Could an Optus Cyber attack happen to your organisation? Security Risks for Boards, with Matt Fehon AM

29/09/2022
In the wake of the Optus cyber-attack, we spoke to Matt Fehon AM, partner at McGrathNicol.  Matt has led some of the largest and highest profile fraud, corruption, and regulatory investigations in Australia.  He is one of the key presenters in our new 5-part program - Security Risks and Risk Management for boards.  Here Matt provides an overview of what will be covered in the program, including his view on the key risks boards are currently facing and what boards should be taking from the Optus cyber-attack.
 

Watch the interview here or Listen here

Why is Security so important for Boards at the moment?

In the face of foreign interference risks, new threats are constantly presenting themselves to Australian corporates.  Consequently, the risks that boards need to be aware of are being illuminated. It's about educating board members around what risks organizations within their industry and more broadly across the economy are seeing and dealing with.

This includes cyber-attacks, insider risks and the theft of IP research and development and joint ventures, and risks emanating from collaborations that they may be doing with other parties.

What risks do these present to an organization from a theft perspective and from a financial consequence perspective?

Module 1 (which you present) focuses on Risk Management programs.  What is the focus of this session?

Module One will focus on the obligations directors should be aware of in the evolving security environment.

With the ever-changing geopolitical environment, there is a new range of risks and obligations being presented.

We will look at the critical infrastructure legislation and which organizations are captured, and ultimately what directors need to be aware of so they can ask the right questions and inform their fellow directors and management teams.

What will be the key take-always from the series?

The key takeaways will be illuminating new risks. Understanding what's new in the organization and within the regulatory environment that causes us to understand what we need to manage as directors.

And when I say "what we need to manage", I mean what we need to be aware of from a risk perspective, so then we can effectively provide governance oversight to management.

What do you think are the biggest risk facing organisations – and what are the key learning from the Optus cyber-attack?

It's protecting your customers, your clients and your employees from a security perspective.

At the moment we are seeing cyber through to crypto, which we're starting to see evolve to insider risk.  It's about understanding what the impact may be.

We all know reputational damage can be significant and that takes time to prepare. But customers being affected, such as what we've recently seen with Optus....the impact, the media and the questions asked. What caused this?

Is Optus any different to any other organization?  Were their systems better or worse?

There's now a whole new learning curve for government and government agencies looking into the cyber-attack, as well as for Optus and its management team.

The key risks are reputation, the financial consequence, and then board reputation.

Ultimately it comes back to overall governance. Were the board asking the right questions?


Find out more about our new 5 part program Security Risk and Risk Management for Boards, starting on the 20 October visit HERE

Module 1 | Risk Management Program with Matt Fehon AM & Caroline Mackinnon
Module 2 | Cyber Security Risk with Joss Howard & Stephanie Lo
Module 3 | Supply Chain Risk with Rhyan Stephens & Joanne Bermingham
Module 4 | National Security Risk with Sam Boarder
Module 5 | Panel Session including networking and lunch with Zorana Bull, Abigail Goldberg and Dr Sarah Morrison.



 

Latest newsRSS