcome back. And, uh, it's great to be able to reflect on, again, the amazing guests that have, uh, spent time with us over the last month.

Garrett O'Hara: [00:01:58] Yeah, it really is. Thanks, Dan. Good to be here. And it is amazing how quick these months are going. It feels like every time you blink we're... one to three of us are back on to, to chat about the month that's been. So, yeah, good to be here again.

Dan McDermott: [00:02:09] Yeah, crazy indeed. But, uh, you kicked off the month with... uh, we had a discussion with, uh, Jason Durden from Blackberry. That's funny. I, I still think of sort of, you know, the, the black phone with a small screen and a, and a physical keyboard, right? That was... it was good for emails. Um, but rather than sort of looking back on, on the, the phone of Blackberry, um, they're doing some really exciting work in the world of cyber, and we had a chance to catch up with Jason to discuss that.

Garrett O'Hara: [00:02:35] Yeah, absolutely. And I'm very much like you, or maybe a, a certain demographic and maybe we leave it at that, that, uh, fondly remembers those days, but, uh, man, those phones were just amazing. I still, I still kind of have, um, like, I- I- it almost feels like a comfort blanket 'cause you just knew email was gonna work wherever you were in the world. It was just phenomenal, absolutely loved those things. Um, but as you say, Blackberry's kind of evolved, and, and Jason actually came over with Cylance. So, like, he sort of lives and breathes security, eh, more than, more than, uh, [laughs] re- retro, retro phones. Um, and, you know, he's obviously, a, a very experienced security leader.

Um, really enjoyed the conversation actually. He's somebody who's more and more on my radar. He's, um, a guy who comments regularly in the media and is, um, just a generally insightful guy. Um, but also just a lovely person to speak to. I said it from the, the... at the time. You know a good interview when, you know, 15 minutes feels like five, and then that was definitely one of those. And, we, we talked about a lot. We talked about, um, how the vendor side of the cybersecurity industry can be better. Um, he had some really good commentary, on, on fear and the impact of fear in cyber security, uh, which I, I definitely agreed with.

Um, IOT, which is just one of those topics that I think we're gonna end up talking about more and more. It seems like it's just coming up because I think the penny has finally dropped in terms of how much of a problem it's gonna be going into the future. Um, and then we, we actually talked about the new South Wales cybersecurity strategy, which is where, uh, you and I actually both, I suppose, both, yeah, quotes met Jason and, you know, he had some very sort of, uh, uh, useful commentary in that forum. And, um, I think that was what kind of, you know, lit our light bulb and said, "Hey, this is the guy we'd love to, uh, get on the show." So, yeah. I really, really enjoyed that conversation.

Dan McDermott: [00:04:14] Yeah, that's right. Uh, it's, uh, It's, it's great sort of being involved in some of those industry activities and different speaking events and that type of thing where we get to meet some of these great people and then, uh, get to bring them onto the show. And they're so generous with their time. The second, uh, guest that you had in the last month, uh, was, uh, something I guess a little bit different in some ways. Um, it was Jessica Lee from Jessica Lee Consulting. Um, really talking about the role of mental health, um, for cyber professionals.

Um, while it's a little left field, it's not technology, it's, it's interesting. It's was actually published probably, what? Two or three articles on this so far this year. Um, which has had really high readership and really high sharing sort of across LinkedIn and those types of things to, to really, I guess, resonate with people and then the pressure that cyber professionals and so-and-so's are under, and, you know, and then with COVID hitting, we've just seen that escalate even further. So, I think it was really timely, as well. There was, um, World Mental Health Day, uh, just before, uh, the release of the podcast, and that, so it was a certainly a timely discussion. And what advice does Jess have for us on, on this, you know, challenging and difficult issue?

Garrett O'Hara: [00:05:22] Yeah, there, there was lots to be honest with you. And it was one of those ones where, uh, the, the sort of genesis for the idea, it was just conversations I was having with colleagues and, and sort of peers in the industry. Um, and, as you say, Dan, it was just weirdly timed well with Mental Health... uh, World Mental Health Day. Had no idea. You know, when I suggested it to you originally, it was, it was literally just one of those weirdly, weirdly serendipitous, uh, times.

Um, and Jess, you, I mean she's got such good forum in this area. She's an organizational psychologist and has been doing that at, a, a very high level for a long time. So, um, just felt like a perfect person to have this conversation with. Um, look, what we really dug into was the idea of stress and burn out and the idea that one kind of leads to the other and, you know, ultimately leads to even worse things. You know, I mean, people can end up in, uh, severe depressions through kind of burning out, you know, and not realizing it.

I think it's your point. It, it seems a little bit kind of off pieced or a little bit left field compared to what we normally talk about, but, uh, it's impossible to be cyber resilient unless the people delivering those services are, you know, personally resilience. You can't have one without the other, so totally agree. It's, it's a big difference compared to what we normally do, but fundamental building block in terms of organizational resilience. Um, and I would say beyond cyber security and cyber resilience, um, instead of kind of wider organizations, it has material impacts. It's not one of those, uh, look, I, I think in our industry, it's, it's very easy to kind of get maybe over-focused on the bits and the bites and the speeds and the feeds, and then forget about the, the material impact the people side of this thing can have.

And by that, I don't mean just navigating the politics to get projects done. I mean, are people happy? Are they mentally healthy? Are they showing up and able to do a good job of security or other things? And just like that conversation to me was awesome. Um, it was the.. a discussion of what the problem is, but we ran it out with, uh, some very, very, um, practical tips for how to kind of self care. That, if, if you didn't listen to any, listen to the last 10 minutes, 'cause that's the, the bit that'll help you if you are feeling, uh, stressed or even a little burned out.

Dan McDermott: [00:07:27] Yeah. That's, uh, definitely, uh, uh, worthwhile listening to, and, and sorta back a episode to have a listen to, and also jump on, get to cyberresilient.com and just search for burnout, and you can see those other couple of articles as well with some other materials and reference points there, as well. I, I was talking about this, there's no doubting that the stress of, you know, of... on cyber professionals of, you know, stopping the attackers, stopping bad things happening to, to their organizations is something that is, you know, imperative, uh, for all of us.

And, and we need to take care of our people because, you know, at the end of the day, they are, they're really the front line in, in making things happen. Um, the third case that you had for this month was, uh, was Mark O'Hare from Mimecast who is, uh, based here in, in Melbourne. Um, and, but he's actually, you know, a glo... in a global CISO role, um, and needing to, you know, be a, CISO not only in a, in a global organization sort of based out of Australia, uh, and having some of those challenges, um, but also working for a cybersecurity vendor. Um, so probably additional pressure on the, on the CISO role itself as well. Um, what, what was Mark able to share with you?

Garrett O'Hara: [00:08:39] Yeah, again, uh, you know, kind of say this, uh, nine months into making, uh, Mark is, as you say, he's a global role in, in an Australian region. So, uh, a very, very busy guy. So it felt kind of, um, yeah, definitely looking to, to get the time with him. Um, it's, it's funny, he's, he's come to security through a fairly interesting path. He has been all over the world on a bunch of different jobs. Now he is being in pure security and leadership for quite a while. And I think to your point Dan, he's got a, a pretty, um, useful perspective for Australian audiences given the global nature of Israel.

Um, when we looked, we talked about the things that keep him awake at night and, um, you know, he, he was at pains to say that while he works for Mimecast, you know, his, his concerns are maybe specific to our company, but as I was listening to him, I'm, I'm pretty sure they're actually fairly universal for the most part, at least the, you know, the, um, the theory about the things that he's, he's kind of, worried, worried about. And we talked about one of the big problems for CISOs or security people in general, which is how do you, how do you get through the avalanche of information that exists every single day? Like there's just so, so much stuff happening.

And, um, he kind of talked through what he does there, um, in terms of that, um, you know, the magic wand question, which I always love asking CISOs, you know, if they, if they had, uh, a genie or a magic wand, what would they do? And he had some, some good insights there. And we talked about the board ex co relationship and, and how that's kind of evolved and changed over his time as a CISO, but in, in general, um, regulatory influence, um, talk to other people and, you know, that's the other side of this, um, this industry is finding really good people. And then how do you retain them? You know, given how competitive it is out there. Um, so just one of those, um, for me, one of those really, um, almost pure security conversations in a way, you know, you get a CISO, that's what their world is. So it's kind of lovely to circle back from somebody like, you know, Sony dealing with kind of mental health right back into, okay. What's the practical stuff of being a CISO. So, yeah. Great, great conversation with Mark.

Dan McDermott: [00:10:37] Yeah, definitely. And, uh, so I didn't realize one of these roles was based in the Cayman islands. Um, like we can all dream about, uh, getting there one day and working to maybe get back at some stage would be, uh, would be something that we, uh, all aspire to at the end of, uh, all of this as well.

Garrett O'Hara: [00:10:53] Yeah. I'm , I'm sure he was working from, uh, in my mind, like a puddle board with a laptop sort of stuck onto it and, you know, it's a gin colored water. Um, but yeah, I suspect it was probably a little bit more, more difficult and mundane than that.

Dan McDermott: [00:11:06] Yeah, it's, uh, it's sounds pretty tough. So definitely, definitely a good one. So, uh, look, thank you Garrett again, thanks for, uh, continuing to be a great host for, uh, the show each week and, um, really, you know, bringing to life these stories, um, from a variety of different sources and different people across the industry. And again, we're just, uh, really thankful and grateful for the time that people spend with us. So, uh, thanks again.

Garrett O'Hara: [00:11:27] Thanks Dan.

Dan McDermott: [00:11:28] Now, we moved to the section where we review some of the headlines, uh, from the previous month and, uh, I welcome back to the show, uh, Bradley Sing. Welcome Brad.

Bradley Sing: [00:11:40] Hey Dan, how are you mate?

Dan McDermott: [00:11:42] Yeah, very well, thank you. Um, another, another incredibly busy month, um, with lots of things happening. So, um, so, uh, sort of straight in and then we thought we'd, uh, kick off with a bit of a public service announcement, um, regarding some widespread recent attacks. And it's starting off with, uh, the notion of fake job ads, um, which the atrial procedures has, um, has impacted over two and a half thousand Australians. Brad, can you tell what people need to look out for? It's definitely, why would job ads be a target for cyber criminals?

Bradley Sing: [00:12:14] Great question, Dan. I think it's something that we've been seeing ever since, you know, the whole work from home movement, COVID dynamics changing, but certainly it is a large volume that we've seen reported to the ACCC. The interesting thing to remember about scams, which are, I, I feel like scams reported to the ACCC especially around cyber are quite underreported. So that number is likely to be higher. The reason for it though, um, like this... the other week as an example, I was on SEEK and I sort, um, job in Glebe for dishwasher. It had, had over 6,000 applicants for it.

So I think part and parcel of that is, um, I guess, change in government legislation, job keeper, starting to wind down and a lot of Australians being mandated to apply for work in order to maintain payments or just get a job. And if we ever think about what details you supply, when you're applying for a job, it's over 100 points of ID, it's your driver's license, your birth certificate, it's a perfect storm for scams to swoop in and grab your details.

Dan McDermott: [00:13:07] Yeah, I, I won't mention to God that you were on the SEEK. Um, but, uh, it's, uh, definitely, um, I- it is that thing of identity, right? And, and what, you know, the know... what people can do once they have that your identity and, and where it could be used, you know, subsequently. So it's not just, yeah, the initial sort of scam itself, right? It's like, what is the malicious activity that might happen off the back of it as well? The second, uh, sort of a warning that we wanted to put out there was, um, a, a new, more sophisticated phone bursts attack where the crews are actually posing as a [inaudible 00:13:40] threat here. Um, both as the police and as the ATO in a bit of a double whammy to try and deceive innocent victims. What's your advice and take on this attack.

Bradley Sing: [00:13:50] So for anyone who's been following Get Cyber Resilient over, I guess the past year, I think we covered an article or story rather, uh, around, um, a Russian group, which was doing a very sophisticated kind of double social engineering attack. I guess this one's a little bit more localized. Um, so effectively what it is, it's an alert from Australia police... sorry, it's South Australian police. And effectively what the scam has been doing is calling up people saying that... uh, pretending to be the ATO, um, saying that, "Hey, you're, you're a victim of identity fraud. You're going to be expecting a call from the ATO again and from South Australian police."

And they're then using software technology effectively to spoof their caller ID to make it seem like they're coming from a police station. So ultimately thereafter credit card numbers, payments, um, it reminds me a lot of the Australian Federal Police automated scan, which I'm pretty sure we've all received at some point, or it comes in via voicemail. It says, "Hey, you're in trouble. You need to call a certain number," but this one seems to involve more people. Um, interestingly enough, we did see quite a few people get caught for this in South Australia last year as well, a few convictions. So something which I'm sure, uh, South Australia police are, are focusing on.

Dan McDermott: [00:14:57] Yeah. And, and also just highlights, you know, that attacks can come through any mechanism in any means, right? And, and it's, it's different, uh, I guess communication mechanisms that the, the attackers will use in a variety of ways. And I think that notion of using what would seem like very trusted people that it's coming from the police and the tax office variety, it's very hard for people to necessarily decipher and know that like that's not real because they wouldn't... the initial response would be a bit of panic. Right?

So, um, definitely hitting on, on the vulnerable again, which is a, a, a constant theme and something that, you know, is obviously always a, a, a mighty shame in terms of all of this as well. Looking at a slightly lighter note, um, but still, you know, certainly a warning for unsuspecting pundits out there is, um, that we've learned that Adele, yes, Adele, the, the British singing megastar is also the most dangerous celebrity online. How has this threatened manifesting?

Bradley Sing: [00:15:54] So it's always good to have, I guess, a few lighter stories, but like, as you mentioned, Dan, um, obviously still, uh, he'd risk ,and what scammers are effectively doing is they're using celebrity gossip to lure in unsuspecting victims. Um, McAfee re... uh, released a report recently, which went through the top 10 list of most dangerous celebrities for internet users. Um, and the way I interpret that is it's a list of, I guess, topics where there's an us celebrity gossip, which people are Googling, which then hackers will then craft fake ads or, or targeted websites.

Um, some of the popular phrases out of interest were Adele's weight loss, uh, Drake's secret son, um, not in Australia, but globally the most, uh, dangerous Australian to Google was Chrim... uh, sorry, Chris Hemsworth, um, out of all people. Um, I don't think I've got any more to comment on that aside from yeah. Um, read some news and find some interesting stuff to look at

Dan McDermott: [00:16:47] [laughs] It's, uh.... that is.... it's interesting again, that it's just, you know, a- another vector that is, uh, that can come out of nowhere as, as, as it seems. Right? So, and, and, uh, we just got to watch out for that fake news.

Bradley Sing: [00:16:58] I- I think people are just bored and it's one of those 3:00 AM internet holes where you're just clicking through random links and yeah, you're eventually going to land on something nasty.

Dan McDermott: [00:17:08] [laughs] Indeed. Uh, next we're gonna shift the focus to the need for resilience or, or the notion of a plan B. Um, in the world on, um, relying on, on cloud platforms, this is becoming more and more important. Especially relevant is the reliance on Microsoft for many organizations for their productivity and collaboration tools. Now, while we certainly don't wanna turn this into a Microsoft bashing session, Brad, um, but it is important for people to have, you know, a plan for platform resilience.

Bradley Sing: [00:17:37] In fact, I'm on the defensive, I'm not gonna attack Microsoft Dan. Um, look, the, the reality is Microsoft operate the world's largest Cloud pla- platform. Um, you know, the number one business productivity platform, if will, um, they suffered a large outage, a string of outages, which affected users across America and Australia for the, kind of the pa... the past month. Um, teams was affected to a degree, authentication was affected, email and connect- connectivity to Outlook was affected in one. I think what it is, I- it's definitely not a Microsoft bashing system, sorry, session, but it's a, um, it's a bit of a wake up call, right? And I think it speaks to the theme of the show and, and the blog and the website on how do we get cyber resilient in times of disruption?

Um, one of the highest profile disruption, I guess, effects of the, uh, the outages was 911 was down across 11 States in America. And can you blame Microsoft solely for that? Probably not. It was infrastructure which relied heavily on Azure for connectivity. So I think it just, again, raises the conversation where as you move your services to the Cloud, you need to consider your DR strategy, your BCP plans that don't disappear. On a side note, Twitter suffered a decent outage as well. So even the largest cloud platform was not immune. Um, and big platforms are just gonna go down from time to time. So if your strategy, regardless if it's Microsoft or whoever, if it's Google, if you're solely with one cloud vendor, um, you're really gonna increase your amount of risk because when it comes to platform, disruption like this, you need to have a plan B.

Dan McDermott: [00:18:59] Yeah, I think that's a, a great advice and that notion of, uh, of how to manage that risk, um, you know, in those times, uh, and have that backup plan is, uh, is, you know, great, great and pertinent advice for, for everybody. Um, one of the things that we've spoken about several times in recent months is, is the continuing rise of ransomware attacks and, and how, unfortunately, as long as they continue to be profitable for the cyber attackers, um, they'll continue to occur. Um, this month we've seen more unfortunate headlines with aged care provider, Anglicare, um, the large ASX listed companies, Spotless Group and law firm, um, say [inaudible 00:19:37] have all fallen victim. So what can we learn from this latest rate of, uh, ransomware attack?

Bradley Sing: [00:19:43] It feels like at this point, we're just listing, uh, big Australian companies which get, which get hit by ransomware, but the reason we keep talking about it, is it keeps happening. Um, I mean as far as a, a, a high stream, sorry, a stream of high profile attacks we've seen against Toll, BlueScope, Lanco earlier in the year, it's really unfortunate, I feel because for the most part general good pa... uh, patching schedules, good cybersecurity, following the essential, eh, the general fundamentals should protect you against the risks of, of ransomware. But I think it really just also speaks to the amount of change these organizations are having to deal with, you know, lawyers consulting on Zoom calls, um, trying to organize remote team meetings, um, uh, an organization like Anglicare, which has been greatly disrupted by COVID and had to change their operations, you know, just trying to secure their IT systems and maintain budget.

I think for all these organizations as well, and, and maybe the fact is 'cause they're high pro... high-profile, that they've, you know, been involved with the police, [inaudible 00:20:42] and they've consulted the government as well. We're not really sure. And I think, uh, we talk about the fact that, um, attribution is very hard in cybersecurity, and I got talks about it all the time, there is some resemblance here to ma... the Maze ransomware attack, which we did see earlier on in the year. And it's also interesting to note, we have seen, [inaudible 00:21:00] starting to do the rounds again.

I think it'll be interesting once we see more information released by these companies in terms of what the actual breaches were 'cause it's all a little bit vague, so it might be a good one to revisit in a month to see, you know, what was the follow-up or what's, you know, what's the, uh, uh, uh, the plan of attack.

Dan McDermott: [00:21:16] Yeah. And look and, and it's really interesting, I, I read an article recently as well, that, um, paying ransomware, paying ransoms on, on ransomware is now illegal in the US. And the department of, of treasury and the office of, you know, foreign assets and control of have, uh, have said, you know, that it is illegal to actually pay the ransom itself. So, you know, I think that what the, the regulators are looking at is, is how to try to cut it off at the knees, right? So don't actually fuel the economy of that is actually occurring around it.

And therefore, if people... if it's not profitable, therefore, you know, hopefully the attacks stop, um, which is, you know, it, it's makes sense. And that's the advice that often, you know, we hear with cyber professionals, but if you're in that situation, it's very difficult as well, right? You feel like you wanna get back operations quickly and you wanna find, you know, the quickest path and you wanna stop, you know, the... I- I guess sort of that, um, the bleeding of data of your life as well. So it's definitely a, a difficult situation that any organization finds themselves in.

And, uh, and yeah, but like definitely we're starting to see the regulators, uh, I think take a, a stronger role in that and, and a firmer approach to, I guess, you know, how to now play a role in helping to try to cut this off, um, at the source if you like. Um, those final stories for us to look at, uh, from October is, is, um, the unfortunate exposure of email addresses, um, by our own Department of Foreign Affairs and Trade or, or DFAT, um, of Australians that are stranded overseas and wanting to return home at the moment. How did this happen?

[silence]

Yeah, it's, uh, unfortunately it sounds like, uh, our good friend, human error striking again, right? With, uh, you know, again, it's not... this one is not, you know, it's not... there's no malicious intent, right? Um, and then really is just, you know, an unfortunate mistake, but then the risk that can come off the back of that and associated with it, as you said, um, you know, can put those people at net risk from, from other attacks, which is, uh, which is a real shame and something that, you know, again, it's I think that notion of being cyber aware across all, all actions and activities that people take is, is critical, um, and needs to be sort of counted into the way that everybody thinks and operates at all times. Otherwise, uh, there things, you know, even inadvertently, uh, continue to occur.

[silence]

Yes, single platform and single identity. That's, uh, I think the big topics of maybe another day, but it's something that our government certainly has, uh, you know, and governments around the world have, have struggled with, uh, to, to be able to get to that level. But I think we're moving down those pa... types of paths as well, because we need to stop these type of, uh, things occurring. Right? So, Brandon, I think that brings us to a close of our reviewing back on this October, unbelievably. Um, and, uh, thanks again for all your insights and sharing, um, all of that, that news with us. And I look forward to catching up again, um, for the November review. To close out today's episode, uh, I welcome back Garrett.

Garrett O'Hara: [00:26:12] Hey Dan.

Dan McDermott: [00:26:12] Uh, why don't you, I guess, have a look at, you know, what's a, a big topic that we wanted to sort of cover it and sort of end off on. And, and something that keeps coming up multiple times in, in the last few weeks is, is the whole notion of, um, artificial intelligence and machine learning. Um, and I can already hear people groan, um, at the notion of sort of AI and ML and, and, and what it is. You know, I think as an industry, you know, we often hy... over-hyped terms, right?

And, and they then become, uh, something that people actually switch off from and don't want to actually listen to, and that. But, uh, uh, it's certainly something that, you know, is real and this is continuing to have an impact in, in the world of cyber. Um, so what is it that you sort of see is so- sort of useful and, and, um, you know, actually what we can actually use practically in the world of sort of AI and machine learning, um, you know, to actually help us in terms of fighting the cyber attacks.

Garrett O'Hara: [00:27:08] Yeah. And, and spot on, I think, you know, we've made a ride for our own bucks, uh, in some ways with the ML, AI hype machine. Happens with so many things, right? It's not just those, I mean, it's, it's fairly cyclical. Every time something come in the new rock and roll, uh, you know, technology appears, we all get excited. We all are sort of maybe over, um, state its potential and what it's gonna do. And then everything settles in and we realize what its utility is. And it's definitely the same with AI and ML. Um, I, I, I think first of all, it's probably important to, to for context, like, we're not talking about Skynet here, you know, it, it ain't that. We're not there yet, despite, uh, I suppose the various, uh, publicly traded companies using AI as a way to inflate stock prices.

Um, you know, I think you just mention it these days and you're good to go. Like, you're gonna see some points, uh, points on your, uh, uh, your stock price. You know, it's not that, we're generally in security talking about what's called narrow or weak AI. And, and generally, we're actually talking about a subset of AI, which is machine learning and it's incredibly useful. Um, and that's the sickening thing, you know, I... you know, Brad and myself spent a lot of time talking to customers and, you know, I saw Brad's reaction on video. There when you, when you mentioned AI, you know, and, you know, it's that kind of knowing smile of, uh, okay.

Um, and we see that, you know, we rightly see that because, um, indu... you know, as an industry, we, we kind of have amazing brochures that have all the cool dark blue tones and people in hoodies. And, and then we say, AI, AI, ML and everyone kinda goes, uh, "Okay. Yeah, whatever." But when you think about the utility, uh, for things like image checking, um, and filtering. So using things like deep learning to look at, uh, things like even not safe for work images, so not necessarily security risks, but things that are maybe completely inappropriate for a workplace, um, incredibly useful or logo recognition.

You know, we think about, um, credential harvesting sites. They'll generally have imagery from a known brand, you know, to brandjacking approach for social engineering. Uh, deep learning is incredibly useful way to identify, does this logo look like one of those well-known brands that even some of the brands we've mentioned earlier on in the show today? Incredibly useful for those kinds of approaches, um, for things like anomalous, uh, activity or any kind of anomalies within either be... user behavior. So, you know, Dan McDermott's normally sends... I don't know, I'm gonna take a total point here, probably knowing you, 500 to 1,000 emails a day. Um, and then on a different day, you're sending 2000 emails. Like, what does that mean? Something, something weird is going on there, or if you send 10,000 emails, does that mean your account has been popped potentially?

Um, humans realistically, no stock analysts can sit there and look at the behaviors of every single user within an organization, especially when you get to size. Machine learning is incredibly good at figuring out what, what's a normal... um, I mean they're called patterns of life, right? You know, what's, what's the pattern of life for Dan McDermott? What's the pattern of life for Bradley Sing? For Garrett O'Hara. And those three things will be very different, but machine learning is incredibly good at figuring out the parameters of what normal looks like for a person.

Um, even examples, like the [inaudible 00:30:15] one that you guys were just talking about, you know, that, that idea of, um, a bunch of emails getting sent out when that's just not normal in this organization. Um, you know, and again, I'm not over promising ML, but it's the type of application where, um, if it was set up and, you know, the AI, the AI has been kind of running to understand normal. If something like that happens, that's the thing that steps... you know, steps in and, and sort of is a... um, what'd you call it? Like a short circuit or a safety switch for human error.

You know, I- it's incredibly fast, it's incredibly quick. And, um, the utility is enormous and website categorization, sorry, man... I'm just making a li... a long list of, you know, where this stuff actually is useful. But, um, things like website categorization. Um, if you start looking at things like supervised learning, which is basically there. You're talking about a human kind of helping the, the machines to understand the categorizations of bad, good, so that you can then kind of let it go and, um, you know, figure out what, what's good and what's bad on, on its own.

Um, neural... we have things like neural nets for, um, detection of spam is another one. Um, you, you guys have probably heard of DNX data exfil, so using the DNS protocol to pull out small amounts of, of data, um, you're ne... [laughs] you're never gonna, you know, get a Wiki leaps, um, level of info out that way. It's not terabytes, it's, it's got limitations of, I think 255 bytes, I think, um, you know, per percent and that comes over UDP, so there's sort of limitations in it, but machine learning is excellent to figuring out if that's, um, something that's, that's going on there. So that's a really long list, but, you know, I suppose the points of me kind of, of doing that is despite the over-hype like, it's, it's really, really useful stuff. And, um, yeah, I think we need to have an adult conversation about that.

Dan McDermott: [00:31:58] And you actually do see it getting to the point of being able to be, I guess, proactive. Is that, is that really the case, or?

Garrett O'Hara: [00:32:01] Uh, you... eventually. Um, so that, that's probably where I start to even... you know, even I start to tense up a little bit because yes, in theory. Um, but I do think, um, like a lot of this stuff, when you, when you think about, um, like a good example is SOAR, you know, excellent in terms of a lower meantime to detect and respond, right? In theory, playbooks run, a thing happens, a SOC analyst clicks a button and job done. You know, it happens at machine speed, incredibly quick, saves a ton of time in terms of analysis and response.

Most security leaders and, and practitioners that I've ever spoken to about this are very reluctant to let the machine make that decision, because if the machine gets it wrong and remediate something, you know, removes, uh, like say an email from a mailbox because it thinks a link is bad, but actually it turns out that's the link that is for, um, an organization's expense approvals. Right? All of a sudden, a bunch of people don't get their expenses paid and, you know, [laughs] uh, and, uh, mayhem ensues.

So there's a general, general kind of reluctance in, in my experience anyway, with the, the trust in, in the full automation. But that's the promise, we know we'll get there, like all of these texts were, were early days. We've probably got a, a little bit over our skis in terms of, you know, what the thing's gonna be able to do eventually, but we'll get there. Um, and then, uh, we all retire. And that's what I'm thinking of. I think we're, we, you, me, Brad, it's Mark O'Hare, we'll all go buy a bottle, po... paddle boards and live in the Cayman islands, uh, for the, for the rest of our lives. But yeah, we'll get there.

Dan McDermott: [00:33:37] Uh, sounds like a good promise. I appreciate it. I think the only term you missed in that was a big data to throw in there as well in order to fuel the machine. [laughs]

Garrett O'Hara: [00:33:45] Damn it. [laughs] that's, uh... uh, I fe- I feel like I've, I've let everybody down. Uh, can I just say it now, just as a, a big data theory. I got it in.

Dan McDermott: [00:33:53] You've got it in there. Well done. But look, I think it's, uh, it's an... like you say like, well, these terms can become over hyped and that type of thing, it's still incredibly important conversation to have and, and to understand what the possibilities are, are there and then also what those limitations might be and where you still need human intervention in that. And, and providing sort of that, that combined view, right? Of sort of the, the smart tick with the smart people. Um, and that will sort of take us all a step forward as well. So thanks for, uh, sharing the insights there and, uh, and, and clarifying, you know, I guess the practicalities of, uh, of some of these, uh, big terms that are, are, are in the industry as well.

Garrett O'Hara: [00:34:32] Thanks Dan.

Dan McDermott: [00:34:34] Terrific. Well, uh, thank you. And, uh, we'll, uh, again, we'll catch up again, who... in what will seem like a blink of an eye, um, for the November review, um, enjoy, uh, November coming up with a number of, I know your key guests as well, Garrett that are, that are, uh, lined up and, uh, we will take a break, uh, next week, um, Melbourne top week. Um, some of us, uh, actually get, you know, a holiday for the horse ride still, which is, uh, which is pretty fantastic, but it's, uh, more, I think, a time for us to, to relax in, in Melbourne town. And, um, and hopefully we might even be able to go out somewhere at some stage.

Garrett O'Hara: [00:35:06] Thanks Dan.

Dan McDermott: [00:35:07] Thanks guys.

Garrett O'Hara: [00:35:15] And that's a wrap for October. Thanks to Dan for hosting today's episode and thanks as always to Bradley for the insights on the news. Thanks to you for listening, do dip into those past archives. And if you like what you hear, we'd appreciate it if you subscribe and rate us. For now, thanks for listening to the Get Cyber Resilient podcast. And I look forward to catching you on the next episode.