The Cyber Brief

Bank-grade cybersecurity is considered the gold standard of cyber best practice, but what does it look like in reality, and what can other organisations learn from it? Valeska and co-host Isabelle Guyot are joined by Martijn Verbree, Chief Information Risk Officer at The Commonwealth Bank. Martijn shares his approach to balancing innovation with security, staying ahead of the curve in a constantly evolving threat environment, and managing cyber risk at Australia's largest bank. He also shares practical insights on working with boards, the importance of multi-layered security testing, and the risks and opportunities posed by AI. If you've ever wondered what's keeping our protectors up at night, this conversation is for you.

Resources from this episode:

Martijn's podcast recommendation: Risky Business

Valeska and co-host David Rountree speak with Lieutenant General Michelle McGuinness CSC, Australia's National Cyber Security Coordinator and leader of the National Office of Cyber Security (NOCS). Michelle dives in regarding the role of NOCS, and how it approaches government coordination and consequence management during major incidents. When and how should organisations engage with government during an incident? What's best practice for incident communications? How does NOCS work with industry, regulators and other government agencies? How are organisations engaging with Australia's limited use and ransomware payment reporting regimes? Michelle also shares her approach to leadership, the importance of empathy when working with organisations under pressure, and how her military background has shaped her leadership approach.

Resources from this episode:

For more on the limited use and ransomware payment reporting regimes, see New cyber incident response obligations for Australian organisations.

National Office of Cyber Security resources, including the Australian Cyber Response Plan and 12 sector playbooks

Cyber Health Check Tool | Cyber.gov.au

Homepage | Cyber.gov.au—to report cybercrimes and security incidents

Michelle's podcast recommendation: Risky Business

Valeska and co-host Chris Kerrigan are joined by Meredith Griffanti, Senior Managing Director in Strategic Communications and Global Head of Cybersecurity & Data Privacy Communications at FTI Consulting in New York. Meredith shares practical advice on how to communicate in the midst of a cyber incident, from managing the first moments after an attack to crafting an apology, choosing a spokesperson and dealing with multiple stakeholders. Meredith, Valeska and Chris discuss the importance of preparedness and coordination, as well as how legal and communications teams should work together during a crisis.

Resources from today's episode:

Cyberwashing and backtracking: why words matter both before and after cyber incidents | LinkedIn

Cyberwashing: a key focus for data breach class actions

Meredith's book recommendation: The Ransomware Hunting Team: A Band of Misfits’ Improbable Crusade to Save the World from Cybercrime by Renee Dudley and Daniel Golden

Learn more about Meredith: Biography

Learn more about Meredith’s team: FTI Consulting Cybersecurity & Data Privacy Communications

Learn more about FTI Consulting: A global expert firm helping organizations navigate crisis and transformation

Valeska and co-host Chris Kerrigan are joined by Ryan Macfarlane, the Unit Chief of Counter Terrorism, Advanced Projects Unit at the FBI, where he worked for more than 20 years.

In one of his final interviews before announcing his retirement from the FBI, Ryan shares his insights on emerging cybersecurity threats, the maturation of cyber criminals' business models, the increasing use of AI to conduct and defend against cyber attacks, the rise of collaboration among threat actors, the complex dynamics of nation-state attacks, and the growing risk of physical violence spilling over from cyber incidents.

Ryan, Valeska and Chris also reflect on the importance of proactive relationships between the private sector and law enforcement, the value of timely intelligence sharing, and practical actions for incident response planning.

 
Resources from today's episode:

National security at Allens
Why everyone is talking about AI safety and cybersecurity
Ryan's podcast recommendation: Darknet Diaries
Ryan's book recommendations: The 100-Year Marathon by Michael Pillsbury, Destined for War: Can America and China Escape Thucydides's

Valeska and co-host Chris Kerrigan are joined by Ryan Macfarlane, the FBI's Unit Chief of Counter Terrorism, Advanced Projects Unit for more than 20 years. In one of his final interviews before announcing his retirement from the FBI, Ryan shares his insights on emerging cybersecurity threats, including the maturation of cyber criminals' business models, the increasing use of AI in conducting and defending against cyber attacks, the rise of collaboration among threat actors, the complexity of dealing with nation-state actors and the growing risk of physical violence spilling over from cyber incidents. Ryan, Valeska and Chris discuss the importance of proactive relationships between organisations and law enforcement, the value of timely intelligence sharing and practical actions for incident response planning. Ryan last week announced his retirement from the FBI.
 
Resources from today's episode:
National security at Allens
Why everyone is talking about AI safety and cybersecurity
Ryan's podcast recommendation: Darknet Diaries
Ryan's book recommendations: The 100-Year Marathon by Michael Pillsbury, Destined for War: Can America and China Escape Thucydides's