Subscribe
Share
Share
Embed
The podcast series "Confessions of a Property Investor," hosted by Catherine Andrews, delves into various aspects of property investment in Australia. It aims to demystify the property market, offering insights and practical advice for both novice and experienced investors. The series covers a range of topics, including bank interest rates, property cycles, investment strategies, and market trends. It addresses common fears, misconceptions, and challenges faced by property investors, providing expert opinions and real-world examples. The hosts also discuss the impact of economic factors and lifestyle choices on property investment decisions. The series is designed to educate and empower investors by providing them with the knowledge and tools needed to navigate the Australian property market successfully.
(Music)
Welcome back to Confessions of a Property Investor. I'm Katherine Andrews, managing director of Chase Wealth Australia.(...) Today, we'll be delving into cyber-attacking. And it seems to be in the media everywhere you look. Someone you know knows of someone who's been a victim of cyber-attack or has known someone else that's been a victim of cyber-attack.
(...)
And today, we'll be delving deep into,
the types of cyber-attack that happened and ways that people can essentially remove themselves from being a target. So with me today, I have none the other than Michelle White, who is our director of qualifications within the company. She's also a partner of the company, and she has been by our side pertaining to this issue. Very much so. Yeah, so welcome, Michelle. Thank you. It's good to have you on today. Good to be back. So I guess we'll start with what is a cyber-attack?
(...)
Now, I know that probably sounds kind of lame, but really, I've done a bit of research on this, and cyber-attacks is basically an unauthorized system or network accessed by a third party.(...) So that is a very common thing. Even if someone was to look at your phone unauthorized,(...) they really sort of-- Considered a cyber-attack. Yeah, an attack. And then you've got different ways. You've got hackers that essentially come in from the outside, I believe, in, and they try to find a way through passwords and things like that to get in. And then you've got attackers, okay? And they tend to do it from the inside out,(...) which seems to be 95% of the cyber-attacks that have happened within Australia. Yeah, that's exactly right. It's staggering to actually look at the statistics and the effect that it has and how it comes about, but the reality is that's what it is. It is. And one thing that I think stands out to me directly is, I've noticed a lot of this has come forward since COVID-19. So when COVID-19 hit, I know that us at Chase Wealth Australia, we essentially closed down our offices and went online with everything, including Zoom and Teams, Telstra Teams and Zoom consultations, and everything we did was online. Yeah. So who's to know that we're sitting with a client and we're presenting a strategy that someone can't hack us at any given time. It's true. And really, you think you've got the best firewalls up and the best top-grade security up, but not always. Not always. No. So one of the queries today that I'd like to tap into for our listeners
is, "Is Australia an attractive target for cybercriminals?"
(...) Unfortunately, yes. Yes.(...) Very much so. And there's a
Troy Hunt who is a cybersecurity expert. He has been able to categorise the dollar value that Australians are being targeted. Oh, talk to us. $3 billion a year. Wow. Yep.(...) Wow. Yep. It's a crazy, crazy number. Absolutely.
And if you found sort of since 2020
to 2023 were the years when a lot of massive companies, Australia-wide, were attacked.
(...)
Just to say something, in 2021,(...) Australia ranked fourth in the top 10 countries ranked based on cybercrime victims per capita. Wow. Fourth. Wow. Now, what have we got? 25 million? Yeah, about that. Right? Compared to other nations around the world? Yep. That's scary. Yep. That's crazy scary. That is crazy scary. Gosh.
(...)
You know, the contributors to the attacks that happened in Australia are huge.(...) And these companies, you know, you're talking about, and just to name a couple, we've got Latitude, which is a financial institution. They were hit in March 2023. 14 million customers were compromised. 14 million? 14 million. The attackers gained access to full names, addresses, emails, phone numbers, date of birth, driver's license details, and passport numbers.
(...)
Then we had Optus in September 2022. 9.8 million customers were hit.
(...)
That is absolutely massive. Again, access to full names, date of birth, addresses, emails, phone numbers, GovID numbers, driver's license numbers, and Medicare card numbers. Gosh. So if you wanted to penetrate the inside, there you go.(...) Here's one. Medibank, December 2022, 9.7 million people, the attackers gained access to full names, date of birth, passport numbers, and medical records. It's invasive. Yeah, it is. And what they actually do is they take this and they sell it to something called the Dark Web.
(...)
And it's pretty scary. So I do believe Eastern Health was also attacked that affected four hospitals in Victoria, if I'm not mistaken, in March 2021. It's devastating. Yeah, it is. So what we're going to do today is just based off the general knowledge that, I mean, I just jumped online just to have a look, you know, a few weeks ago about the reality of cyber, why it may be happening in Australia. I didn't get a straight answer, but there's either being proactive about cybercrime or there's being reactive.
(...)
And Michelle, do you want to take our listeners back a little bit, just generally when we were cyber-attacked back in 2021,(...) where the attacker was actually a contractor who was brought in to put security into our systems?
Yeah. Do you want to take our listeners a little bit through that and just...(...) Absolutely. So I guess the,(...) just as you've said, Kath, back in 2021, it was a period of time where, yes, we were in COVID,(...) to our knowledge, we had amazing security systems. And that issue of somebody from the inside being able to access it is something that is tricky to navigate through. Yeah.
(...)
We went through a period where, yes, it was accessed.(...) We were able to determine so quickly what had been accessed. Yeah, very quickly. Yep. How it had been accessed. Yeah, yep. And how to prevent it from ever happening again. So it became like a learning curve as well. Absolutely.(...) We were reactive, I guess, to the matter.
(...)
We were hit 88 of our clients, so we're lucky. So and what I mean by lucky is when you look at the scheme of things for only 88 to be targeted, but it was terrible. It was a terrible, terrible, terrible experience.
(...)
And Mish, we went, oh. Not only was it 88 of our clients, it was us personally. Absolutely. It was our company personally. It was financial direct removal of funds. Yeah, it was massive hit to chase. And that's what a lot of people and a lot of Australians, including myself, probably didn't understand until I was put on this path, which was Optus gets attacked. The first thing we did was yell at Optus. Yeah.(...) Okay. How much money have they lost? Exactly. Okay. You've got councils and governing bodies that get attacked or latitude. How much money have they lost? So, you know, Michelle, let's go back a little bit before we take them through how to protect themselves on cyber, how we fell victim. And I guess what we tried to,(...) how we dealt with it. And you probably weren't as involved as what myself and Pamela and the CEO were because we did keep you away from it a little bit because your portfolio in the company doesn't need that sort of negative connotation attached to it. But do you want to take our listeners through what you saw your partners were going through at that time? My gosh, it was a stressful period of time. I can for the, from the bottom of my heart, confidently and with everything in me, say and know the way that you dealt with it was so hands on.
(...)
If you could have taken each of those clients independently and ripped up the history of what had happened, I believe you would have the fact that you was our managing director was personally calling each and every client was taking them through it.
(...)
You know, with Chris as our CEO, directly sending letters to them, instructing, assisting, helping,(...) listening, listening, listening. And it was funny because, and I will say this at that time and Victoria police actually bought this to our attention.
(...)
There'd been so many other companies that had been hacked that potentially could have taken the same details from our clients. A lovely detective Victoria police actually said to me, how do you know this has come from you guys? They're probably blaming you guys because they wait on hold with Optus or with Medibank or with Vic Rhodes. You also got hit. So that was a bit of an eye opener after that because I was being so hard on myself and the CEO was on one knee. He was just, where do I go next?(...) And when Vic Pole opened up our eyes and said, well, actually guys, it's not necessarily, I wouldn't stress too much because this may have not come from Chase at all.(...) That there was like, well, we're still going to help these people and we're still going to protect it from happening again. But yeah, I'm not going to back myself up too much more. It's enough. Yes. Enough of a penance. Well, then can I switch the roles here for a quick second? What have you learned out of it and where to from there?
(...)
Okay. That's a good question. I've learned a lot.(...) First thing I learned was never to react on emotion.(...) So it was very easy to beat yourself up. So the first thing is shock. When I first found out this has happened, the first reaction was shock. After shock came anger.
(...)
Excuse me. The anger didn't do me any favors because I was actually becoming what the clients were emanating. So when they would call up and say, this has happened, that's happened, and they were so devastated instead of lifting them, I was fueling them almost by going, I know it shouldn't have happened. This is terrible. And after about a month of that,(...) I learned to elevate and then start to say, okay, enough's enough of the woe is me. It's happening all over Australia. This is the way to move forward. And when I changed my mindset from victim to I won't say saviour to. Can I say warrior? Oh, really? Yes. And I'll tell you why. I would say warrior because, Kath, you're never going to be able to stop cyber attacks. You're never going to be able to stop people trying to spam. All you can do is pave a way forward, put protection in place, relate, emanate and move forward as a company and with your clients. And that's exactly what you did. And I watched it happen. Yeah, I watched it happen.(...) Yeah.
(...)
It wasn't, it was a joint combined effort from the whole team. And we had a lot of experts that we called in to assist us during that time. But it was terrifying to say the least. And then what I was afraid of was my clients thinking, well, you've gone a bit cold. And it wasn't that at all. It was actually quite the opposite side of the spectrum where I needed to help these people and get them out of this hole that they were in.
(...)
And we went to the full extent of the law, pressed charges on the relevant culprits and attackers that attacked our company. And they were dealt with with a full extent of the Victorian law. So I knew that was done. Then it was basically, how do I assist these clients to come out of this dark place and corridor that they're in? And I did have to change my mindset completely at that point. But I couldn't have done it without the assistance of our CEO who would mentor me. And honestly, without you and Pam,(...) without yourself and Pamela, I don't think that I could have survived some of those nights.
(...)
So yeah, there's a lot that we went through. We lost a lot of money as a company, but we rebuilt very quickly. So and the funny thing is, and another thing that Vic Paul said was, well, you know, these people have gotten their money back through insurance, through the bank. They haven't actually lost money. And I'm like, oh my gosh, as we did. Yes, we did. We're back.
(...)
So it's very different circumstances there. So very true. I don't feel I am accountable for the lesson.
(...)
I'm accountable for never allowing that to happen again. However, I will not and the company will not take the blame for something that they may or may not be responsible for when another 13 Australian companies were hit hard at exactly the same time. Yes. So there it is for me. Gosh, well, just to wrap it up, how to protect yourself from cyber attack. Okay, so the PEXA chief information security officer, David Willett, love him. I read his stuff and I have since 2022 when it all came to light.
(...)
And to this quote, he kind of got me. Some people can relate to it. Cyber hygiene.
(...)
Okay. What? What? Hygiene. Cyber hygiene is not different from personal hygiene.
(...)
Please explain. Well,(...) if a company doesn't take responsibility and is hygienic about their cyber protection or the individual for that matter,(...) they're stinky. Okay. All right. So where there's smell, there's flies. So we practice personal hygiene like washing our hands as it gives us the best chance of not getting sick. Cyber hygiene is exactly the same. While there's no silver bullet to removing the risk of cyber attack, which is what you said earlier, Michelle, it gives you the best chance possible of removing that risk. Good cyber hygiene comes down to the basics.(...) Having an up-to-date antivirus software installed. Done. But we've got the best in the world, my IT company has assured me. Use a password manager and have a strong unique passwords for important services.
(...)
Ensure that your devices and applications have updated software or patches and automate them where possible.(...) Do not use public Wi-Fi, you bunch of tired asses. Is there Wi-Fi? Is there Wi-Fi? Don't use it. And don't leave your Wi-Fi on.(...) Now I've told you and Pam had a bad habit of doing that with your phones. Yeah. That last few years. Yes. Okay. Think before you click.
(...)
Learn and understand red flags in any email or SMSF.
(...)
Okay.
(...)
SMS, SMS, SMS. SMS. SMS. SMS. Oh my gosh, I've gone down that part. Still got property on the mind. Ensure that you have a multi-factor authentication everywhere. And we do. For absolutely everything. Yeah. Our computers, everything that's within Chase Wealth Australia is impenetrable. Yes. I've been advised. That's not a challenge.
(...)
Stay informed on cyber risks and how they relate to you, which we do. Implement these steps at work at home and share with your friends and family. Okay. Now this is another thing, Michelle. Do not be embarrassed falling victim to a cyber attack.
(...)
Okay. And that is cyber criminals are very, very intelligent organizations or human beings. Their goal, their day-to-day goal is to penetrate or steal data. That's what they do. So get the right IT company, educate your staff, test them where you have to. Okay. From your IT company. And as an individual, all I can say is be very, very careful with your phones, iPads, laptops. Yep.
(...)
That's all I can say. And we have fallen victim to a horrible, horrible crime.
(...)
But we were lucky to come out of it with very minimal collateral damage. Yep. And that's a firewall and protection method for our clients that we can comfortably stand strong beside. Yeah. Yeah. Yeah. Well, is there anything else you'd like to add on that? No, I had another little statistic. It didn't come up because of its relevance, but I might throw it in there. Absolutely. So Chris Sheehan is the NAB executive for group investigations. Yep. And he put forward the frequency of the attacks on just NAB alone. Right.
(...)
Every minute of the day.
(...)
Attempted hacks.
(...)
Every minute of the day.
(...)
What does that say about Australian security?
(...)
I mean,(...) this is, this worries me. Why?(...) How can people penetrate?(...) It's not that they're getting through, but there is an attempt every minute.
(...)
That is freaky. Isn't it? Yeah, absolutely.
(...)
Wow. Yeah. So Australia, tighten up because it's not safe out there. We are in an electronic world and you need to secure your devices, your family, your home, your work. You know, it's very easy on a work computer to do your online banking, isn't it? True. Be careful. True. Okay. Because it may not be you or the computer or the employer. It could be the employee sitting in the next cubicle. You just don't know.
(...)
Very true.
(...)
We'll bring that to an end and I hope that it's been beneficial for your listeners out there. Again, it was a confessional. This is why we spoke about, you know, what we went through and we could go on for a long time, but this podcast is already only at 20 minutes. I better shut it down. But I just want to say out there, be safe, be vigilant. And if you do fall victim to cyber, report it straight away to the authorities and try to reflect on when and why that may have happened. You know, things like the wifi, leaving devices unlocked, kids playing on bloody iPad. You don't know what they click on. You know, just be vigilant with that sort of stuff.
(...)
Awesome. Well, until next time, guys, thank you and keep tuning into our podcast. Take care.