Rapid Response: Australian Cybersecurity Podcast

Adarsha Sigdel

A podcast about real threats, real Australian incidents and practical advice for SMBs.

Episodes

  1. The Plot Twist- MFA isnt enough anymore

    May 31

    The Plot Twist- MFA isnt enough anymore

    You turned on two-factor authentication. You told your team to do the same. So why are Australian businesses still getting breached? In April 2025, cybercriminals raided five of Australia's biggest super funds in a single coordinated attack — not by hacking their systems, but by using passwords already stolen from somewhere else. AustralianSuper CEO Paul Schroder was explicit: "AustralianSuper was not hacked." The attackers didn't need to be. This episode covers the three techniques that are now bypassing MFA at scale — and what you can do about it this week. ━━━━━━━━━━━━━━━━ WHAT YOU'LL LEARN ━━━━━━━━━━━━━━━━ • Session hijacking: how attackers steal your already-authenticated browser tokens — without needing your password or MFA code — and use them to log in as you • Adversary-in-the-Middle (AiTM) phishing: how tools like Tycoon 2FA intercept your MFA approval in real time, with no technical skill required • MFA fatigue (push bombing): the surprisingly simple technique that brought down Uber in 2022 — and is still working today • How to harden your defences across all three attack types • A 30-day uplift plan you can implement without a dedicated IT team ━━━━━━━━━━━━━━━━ THE NUMBERS BEHIND THIS EPISODE ━━━━━━━━━━━━━━━━ • 94 billion browser cookies were stolen by infostealer malware in 2025 and listed on dark web markets (NordStellar, 2025) • 54% of ransomware victims had their credentials exposed in stealer logs before the attack happened (Verizon DBIR, 2025) • Identity-based attacks surged 32% in just the first half of 2025 — and 97% relied on stolen passwords, not exploits (Microsoft Digital Defense Report, 2025) • The average cost of a cyber incident for an Australian small business is now $56,600 — up 14% in one year (ASD ACSC Annual Cyber Threat Report, 2024–25) • 1.1 million Australian accounts were breached in Q1 2026 alone (Surfshark, 2026) ━━━━━━━━━━━━━━━━ REAL BREACHES COVERED ━━━━━━━━━━━━━━━━ • AustralianSuper and four other super funds (April 2025) — 600 accounts, $500K stolen via credential stuffing • Qantas (July 2025) — up to 6 million customer records taken via a single vishing call to a third-party call centre • Uber (September 2022) — network compromised via MFA fatigue and WhatsApp social engineering ━━━━━━━━━━━━━━━━ YOUR 30-DAY ACTION PLAN ━━━━━━━━━━━━━━━━ Week 1 — Audit & visibility (check haveibeenpwned.com for your domain tonight — it's free) Week 2 — Harden your authentication Week 3 — Protect devices and train your team Week 4 — Monitor, test, and lock in the habit ━━━━━━━━━━━━━━━━ RESOURCES ━━━━━━━━━━━━━━━━ • Report a cyber incident or sign up for ACSC alerts: cyber.gov.au • Check if your business domain has been exposed: haveibeenpwned.com • ASD Essential Eight framework: cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight ━━━━━━━━━━━━━━━━ Rapid Response is a cybersecurity podcast for Australian small and medium business owners. New episodes tackle one real threat at a time — and tell you exactly what to do about it. If this episode was useful, share it with a business owner who needs to hear it. Music track: Lucifer by Pufino Source: https://freetouse.com/music Royalty Free Music (Free Download)

    26 min
  2. From Bug to Breach — Why Vulnerability Management Just Got Harder

    Apr 30

    From Bug to Breach — Why Vulnerability Management Just Got Harder

    Cyberattacks don't start with ransomware screens or phishing emails. They usually begin much earlier — wherever a software vulnerability meets an attacker who knows how to exploit it. This episode breaks down the six-stage attack lifecycle (reconnaissance → initial access → execution → privilege escalation → impact → cover-up) and shows exactly where vulnerabilities appear at every step. We then examine how frontier AI models like Anthropic's Claude Mythos — shown in controlled tests to autonomously discover and exploit thousands of previously unknown vulnerabilities — are compressing the timeline between bug discovery and real-world attacks. For Australian SMBs, this means less time to react and a greater need for clarity about critical systems, vendor dependencies, and decision-making. In under 20 minutes, you'll learn: How vulnerabilities fuel the entire attack chain, not just "initial access" Why AI-driven discovery tools are changing vulnerability management priorities The difference between CVSS scores and real-world exploitability A practical 5-step vulnerability reset grounded in industry standards (CISA KEV, EPSS, NIST) If you've ever wondered whether vulnerability management is "enterprise-only" or what SMBs should actually prioritise — this episode provides clear, actionable answers. Key takeaways: Map internet-facing + business-critical systems first Prioritise by exposure/impact, not severity scores alone Define explicit remediation targets (24-72hrs for critical) Assign clear ownership for decisions and verification Perfect for business owners, IT leads, and MSPs serving Australian SMBs. References: https://red.anthropic.com/2026/mythos-preview/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.first.org/epss/ https://csrc.nist.gov/pubs/sp/800/40/r2/final

    17 min
  3. Cyber Attacks on Critical Infrastructure: Why SMBs Should Care

    Mar 31

    Cyber Attacks on Critical Infrastructure: Why SMBs Should Care

    Cyber Attacks on Critical Infrastructure: Why SMBs Should Care” explores how threats against power, water, telecoms, banking and logistics are no longer just a “big government” problem, but a daily business risk for small and medium organisations. The episode breaks down fresh data from the Australian Cyber Security Centre, which responded to over 1,200 incidents in 2024–25, with around 13% involving critical infrastructure sectors such as energy, transport, communications and financial services. It also draws on the World Economic Forum’s Global Cybersecurity Outlook 2026, showing that about 64% of organisations are now planning for geopolitically motivated attacks on critical infrastructure and less than half of CEOs are confident their country could manage a major CI incident. Through real examples of grid, water and telecom disruptions overseas, the episode explains how these attacks cascade into blackouts, outages, failed payments and supply‑chain delays that hit Australian SMBs even when they’re not the direct target, and closes with a simple 30‑day resilience plan any smaller business can start today References: Main reports Australian Signals Directorate, Annual Cyber Threat Report 2024–25: https://www.cyber.gov.au/sites/default/files/2025-10/Annual%20Cyber%20Threat%20Report%202024-25.pdf Australian Signals Directorate, Annual Cyber Threat Report 2024–25 fact sheet for critical infrastructure: https://www.cyber.gov.au/sites/default/files/2025-10/Annual%20Cyber%20Threat%20Report%202024-25%20factsheet%20for%20critical%20infrastructure.pdf Australian Signals Directorate, Annual Cyber Threat Report 2024–25 fact sheet for businesses and organisations: https://www.cyber.gov.au/sites/default/files/2025-10/Annual%20Cyber%20Threat%20Report%202024-25%20factsheet%20for%20businesses%20and%20organisations.pdf World Economic Forum, Global Cybersecurity Outlook 2026: https://reports.weforum.org/docs/WEF_Global_Cybersecurity_Outlook_2026.pdf Australian Signals Directorate, Small business cyber security guide: https://www.cyber.gov.au/sites/default/files/2025-01/ACSC_Small_business_cyber_security_guide_January_2025.pdf

    21 min
  4. The Phishing Trap: How AI Supercharges Scams Against Australian SMBs

    Mar 2

    The Phishing Trap: How AI Supercharges Scams Against Australian SMBs

    Phishing has evolved from obvious scam emails into one of the most common and costly ways Australian businesses get compromised – and AI has just put it on steroids. In this episode of Rapid Response, we unpack how phishing actually works in 2026, why Australian small and medium businesses are prime targets, and how AI is being used to automate, personalise and massively scale attacks. We walk through the latest Scamwatch 2024–2025 numbers on phishing reports and losses, real ATO/myGov scam patterns, and a practical 7‑step defence plan you can start rolling out this month. Sources (short list):Scamwatch scam statistics (2024–2025): scamwatch.gov.au/research-and-resources/scam-statistics​ATO Scam Alerts (ATO/myGov scams): ato.gov.au/online-services/scams-cyber-safety-and-identity-protection/scam-alerts​ACSC Annual Cyber Threat Report 2024–25: cyber.gov.au/about-us/view-all-content/reports-and-statistics/annual-cyber-threat-report-2024-2025​Cofense – The New Era of Phishing (AI‑powered phishing volume)Check Point Cyber Security Report 2026 (AI‑driven surge in cyberattacks)

    19 min
  5. The Ransomware Reckoning – Why 95% of Aussie Victims Are Paying Up

    Feb 4

    The Ransomware Reckoning – Why 95% of Aussie Victims Are Paying Up

    Ransomware is no longer a rare event for Australian businesses—it’s a business model that’s working brilliantly for attackers. In this episode, we unpack why 95% of Aussie ransomware victims are paying up, walk through real local incidents like Muswellbrook Council and Medibank, and then give you a practical 30-day action plan to harden your backups, segment your network, turn on MFA, and start monitoring your logs so one breach doesn’t wipe out your entire year. SOURCES & REFERENCES:• ACSC Annual Cyber Threat Report 2024-25: cyber.gov.au/about-us/view-all-content/reports-and-statistics/annual-cyber-threat-report-2024-2025• Muswellbrook Shire Council ransomware (Dec 2024): cyberdaily.au/security/11596-exclusive-muswellbrook-shire-council-confirms-december-ransomware-attack• Medibank breach OAIC investigation: oaic.gov.au/news/media-centre/oaic-takes-civil-penalty-action-against-medibank• Rubrik Zero Labs ransomware survey (Australia 2025): technologydecisions.com.au/content/security/news/australian-orgs-the-most-targeted-by-ransomware-in-2025-1004013099

    18 min
  • 5 Episodes

About

A podcast about real threats, real Australian incidents and practical advice for SMBs.

Information