Discover how digital forensics is revolutionising the fight against intellectual property theft and misconduct in the ever-evolving landscape of cybersecurity. Join us as we engage with Darren Hopkins from McGrathNichol, who sheds light on the sophisticated techniques used to uncover unauthorised data transfers and breaches. From understanding the significance of registry entries, link files, and shell bags, to exploring the complexities of conducting forensic investigations in cloud environments, this conversation promises to arm businesses with the knowledge to tackle modern cyber threats.
As we navigate the turbulent waters of cloud computing, the spotlight turns to the ever-increasing insider threats driven by economic pressures and the cunning strategies of organised crime. We unravel the crucial role of Multi-Factor Authentication and the challenges businesses face when failing to activate essential logging features. Through Darren's insights, we highlight the importance of a proactive approach to cybersecurity, emphasising how visibility and robust security measures can deter potential breaches before they occur.
But the conversation doesn't stop there—our journey extends into the dynamic world of emerging technologies and career opportunities in cybersecurity. Explore how AI is reshaping both defences and attacks, and uncover the career paths that await aspiring professionals passionate about defending against global cyber threats. With a focus on diversity and the excitement of crisis management, this episode showcases the rewarding and ever-changing nature of working in cybersecurity, offering a glimpse into a future where technology and resilience go hand in hand.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Michael van Rooyen (00:01):
Here is part two of my discussion with
Darren Hopkins, partner atMcGrath Nickel.
If you missed last week, Isuggest you have a listen to
that.
First Just want to talk alittle bit more again around
some of the digital forensicsquickly because I think that's
very interesting.
I certainly appreciate yourpoint on getting the ability to
(00:23):
mitigate early, get insights,get views etc.
But for those listening can youjust explain a bit around kind
of the digital forensics you do,maybe even give an example of
the kind of work you guys dofrom an interesting point of
view and how critical it hasbecome for how to mitigate and
help customers get out of theproblem and really what the
digital forensics part plays inhelping customers.
Darren Hopkins (00:40):
Yeah, it's still a really important part of our
business and it's where we camefrom helping customers.
Yeah, it's still a reallyimportant part of our business
and it's where we came from.
We're sort of proud to actuallyhave a group of really talented
digital forensic professionalswho do those things.
It's a different discipline inthat it's highly technical.
It's one of these things whereyou have to really know the
underlying technology you'redealing with and generally
there's no tool with a findevidence button.
(01:00):
There's a few of them that helpus in our job, but it still
relies on a few things.
It also relies on aninvestigative mind to do what
you're doing, so a lot of thework we do in that space would
often be either connected tomisconduct or other
investigations into issues wherethe technology is really
relevant.
Often we're working for lawyersor for a court process as well,
and it may be a litigationwhere you're supporting A really
(01:23):
common type of work.
That we would see would besomething as simple as an
intellectual property theft, andmany businesses have seen where
, as a business, you build upsome intellectual property
that's really important to yourbusiness, and maybe even just a
list of really important clientsand pricing models and a way
you go approach your market thatmakes you successful, and
somebody in your businessdecides that they could start up
(01:44):
their own business and it's notthat hard, and maybe assume
that because they've beenworking with you or for you for
the last so many years thatthey're entitled to some of that
as well, and and often go offand leave and start up in
competition.
Now you can't just go off anddo that and take all of that
work, product and effort fromthe first business to start your
own up.
Yes, so we often get called,get called in to sort of well,
help us just to prove that thishas happened.
(02:06):
You know, we think this hashappened, we're pretty sure it's
happened.
Often they know because clientsring them up and say hey, I've
just had a mail out from anex-person and they shouldn't
have my details, but they seemto.
The digital forensic sideenables you to collect evidence
from devices to prove thosecertain things, and often what
we're doing is relying onevidence that's on a computer
(02:27):
designed for a different use butwe're interpreting it in a
different way.
So a classic example is I wantto know if someone stole some IP
and transferred it to a USBdrive.
That's the number one question.
How do they get this stuff outof here?
Do they email it to themselves,do they drop it into a Dropbox
or do they pop a USB?
In Computers don't keep a trackof every file you copy to USB
and have a lovely audit list foryou to look at?
I wish they did.
(02:48):
I've been asking Microsoft todo it for years.
They haven't.
So how do I work out what wasstolen?
And that's the first question,and what you have to use is a
whole bunch of differentartifacts that the computer has
to tell that story.
So when you plug a USB in, thefirst thing that happens is it
looks at the make and model ofthat, that device, and it works
out that I need to load a driverto open that USB up so you can
(03:08):
see it.
So in the background there's adriver that is found and loaded
and runs and that device comeson and the registry, which is
the database on your computer tokeep track of settings, it'll
go hang on.
You've just loaded a new USB.
I need to keep a track of thatso next time I can do that.
So there's a registry store forthe USB and it will keep a
track of the make, the model,the serial number when you first
(03:30):
connected that USB and the lasttime you connected it, and
it'll even quite often tell youthe last drive letter that was
signed to it and it's just adatabase of keeping a track.
Sure, so I now know the firstand last time you plug that USB
in, and sometimes I can eventell the multiple times you've
done that and I know the makemodel and serial number, great.
I then go off and have a look atsomething like link files, so
(03:50):
shortcuts.
You know every time you createa shortcut on your desktop or
you open up Word and if you gointo Word or Excel and you'll
see the last 10 documents you'velooked at yes, the way the
computer does that into thatfolder and it's just a link to
where the document really is.
But in that link file, when youlook at it at a binary level,
(04:12):
it has other things in there.
It actually says well, thisparticular link file goes to
this device, which might includethe device's name, and it will
also go off and tell you whereit's connected.
It'll give you a volume serialnumber and it'll also go off and
give you the file's connected.
It'll give you a volume serialnumber and it'll also go off and
give you the file name.
It'll give you two sets ofdates and times when you opened
it and the dates and times onthe document itself.
So that's helping me build aplan.
(04:33):
And then we might look atsomething such as a shell bag.
And it's another weird conceptIf you open up a window, if
you're a clicker like me,clicker like me and you like to
double click on my computer,then c drive or go to your
documents folder and have a lookin there.
Each time you open up thosewindows it displays things in a
way that you remember.
I like to use detailed lists, Idon't like the icons, so I like
to.
When I open it up, I want thewindow to be a certain size and
(04:55):
I want to see the documents in alist.
And it remembers that the usbstore, when you plug it in,
creates a shell bag entry in theregistry that keeps a list of
the way you want to see thatfolder.
And, lo and behold, it keeps alist of what was in that folder.
Oh, wow.
Now when you take all of thoseartifacts and pull them out of
databases and registries and logfiles and settings files and
(05:15):
merge them together, what I dois I know that you plug the USB
in on this date and it wasassigned D drive.
And then when having a look atD drive, on that data, I can see
there was a list of files onthat drive and I can tell you
that they were USB and they'rean external to this device.
And you unplugged it and themake model serial number was X.
Wow, pretty powerful evidence.
And then to take, someone saidwell, this is how you copied the
files and I'd like to see thatUSB delivered back to our client
(05:37):
, please.
Wow.
And that's one of manydifferent examinations where
you're pulling data from acomputer that's used for
different purposes to tell adifferent story.
And it's one of the excitingthings about digital forensics
and it is trying to find thoselittle snippets of things that
are quite relevant to tellingsomething different or proving
something's occurred.
Michael van Rooyen (05:56):
Yeah, look, I'm just getting excited
listening to it.
I mean, people don't think ofthat, but that's what you guys
specialize in.
Would it be fair to say,looking at your history of the
20 plus years where forensicsstarted, compared to how well
we're connected now with thesemachines, that there's so much
more digital fingerprinting oneverything, so you can easily
build a better case to work outwhat's happened?
Darren Hopkins (06:14):
Yes and no.
Some of the good old schoolWindows type artifacts have been
disappearing as Microsoft andtheir infancy and wisdom makes
their operating system better.
One of the issues in digitalforensics it's often point in
time I'm looking at whathappened and I'm looking at what
I can see right now, and someof those artifacts will be lost.
I only see what's there now.
One thing that we are nowstarting to see is this
(06:35):
convergent between the digitalforensics world and the security
world.
I get excited in digitalforensics when I know that the
client has a SIEM.
Yes, so they're shipping allthose log files, they're
shipping all that data, all ofthose telemetry events, into a
SIEM and a database, and you cango back far, far further and
you can actually start to traceother behaviors and activities
and components as well and mergethose two sources together to
(06:58):
really tell a story, especiallywith the online stuff as well.
But one thing that has happenedis that there's better tools
for us.
We're now dealing with devicessuch as phones.
Yes, so a lot of our digitalforensics has moved to mobile
devices and in the past we werea bit more careless with it came
to.
I'll send myself an email orI'll talk to someone in email
(07:19):
about the bad things I'm doingNow.
You'll text each other oryou'll jump into a WhatsApp
group and have a chat there badthings I'm doing now.
You'll text each other oryou'll jump into a WhatsApp
group and have a chat there.
We still get access to thosedevices and we'll still
interrogate that evidence.
It's just a little bit moredifficult and uses special tools
to do it.
Michael van Rooyen (07:33):
Right, if I think about cloud computing,
then if we just pivot slightlyto think about, is it getting
harder now that there's so manythings put in the cloud?
Or is digital forensics evenharder now that a lot of people
shipping stuff you know intocloud environments, or is it
still kind of on par with whatyou do today?
Darren Hopkins (07:48):
if they use a computer, there's still often
some evidence of what they'vedone.
All those cloud repositoriesfor storage you still have to go
to them or connect to them orhave something to copy something
to.
But pure cloud now, whereeverything's sitting there and
your data's there, it it'sdifferent.
It is We've had quite a fewbreaches which are full cloud
(08:08):
breaches in various platforms.
If someone gets into a bucketand then we'll steal data from
those things, it's a verydifferent approach.
But ultimately it's justunderstanding where the data
sources are.
One thing that cloud has done isthat there's generally really
good logging and auditing anddata behind the seams to rely
upon, and often there are teamsto support that.
What I have seen which isdisappointing is that clients
(08:31):
sometimes they'll like to notturn that on.
So on a Windows computer it'son generally by default.
You know a registry you can'thire to stop.
But you can go into an AWSinstance and not turn on guard
duty logging or not wanting tokeep your logs for more than 30
days because you don't want toincur the costs.
Sometimes they're a poordecision when it comes to an
(08:51):
investigation that happened sixmonths ago.
Michael van Rooyen (08:53):
Absolutely, Absolutely.
Would it be fair to say that Iknow there's a lot of threat
actors externally?
We've touched on what's thebalance of internal threat
actors disgruntled employeesleaving Is that still one of the
big seeds of some of theseissues?
Darren Hopkins (09:05):
On the organised crime side, it's still very
much overseas threat actors thatyou see coming in.
In the last 12 months I haveseen more insider threats that
are real in the cyber world thanI have in a long time.
I mean it's Australians thatwere the ones that were doing
something that you would expectsomeone from an Eastern Bloc
country to maybe have done usingmalware and collecting data and
(09:27):
doing other things, which isconcerning.
We see a lot more interest fromorganized crime groups to
recruit insiders to help on whatthey do.
It's so much easier to breakinto a network if someone gives
you the domain administratorusername, password and an MFA.
There's big money for that andyou can see on the dark web
(09:48):
people trying to recruit andoffer rewards for domain admin
access on this particular typeof industry.
If you can give us those things, we'll pay you a couple of
hundred grand.
I mean serious money.
And then I think about all thebusinesses where I think our own
employees.
Maybe we think we've gotcomfort, but how many
contractors do you have thatyou're not really sure about
their loyalty and will they behere for very long?
(10:13):
And would that risk of givingup those creds be something that
we consider and we still see alot of insider threat around the
general risks to the digitalforensic type investigations
that we're just talking to aswell, and the economy drives
some of that behavior.
When the economy struggles,people will sometimes make
poorer decisions around whatthey think is appropriate.
If someone's known about avulnerability in a finance
platform for a long time andthey know that they could
probably pay themselves aninvoice and get away with it, if
(10:35):
times are good and they'rehappy and comfortable, they tend
to like not do anything aboutit or even, hopefully, tell
someone about the issue.
When times are really tough andpeople are struggling, you'll
start to see people just havinga go and it's disappointing, but
it's human nature.
Michael van Rooyen (10:51):
Of course.
Of course, that's a really,really interesting data point.
So would it be fair to say thatyou've seen a bit more activity
now because people are goingthrough a bit of a tough spell
with the economy and this ismore of a global question, I
guess.
Are you seeing any of thatevidenced?
Darren Hopkins (11:02):
Yeah, certainly.
As a firm, we have a reallygood investigations team that
deals with the corporatecorruption and other things as
well, certainly seen an uptickin the poor behaviors and frauds
.
We've also seen a few matterswhere people are harvesting
credentials of colleagues andthings like that, and you have
to understand.
We have to ask the questionwell, why and why are you going
(11:23):
to do something like that to tryand monetize it internationally
?
It doesn't make any sense, butwe've seen more of it.
Hopefully it's not just due toI'm not saying we've got the
poor economy at the moment, butcost of living is not what it
used to be, of course, and, asyou said, it's human nature,
right, unfortunately.
Michael van Rooyen (11:47):
Two other things you touched on there is a
really clear message about SIEMand logging, because that
really is the starting point ofreducing some of these things
happening.
Visibility right, reallygetting key visibility.
You touched on MFA briefly aspart of maybe someone paying for
someone to use their MFA.
Have you seen a big impact inMFA really slowing a lot of
these things down?
I mean obviously more and morepeople adopting MFA.
More, more applications are.
Some people don't turn it on,which is a different discussion,
but have you seen that reallyhave some dent in reducing some
of these incidents?
Darren Hopkins (12:08):
Oh, absolutely.
It used to be called our silverbullet.
It wasn't MFA, it's a silverbullet to stop losing access to
your accounts.
At the moment, some of theincidents we're dealing with it
was no MFA, I mean single factorauthentication, and someone
lost their account.
You're sort of leaving it to beattacked and if you don't have
some software or technology orcapability to monitor those
attempts, that's really hard towork out.
I even see the attacks start tosort of reduce and you can see
(12:29):
the efforts that Threat Actorsput into it.
Mfa absolutely had a greatimpact on reducing the amount of
people coming into platformsjust with the username and
password.
And then what we saw is theThreat Actors counter with great
tools like Evilgenics which aredesigned to steal that MFA
token.
And then they pivoted andadjusted the way they were
attacking us to not only get ourusername and password but also
(12:50):
to get that MFA piece.
And that was a clear change inthe way that the threat actors
have their business model andtheir playbooks to counter the
security we're putting in place.
Then you see players likeMicrosoft once again go off.
You know what?
Okay, we can fix that.
Yes, and we'll put in.
You know, single session can'tbe shared tokens and you can't
do that anymore.
And the cat mouse game thatyou'll see played is interesting
(13:13):
.
Yes, but those coretechnologies that just make you
safe, if you put them in, theywork, yes, and they reduce the
risk enormously.
Michael van Rooyen (13:19):
That's a really good point, right, and I
think you've touched on it acouple of times.
There are some fantastic toolsout there and some of them don't
actually have to cost a lot ofmoney.
Things like MFA, you know, arefairly low cost and are even
provided by certain applicationsand services you know really
use them right.
Is your point there to say youknow you've got this ability to
reduce your risk exposurepersonally and business, right?
Darren Hopkins (13:38):
I think you should even go a step further.
If you have the tools at yourdisposal, and even if most of
them won't cost anything I thinkMFA is included in every Office
365 license through thesecurity essentials package that
you just get.
It might not be as easy toconfigure and maintain if it's
at the basic level, but it works.
If you elect to not turn on thetechnologies that are
inherently available to you,that everyone would say will
(14:00):
benefit and secure your platformwhen something goes wrong.
You're opening up a very, veryclear opportunity for someone
like a regulator to hold youaccountable for not doing enough
, because the tools were there,the knowledge was there and the
intent is that you keep thisstuff safe and you've just
decided not to do it.
Yes, and if that's the case,you should feel that you are
going to be hit pretty hard withthat stick, of course.
Michael van Rooyen (14:22):
Of course, just a few more questions I'm
interested to talk about.
What are you seeing as some ofthe emerging technologies that
you believe will impact digitalforensics and cybersecurity, and
maybe how could businessesleverage them?
Darren Hopkins (14:37):
security and maybe how could businesses
leverage them.
At the moment, I think we'reall sort of focused on that one
crazy two-letter word, ai, thatis impacting many of the things
that we're doing.
I know I enjoy sort of doing acouple of searches each morning
to see what the latest AI app is, how someone using or misusing
AI to support what they're doing, and there's some incredible
advancements there.
On the defense side, I see whatthe security companies are
doing with AI to improve theability to respond and detect
(15:00):
cyber incidents.
It's incredible how quick AIhas adapted the core
technologies.
We have to just be better andfaster Some of the technology
that we use in incident response.
We've now got AI embedded inthat technology and we can go
off and actually ask itquestions on how to actually do
things better.
So how would I go off and lookfor evidence of a nation state
(15:22):
threat actor in this network ifthe nation state was X?
The technology will come backand say, well, this is how you
do it and do it well without mehaving to work those things out.
I mean, those are things thatmake us smarter and faster in
our job.
And then you've got that nextlevel in the defence world,
which is well.
Rather than relying on all mySOC operators and all my people
to look for alerts andunderstand what they are, let's
(15:43):
let the AI do that for us.
It will determine what's atrisk and what's not, based on
behaviours and all these things,far quicker than we ever would,
and then let our specialistsdeal with how do I deal with
those things?
So, so the real time piecearound being better to respond,
and I can see all of thosetechnologies coming in just to
support our ability to detect,block and make it safe.
(16:07):
Unfortunately, threat actors aredoing the same thing and
they're using the sametechnologies.
Write me a brand new piece ofmalware that will just get
around these particular types ofdefenses or exploit this
particular type of vulnerability, and so what they're doing is
they're able to leverage andpivot vulnerabilities faster
than they ever were able to,maybe quicker than we can
actually come back with aresponse.
Right, and certainly the socialengineering side of the world
has gotten harder.
Now I sort of started this.
(16:28):
You know, in the old days,threat actors couldn't spell
Google correctly and it wasreally obvious.
Now we're having a Zoom callwith a person who's a simulation
, who's not real.
Who's having a real-timeconversation in someone else's
voice.
Who's trying to make you make apayment and all that's driven
by AI and deepfake technologyand it's really hard to pick up.
And how are people supposed toactually counter that?
(16:51):
It's hard.
Michael van Rooyen (16:52):
It's just continuing this cat and mouse
thing, right?
I mean, we're using it todefend, they're using it to work
ways around it, and it's goingto be fascinating to watch how
that evolves over time from anAI point of view and how else we
use it.
Being a leader, obviously,managing teams, and you've
worked in high criticalsituations and bring people
together, et cetera, et cetera.
What advice would you giveaspiring professionals who are
looking into getting intocybersecurity or digital
(17:14):
forensics?
Everyone's keen on it becauseeveryone sees the movies and all
that, but obviously there's alot of hard work behind it.
Can you give some advice?
Darren Hopkins (17:21):
Yeah, there's no such role as Abby from CSI, who
can do all of those things.
She's an amazing white hat pentester, digital forensic expert
and she also works in a lab anddoes DNA testing.
She doesn't exist I wish shedid, and she can solve a crime
in 30 minutes.
The exist I wish she did, andshe can solve a crime in 30
minutes.
The reality is there's far moreeducation out there if you're
interested in this realm.
In the past, universities didn'treally have cyber courses.
(17:43):
They all do now and they've allgot quite good courses the
industry qualifications that youcan go off and achieve yourself
, certifications, and thoseprograms are excellent.
I hold a lot of weight forsomeone that's gone off and done
a certification as they startto this, because it demonstrates
they can do what they want todo, and we're absolutely all
recruiting at very, very juniorlevels.
You don't have to have a lot ofexperience.
(18:04):
I just want to know that youunderstand the fundamentals.
You do need to have a decenttechnical capability because
it's hard to learn some of thosethings on the go, and you'll
get that through, whatever youend up doing, as long as you
focus on those areas and then bewilling to continue learning,
and that's the no different toany job, I guess, is you'll
start by learning and keeplearning, and I'm still learning
(18:25):
.
Cool, so it's just be committedto it.
The cool thing about cyber isthat um and I sort of joke with
my team all the time you know,not all heroes wear case, but we
probably should you're actuallyworking for a mission, that's
we're actually defending, we'reout there countering Russian
threat actors and organizedcrime.
How many jobs?
Can you say that my day job isto defend a country against an
organized crime group.
(18:45):
That is pretty cool.
And you're actually helpingbusinesses, you're helping
organizations, you're helpingpeople in your day job?
Yes, and then, coming from alaw enforcement background where
that was the mission, that'swhat our goal was to do.
Being an industry where you canstill, in a way, play a part in
that, it's quite a fulfillingcareer to actually have you look
at absolutely beat, and it's areally good point.
Michael van Rooyen (19:07):
You're defending people and their
livelihood right, effectively ata grassroots level.
How do you see the skillshortage in this area?
It's always talked about.
How are you struggling withthat?
Darren Hopkins (19:21):
Yeah, I'm not sure if there's a complete skill
shortage.
Sometimes it's hard to get theright person for the exact job
that you want.
Often you have to be a bit moreflexible to say I'm happy to
retrain or to support or growsomebody into the role you have.
One thing that I've noticed issecurity professionals, because
there's not as many of us outthere and it's clear you look at
the university stats and otherstats as to how many are sort of
entering this market.
We don't have enough females inour industry.
(19:42):
We're so, so short on goodprofessionals in that space, and
I've talked to universitiesabout why and we've got to do
better to get more girls intoour teams.
I'm lucky I've got a team whichis very, very evenly balanced
and and I got some incrediblysmart people there.
But it is a smaller team andpeople accelerate their careers
(20:02):
quite quickly when they're goodcan be an expensive resource to
acquire.
I know for some smallbusinesses they would love to
get some security professionalsin and quite often they look at
what they need to pay and it'sjust difficult to manage that.
So I don't know as an industryhow we counter that.
I think it's going to beallowing more junior people in
quickly and acknowledging thatyou don't have to have 10 years
(20:23):
experience to do a security job.
You can absolutely be effectiveat a lower level and probably
better skills training acrossthe board to acknowledge that.
Michael van Rooyen (20:31):
Yeah, fair enough too.
As we wrap up, reflecting on acareer, what's been some of the
most rewarding experiences andwhat continues to motivate you
is it is it that you knowprotecting people, or anything
outside of that?
Darren Hopkins (20:44):
crazily enough, I still get a buzz out of a
crisis.
Michael van Rooyen (20:46):
I don't know why I'm living someone else's
crisis every day for a long timeyeah, uh, it's a weird
adrenaline rush.
Darren Hopkins (20:54):
Uh, there is something about being able to
come in and being part of a teamto solve and protect.
If I look back in my way, wayback in the early career, at the
end of my career, a lot of thatwas working with the teams in
the child abuse teams or thechild exploitation teams around
protecting our kids, and thatwas incredibly important back
(21:14):
then to be able to, you know,demonstrate that you're doing
something that has meaning.
I think we all look for that ina career.
Now I still see and often comeaway from a job and I've helped
maybe a smaller business comeout the back of something where
they can recover and continuetrading and business and
continue to move forward orprotect a bunch of people's
(21:35):
identities.
Any of those things help andit's an industry that's
continually changing it.
Just it doesn't stop giving yousomething new to learn.
Michael van Rooyen (21:43):
That's quite , quite fun, even at my age yes,
motivating, motivating, uh, anddarren's fairly young, by the
way, for those listening, he's,he's, he's done playing.
How old he is.
Um, look, I know you touched onquite a few important points uh
, boards and approaches,everything like that.
Just to close out, is there afinal key message you'd want to
leave people listening?
(22:03):
I know you're very passionateabout the space, about helping
people be protected and lookingafter businesses, et cetera.
Anything you want to summariseas a key takeaway for them
around cyber and forensics andprotecting themselves.
Darren Hopkins (22:14):
If you, as a business or organisation, are
only just starting, the factthat you've started is important
.
Don't stop the journey tobecoming more resilient and
secure.
It's really important.
I've seen what happens if youdon't actually invest and take
this threat seriously.
The other thing that McGranicledoes is we're a firm of two
halves and the other half of ourfirm is one of the preeminent
(22:36):
restructuring and insolvencyfirms in the country.
I don't want you to meet thoseguys quite clearly, because if
you get to meet that team, itmeans something has gone
terribly wrong.
Literally.
My only advice is it's nevertoo late.
Start now, understand where youneed to start, build a plan and
start doing something about it,and understand that this is a
(22:56):
business risk it's no differentto any other risk that you deal
with and just make it part ofthe DNA of the business, and
then, if you make it really hardfor a cyber criminal, they're
probably going to move on.
Yes, so don't leave yourselfexposed.
Michael van Rooyen (23:08):
Fair enough, fair enough.
And then the last one that I'dlike to ask all participants who
I get a chance to interview iscan you tell me about the most
significant technology change orshift that you've been involved
in or seen in your time doingthis?
And that can be anything.
It can be pretty broad right Ican give up my age at this point
to be honest, I actually got tosee the first mobile phones.
Darren Hopkins (23:28):
I mean, I was one of the lucky ones that had a
mobile phone in a bag, rightwhich there was a battery which
weighed about I don't know fivekilos, and then a handset, and
then when I finally progressedto my brick which you'll only if
you go off and uh google search, you know large brick phone,
you'll see what I mean.
And there's a few early uhmovies that used to have them.
I was pretty cool back then tobe able to have something which
(23:50):
was about the size of a brick,yes, yes, as my mobile.
But I mean the shift to mobilewas an incredible change.
That happened very, veryquickly over a few years where
we were in this world of bigtech, large infrastructure and
to these personal devices thatnow we just take for granted.
That phone that we all have andthat we all use has more
(24:14):
capacity and capability thanwhole file server rooms and huge
amounts of infrastructure Iused to look after when I
started and it just blows meaway and the next five to 10
years, anyone in our industry.
You have a look at what AI andthe other tech advancements
we're seeing and theminimization of technology still
(24:34):
, and I was watching the newrobots being marched out by mr
musk and his team and howincredible in in two years
they've transformed that pieceof science.
And I think his last thing isthat he expects that within a
few years time you'll be able tohave your own robot for about
30 to 40 000, he said about thesame cost of a car.
(24:54):
But this thing will be doanything else you want to do and
that's ahead of us in the nextshort amount of time and it's
pretty exciting to see that youknow when our overlords take us
over and we're just minions tothe AI that we got to see it.
Michael van Rooyen (25:07):
Yeah, correct, we've been able to live
the journey and send it fromCinebop.
But I really do like the mobilephone.
I think people havemisappreciated what that really
meant for us, right and theability to, as you said, use
this device for so many things.
It really has changed the worldand even if you look at a few
movies and even TV series thataren't that old, really you know
you don't see them using thatright, using phone booths and
(25:29):
being able to not even just wejust consider it as standard
right.
So I really like the one.
Darren, really appreciate thetime today.
Thanks for the chat, very, veryinsightful and, yeah, thanks
again, no thanks for having meit was good great.
Here is part two of my discussion with
Darren Hopkins, partner atMcGrath Nickel.
If you missed last week, Isuggest you have a listen to
that.
First Just want to talk alittle bit more again around
some of the digital forensicsquickly because I think that's
very interesting.
I certainly appreciate yourpoint on getting the ability to
(00:23):
mitigate early, get insights,get views etc.
But for those listening can youjust explain a bit around kind
of the digital forensics you do,maybe even give an example of
the kind of work you guys dofrom an interesting point of
view and how critical it hasbecome for how to mitigate and
help customers get out of theproblem and really what the
digital forensics part plays inhelping customers.
Darren Hopkins (00:40):
Yeah, it's still a really important part of our
business and it's where we camefrom helping customers.
Yeah, it's still a reallyimportant part of our business
and it's where we came from.
We're sort of proud to actuallyhave a group of really talented
digital forensic professionalswho do those things.
It's a different discipline inthat it's highly technical.
It's one of these things whereyou have to really know the
underlying technology you'redealing with and generally
there's no tool with a findevidence button.
(01:00):
There's a few of them that helpus in our job, but it still
relies on a few things.
It also relies on aninvestigative mind to do what
you're doing, so a lot of thework we do in that space would
often be either connected tomisconduct or other
investigations into issues wherethe technology is really
relevant.
Often we're working for lawyersor for a court process as well,
and it may be a litigationwhere you're supporting A really
(01:23):
common type of work.
That we would see would besomething as simple as an
intellectual property theft, andmany businesses have seen where
, as a business, you build upsome intellectual property
that's really important to yourbusiness, and maybe even just a
list of really important clientsand pricing models and a way
you go approach your market thatmakes you successful, and
somebody in your businessdecides that they could start up
(01:44):
their own business and it's notthat hard, and maybe assume
that because they've beenworking with you or for you for
the last so many years thatthey're entitled to some of that
as well, and and often go offand leave and start up in
competition.
Now you can't just go off anddo that and take all of that
work, product and effort fromthe first business to start your
own up.
Yes, so we often get called,get called in to sort of well,
help us just to prove that thishas happened.
(02:06):
You know, we think this hashappened, we're pretty sure it's
happened.
Often they know because clientsring them up and say hey, I've
just had a mail out from anex-person and they shouldn't
have my details, but they seemto.
The digital forensic sideenables you to collect evidence
from devices to prove thosecertain things, and often what
we're doing is relying onevidence that's on a computer
(02:27):
designed for a different use butwe're interpreting it in a
different way.
So a classic example is I wantto know if someone stole some IP
and transferred it to a USBdrive.
That's the number one question.
How do they get this stuff outof here?
Do they email it to themselves,do they drop it into a Dropbox
or do they pop a USB?
In Computers don't keep a trackof every file you copy to USB
and have a lovely audit list foryou to look at?
I wish they did.
(02:48):
I've been asking Microsoft todo it for years.
They haven't.
So how do I work out what wasstolen?
And that's the first question,and what you have to use is a
whole bunch of differentartifacts that the computer has
to tell that story.
So when you plug a USB in, thefirst thing that happens is it
looks at the make and model ofthat, that device, and it works
out that I need to load a driverto open that USB up so you can
(03:08):
see it.
So in the background there's adriver that is found and loaded
and runs and that device comeson and the registry, which is
the database on your computer tokeep track of settings, it'll
go hang on.
You've just loaded a new USB.
I need to keep a track of thatso next time I can do that.
So there's a registry store forthe USB and it will keep a
track of the make, the model,the serial number when you first
(03:30):
connected that USB and the lasttime you connected it, and
it'll even quite often tell youthe last drive letter that was
signed to it and it's just adatabase of keeping a track.
Sure, so I now know the firstand last time you plug that USB
in, and sometimes I can eventell the multiple times you've
done that and I know the makemodel and serial number, great.
I then go off and have a look atsomething like link files, so
(03:50):
shortcuts.
You know every time you createa shortcut on your desktop or
you open up Word and if you gointo Word or Excel and you'll
see the last 10 documents you'velooked at yes, the way the
computer does that into thatfolder and it's just a link to
where the document really is.
But in that link file, when youlook at it at a binary level,
(04:12):
it has other things in there.
It actually says well, thisparticular link file goes to
this device, which might includethe device's name, and it will
also go off and tell you whereit's connected.
It'll give you a volume serialnumber and it'll also go off and
give you the file's connected.
It'll give you a volume serialnumber and it'll also go off and
give you the file name.
It'll give you two sets ofdates and times when you opened
it and the dates and times onthe document itself.
So that's helping me build aplan.
(04:33):
And then we might look atsomething such as a shell bag.
And it's another weird conceptIf you open up a window, if
you're a clicker like me,clicker like me and you like to
double click on my computer,then c drive or go to your
documents folder and have a lookin there.
Each time you open up thosewindows it displays things in a
way that you remember.
I like to use detailed lists, Idon't like the icons, so I like
to.
When I open it up, I want thewindow to be a certain size and
(04:55):
I want to see the documents in alist.
And it remembers that the usbstore, when you plug it in,
creates a shell bag entry in theregistry that keeps a list of
the way you want to see thatfolder.
And, lo and behold, it keeps alist of what was in that folder.
Oh, wow.
Now when you take all of thoseartifacts and pull them out of
databases and registries and logfiles and settings files and
(05:15):
merge them together, what I dois I know that you plug the USB
in on this date and it wasassigned D drive.
And then when having a look atD drive, on that data, I can see
there was a list of files onthat drive and I can tell you
that they were USB and they'rean external to this device.
And you unplugged it and themake model serial number was X.
Wow, pretty powerful evidence.
And then to take, someone saidwell, this is how you copied the
files and I'd like to see thatUSB delivered back to our client
(05:37):
, please.
Wow.
And that's one of manydifferent examinations where
you're pulling data from acomputer that's used for
different purposes to tell adifferent story.
And it's one of the excitingthings about digital forensics
and it is trying to find thoselittle snippets of things that
are quite relevant to tellingsomething different or proving
something's occurred.
Michael van Rooyen (05:56):
Yeah, look, I'm just getting excited
listening to it.
I mean, people don't think ofthat, but that's what you guys
specialize in.
Would it be fair to say,looking at your history of the
20 plus years where forensicsstarted, compared to how well
we're connected now with thesemachines, that there's so much
more digital fingerprinting oneverything, so you can easily
build a better case to work outwhat's happened?
Darren Hopkins (06:14):
Yes and no.
Some of the good old schoolWindows type artifacts have been
disappearing as Microsoft andtheir infancy and wisdom makes
their operating system better.
One of the issues in digitalforensics it's often point in
time I'm looking at whathappened and I'm looking at what
I can see right now, and someof those artifacts will be lost.
I only see what's there now.
One thing that we are nowstarting to see is this
(06:35):
convergent between the digitalforensics world and the security
world.
I get excited in digitalforensics when I know that the
client has a SIEM.
Yes, so they're shipping allthose log files, they're
shipping all that data, all ofthose telemetry events, into a
SIEM and a database, and you cango back far, far further and
you can actually start to traceother behaviors and activities
and components as well and mergethose two sources together to
(06:58):
really tell a story, especiallywith the online stuff as well.
But one thing that has happenedis that there's better tools
for us.
We're now dealing with devicessuch as phones.
Yes, so a lot of our digitalforensics has moved to mobile
devices and in the past we werea bit more careless with it came
to.
I'll send myself an email orI'll talk to someone in email
(07:19):
about the bad things I'm doingNow.
You'll text each other oryou'll jump into a WhatsApp
group and have a chat there badthings I'm doing now.
You'll text each other oryou'll jump into a WhatsApp
group and have a chat there.
We still get access to thosedevices and we'll still
interrogate that evidence.
It's just a little bit moredifficult and uses special tools
to do it.
Michael van Rooyen (07:33):
Right, if I think about cloud computing,
then if we just pivot slightlyto think about, is it getting
harder now that there's so manythings put in the cloud?
Or is digital forensics evenharder now that a lot of people
shipping stuff you know intocloud environments, or is it
still kind of on par with whatyou do today?
Darren Hopkins (07:48):
if they use a computer, there's still often
some evidence of what they'vedone.
All those cloud repositoriesfor storage you still have to go
to them or connect to them orhave something to copy something
to.
But pure cloud now, whereeverything's sitting there and
your data's there, it it'sdifferent.
It is We've had quite a fewbreaches which are full cloud
(08:08):
breaches in various platforms.
If someone gets into a bucketand then we'll steal data from
those things, it's a verydifferent approach.
But ultimately it's justunderstanding where the data
sources are.
One thing that cloud has done isthat there's generally really
good logging and auditing anddata behind the seams to rely
upon, and often there are teamsto support that.
What I have seen which isdisappointing is that clients
(08:31):
sometimes they'll like to notturn that on.
So on a Windows computer it'son generally by default.
You know a registry you can'thire to stop.
But you can go into an AWSinstance and not turn on guard
duty logging or not wanting tokeep your logs for more than 30
days because you don't want toincur the costs.
Sometimes they're a poordecision when it comes to an
(08:51):
investigation that happened sixmonths ago.
Michael van Rooyen (08:53):
Absolutely, Absolutely.
Would it be fair to say that Iknow there's a lot of threat
actors externally?
We've touched on what's thebalance of internal threat
actors disgruntled employeesleaving Is that still one of the
big seeds of some of theseissues?
Darren Hopkins (09:05):
On the organised crime side, it's still very
much overseas threat actors thatyou see coming in.
In the last 12 months I haveseen more insider threats that
are real in the cyber world thanI have in a long time.
I mean it's Australians thatwere the ones that were doing
something that you would expectsomeone from an Eastern Bloc
country to maybe have done usingmalware and collecting data and
(09:27):
doing other things, which isconcerning.
We see a lot more interest fromorganized crime groups to
recruit insiders to help on whatthey do.
It's so much easier to breakinto a network if someone gives
you the domain administratorusername, password and an MFA.
There's big money for that andyou can see on the dark web
(09:48):
people trying to recruit andoffer rewards for domain admin
access on this particular typeof industry.
If you can give us those things, we'll pay you a couple of
hundred grand.
I mean serious money.
And then I think about all thebusinesses where I think our own
employees.
Maybe we think we've gotcomfort, but how many
contractors do you have thatyou're not really sure about
their loyalty and will they behere for very long?
(10:13):
And would that risk of givingup those creds be something that
we consider and we still see alot of insider threat around the
general risks to the digitalforensic type investigations
that we're just talking to aswell, and the economy drives
some of that behavior.
When the economy struggles,people will sometimes make
poorer decisions around whatthey think is appropriate.
If someone's known about avulnerability in a finance
platform for a long time andthey know that they could
probably pay themselves aninvoice and get away with it, if
(10:35):
times are good and they'rehappy and comfortable, they tend
to like not do anything aboutit or even, hopefully, tell
someone about the issue.
When times are really tough andpeople are struggling, you'll
start to see people just havinga go and it's disappointing, but
it's human nature.
Michael van Rooyen (10:51):
Of course.
Of course, that's a really,really interesting data point.
So would it be fair to say thatyou've seen a bit more activity
now because people are goingthrough a bit of a tough spell
with the economy and this ismore of a global question, I
guess.
Are you seeing any of thatevidenced?
Darren Hopkins (11:02):
Yeah, certainly.
As a firm, we have a reallygood investigations team that
deals with the corporatecorruption and other things as
well, certainly seen an uptickin the poor behaviors and frauds
.
We've also seen a few matterswhere people are harvesting
credentials of colleagues andthings like that, and you have
to understand.
We have to ask the questionwell, why and why are you going
(11:23):
to do something like that to tryand monetize it internationally
?
It doesn't make any sense, butwe've seen more of it.
Hopefully it's not just due toI'm not saying we've got the
poor economy at the moment, butcost of living is not what it
used to be, of course, and, asyou said, it's human nature,
right, unfortunately.
Michael van Rooyen (11:47):
Two other things you touched on there is a
really clear message about SIEMand logging, because that
really is the starting point ofreducing some of these things
happening.
Visibility right, reallygetting key visibility.
You touched on MFA briefly aspart of maybe someone paying for
someone to use their MFA.
Have you seen a big impact inMFA really slowing a lot of
these things down?
I mean obviously more and morepeople adopting MFA.
More, more applications are.
Some people don't turn it on,which is a different discussion,
but have you seen that reallyhave some dent in reducing some
of these incidents?
Darren Hopkins (12:08):
Oh, absolutely.
It used to be called our silverbullet.
It wasn't MFA, it's a silverbullet to stop losing access to
your accounts.
At the moment, some of theincidents we're dealing with it
was no MFA, I mean single factorauthentication, and someone
lost their account.
You're sort of leaving it to beattacked and if you don't have
some software or technology orcapability to monitor those
attempts, that's really hard towork out.
I even see the attacks start tosort of reduce and you can see
(12:29):
the efforts that Threat Actorsput into it.
Mfa absolutely had a greatimpact on reducing the amount of
people coming into platformsjust with the username and
password.
And then what we saw is theThreat Actors counter with great
tools like Evilgenics which aredesigned to steal that MFA
token.
And then they pivoted andadjusted the way they were
attacking us to not only get ourusername and password but also
(12:50):
to get that MFA piece.
And that was a clear change inthe way that the threat actors
have their business model andtheir playbooks to counter the
security we're putting in place.
Then you see players likeMicrosoft once again go off.
You know what?
Okay, we can fix that.
Yes, and we'll put in.
You know, single session can'tbe shared tokens and you can't
do that anymore.
And the cat mouse game thatyou'll see played is interesting
(13:13):
.
Yes, but those coretechnologies that just make you
safe, if you put them in, theywork, yes, and they reduce the
risk enormously.
Michael van Rooyen (13:19):
That's a really good point, right, and I
think you've touched on it acouple of times.
There are some fantastic toolsout there and some of them don't
actually have to cost a lot ofmoney.
Things like MFA, you know, arefairly low cost and are even
provided by certain applicationsand services you know really
use them right.
Is your point there to say youknow you've got this ability to
reduce your risk exposurepersonally and business, right?
Darren Hopkins (13:38):
I think you should even go a step further.
If you have the tools at yourdisposal, and even if most of
them won't cost anything I thinkMFA is included in every Office
365 license through thesecurity essentials package that
you just get.
It might not be as easy toconfigure and maintain if it's
at the basic level, but it works.
If you elect to not turn on thetechnologies that are
inherently available to you,that everyone would say will
(14:00):
benefit and secure your platformwhen something goes wrong.
You're opening up a very, veryclear opportunity for someone
like a regulator to hold youaccountable for not doing enough
, because the tools were there,the knowledge was there and the
intent is that you keep thisstuff safe and you've just
decided not to do it.
Yes, and if that's the case,you should feel that you are
going to be hit pretty hard withthat stick, of course.
Michael van Rooyen (14:22):
Of course, just a few more questions I'm
interested to talk about.
What are you seeing as some ofthe emerging technologies that
you believe will impact digitalforensics and cybersecurity, and
maybe how could businessesleverage them?
Darren Hopkins (14:37):
security and maybe how could businesses
leverage them.
At the moment, I think we'reall sort of focused on that one
crazy two-letter word, ai, thatis impacting many of the things
that we're doing.
I know I enjoy sort of doing acouple of searches each morning
to see what the latest AI app is, how someone using or misusing
AI to support what they're doing, and there's some incredible
advancements there.
On the defense side, I see whatthe security companies are
doing with AI to improve theability to respond and detect
(15:00):
cyber incidents.
It's incredible how quick AIhas adapted the core
technologies.
We have to just be better andfaster Some of the technology
that we use in incident response.
We've now got AI embedded inthat technology and we can go
off and actually ask itquestions on how to actually do
things better.
So how would I go off and lookfor evidence of a nation state
(15:22):
threat actor in this network ifthe nation state was X?
The technology will come backand say, well, this is how you
do it and do it well without mehaving to work those things out.
I mean, those are things thatmake us smarter and faster in
our job.
And then you've got that nextlevel in the defence world,
which is well.
Rather than relying on all mySOC operators and all my people
to look for alerts andunderstand what they are, let's
(15:43):
let the AI do that for us.
It will determine what's atrisk and what's not, based on
behaviours and all these things,far quicker than we ever would,
and then let our specialistsdeal with how do I deal with
those things?
So, so the real time piecearound being better to respond,
and I can see all of thosetechnologies coming in just to
support our ability to detect,block and make it safe.
(16:07):
Unfortunately, threat actors aredoing the same thing and
they're using the sametechnologies.
Write me a brand new piece ofmalware that will just get
around these particular types ofdefenses or exploit this
particular type of vulnerability, and so what they're doing is
they're able to leverage andpivot vulnerabilities faster
than they ever were able to,maybe quicker than we can
actually come back with aresponse.
Right, and certainly the socialengineering side of the world
has gotten harder.
Now I sort of started this.
(16:28):
You know, in the old days,threat actors couldn't spell
Google correctly and it wasreally obvious.
Now we're having a Zoom callwith a person who's a simulation
, who's not real.
Who's having a real-timeconversation in someone else's
voice.
Who's trying to make you make apayment and all that's driven
by AI and deepfake technologyand it's really hard to pick up.
And how are people supposed toactually counter that?
(16:51):
It's hard.
Michael van Rooyen (16:52):
It's just continuing this cat and mouse
thing, right?
I mean, we're using it todefend, they're using it to work
ways around it, and it's goingto be fascinating to watch how
that evolves over time from anAI point of view and how else we
use it.
Being a leader, obviously,managing teams, and you've
worked in high criticalsituations and bring people
together, et cetera, et cetera.
What advice would you giveaspiring professionals who are
looking into getting intocybersecurity or digital
(17:14):
forensics?
Everyone's keen on it becauseeveryone sees the movies and all
that, but obviously there's alot of hard work behind it.
Can you give some advice?
Darren Hopkins (17:21):
Yeah, there's no such role as Abby from CSI, who
can do all of those things.
She's an amazing white hat pentester, digital forensic expert
and she also works in a lab anddoes DNA testing.
She doesn't exist I wish shedid, and she can solve a crime
in 30 minutes.
The exist I wish she did, andshe can solve a crime in 30
minutes.
The reality is there's far moreeducation out there if you're
interested in this realm.
In the past, universities didn'treally have cyber courses.
(17:43):
They all do now and they've allgot quite good courses the
industry qualifications that youcan go off and achieve yourself
, certifications, and thoseprograms are excellent.
I hold a lot of weight forsomeone that's gone off and done
a certification as they startto this, because it demonstrates
they can do what they want todo, and we're absolutely all
recruiting at very, very juniorlevels.
You don't have to have a lot ofexperience.
(18:04):
I just want to know that youunderstand the fundamentals.
You do need to have a decenttechnical capability because
it's hard to learn some of thosethings on the go, and you'll
get that through, whatever youend up doing, as long as you
focus on those areas and then bewilling to continue learning,
and that's the no different toany job, I guess, is you'll
start by learning and keeplearning, and I'm still learning
(18:25):
.
Cool, so it's just be committedto it.
The cool thing about cyber isthat um and I sort of joke with
my team all the time you know,not all heroes wear case, but we
probably should you're actuallyworking for a mission, that's
we're actually defending, we'reout there countering Russian
threat actors and organizedcrime.
How many jobs?
Can you say that my day job isto defend a country against an
organized crime group.
(18:45):
That is pretty cool.
And you're actually helpingbusinesses, you're helping
organizations, you're helpingpeople in your day job?
Yes, and then, coming from alaw enforcement background where
that was the mission, that'swhat our goal was to do.
Being an industry where you canstill, in a way, play a part in
that, it's quite a fulfillingcareer to actually have you look
at absolutely beat, and it's areally good point.
Michael van Rooyen (19:07):
You're defending people and their
livelihood right, effectively ata grassroots level.
How do you see the skillshortage in this area?
It's always talked about.
How are you struggling withthat?
Darren Hopkins (19:21):
Yeah, I'm not sure if there's a complete skill
shortage.
Sometimes it's hard to get theright person for the exact job
that you want.
Often you have to be a bit moreflexible to say I'm happy to
retrain or to support or growsomebody into the role you have.
One thing that I've noticed issecurity professionals, because
there's not as many of us outthere and it's clear you look at
the university stats and otherstats as to how many are sort of
entering this market.
We don't have enough females inour industry.
(19:42):
We're so, so short on goodprofessionals in that space, and
I've talked to universitiesabout why and we've got to do
better to get more girls intoour teams.
I'm lucky I've got a team whichis very, very evenly balanced
and and I got some incrediblysmart people there.
But it is a smaller team andpeople accelerate their careers
(20:02):
quite quickly when they're goodcan be an expensive resource to
acquire.
I know for some smallbusinesses they would love to
get some security professionalsin and quite often they look at
what they need to pay and it'sjust difficult to manage that.
So I don't know as an industryhow we counter that.
I think it's going to beallowing more junior people in
quickly and acknowledging thatyou don't have to have 10 years
(20:23):
experience to do a security job.
You can absolutely be effectiveat a lower level and probably
better skills training acrossthe board to acknowledge that.
Michael van Rooyen (20:31):
Yeah, fair enough too.
As we wrap up, reflecting on acareer, what's been some of the
most rewarding experiences andwhat continues to motivate you
is it is it that you knowprotecting people, or anything
outside of that?
Darren Hopkins (20:44):
crazily enough, I still get a buzz out of a
crisis.
Michael van Rooyen (20:46):
I don't know why I'm living someone else's
crisis every day for a long timeyeah, uh, it's a weird
adrenaline rush.
Darren Hopkins (20:54):
Uh, there is something about being able to
come in and being part of a teamto solve and protect.
If I look back in my way, wayback in the early career, at the
end of my career, a lot of thatwas working with the teams in
the child abuse teams or thechild exploitation teams around
protecting our kids, and thatwas incredibly important back
(21:14):
then to be able to, you know,demonstrate that you're doing
something that has meaning.
I think we all look for that ina career.
Now I still see and often comeaway from a job and I've helped
maybe a smaller business comeout the back of something where
they can recover and continuetrading and business and
continue to move forward orprotect a bunch of people's
(21:35):
identities.
Any of those things help andit's an industry that's
continually changing it.
Just it doesn't stop giving yousomething new to learn.
Michael van Rooyen (21:43):
That's quite , quite fun, even at my age yes,
motivating, motivating, uh, anddarren's fairly young, by the
way, for those listening, he's,he's, he's done playing.
How old he is.
Um, look, I know you touched onquite a few important points uh
, boards and approaches,everything like that.
Just to close out, is there afinal key message you'd want to
leave people listening?
(22:03):
I know you're very passionateabout the space, about helping
people be protected and lookingafter businesses, et cetera.
Anything you want to summariseas a key takeaway for them
around cyber and forensics andprotecting themselves.
Darren Hopkins (22:14):
If you, as a business or organisation, are
only just starting, the factthat you've started is important
.
Don't stop the journey tobecoming more resilient and
secure.
It's really important.
I've seen what happens if youdon't actually invest and take
this threat seriously.
The other thing that McGranicledoes is we're a firm of two
halves and the other half of ourfirm is one of the preeminent
(22:36):
restructuring and insolvencyfirms in the country.
I don't want you to meet thoseguys quite clearly, because if
you get to meet that team, itmeans something has gone
terribly wrong.
Literally.
My only advice is it's nevertoo late.
Start now, understand where youneed to start, build a plan and
start doing something about it,and understand that this is a
(22:56):
business risk it's no differentto any other risk that you deal
with and just make it part ofthe DNA of the business, and
then, if you make it really hardfor a cyber criminal, they're
probably going to move on.
Yes, so don't leave yourselfexposed.
Michael van Rooyen (23:08):
Fair enough, fair enough.
And then the last one that I'dlike to ask all participants who
I get a chance to interview iscan you tell me about the most
significant technology change orshift that you've been involved
in or seen in your time doingthis?
And that can be anything.
It can be pretty broad right Ican give up my age at this point
to be honest, I actually got tosee the first mobile phones.
Darren Hopkins (23:28):
I mean, I was one of the lucky ones that had a
mobile phone in a bag, rightwhich there was a battery which
weighed about I don't know fivekilos, and then a handset, and
then when I finally progressedto my brick which you'll only if
you go off and uh google search, you know large brick phone,
you'll see what I mean.
And there's a few early uhmovies that used to have them.
I was pretty cool back then tobe able to have something which
(23:50):
was about the size of a brick,yes, yes, as my mobile.
But I mean the shift to mobilewas an incredible change.
That happened very, veryquickly over a few years where
we were in this world of bigtech, large infrastructure and
to these personal devices thatnow we just take for granted.
That phone that we all have andthat we all use has more
(24:14):
capacity and capability thanwhole file server rooms and huge
amounts of infrastructure Iused to look after when I
started and it just blows meaway and the next five to 10
years, anyone in our industry.
You have a look at what AI andthe other tech advancements
we're seeing and theminimization of technology still
(24:34):
, and I was watching the newrobots being marched out by mr
musk and his team and howincredible in in two years
they've transformed that pieceof science.
And I think his last thing isthat he expects that within a
few years time you'll be able tohave your own robot for about
30 to 40 000, he said about thesame cost of a car.
(24:54):
But this thing will be doanything else you want to do and
that's ahead of us in the nextshort amount of time and it's
pretty exciting to see that youknow when our overlords take us
over and we're just minions tothe AI that we got to see it.
Michael van Rooyen (25:07):
Yeah, correct, we've been able to live
the journey and send it fromCinebop.
But I really do like the mobilephone.
I think people havemisappreciated what that really
meant for us, right and theability to, as you said, use
this device for so many things.
It really has changed the worldand even if you look at a few
movies and even TV series thataren't that old, really you know
you don't see them using thatright, using phone booths and
(25:29):
being able to not even just wejust consider it as standard
right.
So I really like the one.
Darren, really appreciate thetime today.
Thanks for the chat, very, veryinsightful and, yeah, thanks
again, no thanks for having meit was good great.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
The Breakfast Club
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy And Charlamagne Tha God!
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.