Shows
Don't Be A Sitting Duck PodcastQantas Data Breach: Customer Info Leaked via VendorQantas has joined the long list of major companies hit by cybercrime — this time, through a third-party contact centre platform. In this special Don’t Be A Sitting Duck episode, Leigh Kefford unpacks how customer data was leaked, what it means for businesses, and why vendor risk can no longer be ignored.What You’ll Learn:Which customer details were compromisedWhy third-party platforms are your biggest hidden riskSteps to audit your vendors and protect your businessWhat cyber insurers now expect as minimum standards2025-07-0204 min
Don't Be A Sitting Duck PodcastRansomware Realities: What You Need to KnowRansomware is more dangerous — and more accessible — than ever before. In this episode of Don’t Be A Sitting Duck, Leigh Kefford breaks down what’s really happening behind the scenes, how local businesses are being impacted, and the 5 non-negotiable actions your business must take to stay protected.In This Episode:Why ransomware is exploding in 2025The biggest risks for regional businessesHow phishing, patching, and backups can make or break your responseWhat every business needs to qualify for cyber insuranceThe #1 tool to assess your risk — for freeKey Takeaways:Most ransomware attacks ar...2025-07-0103 min
Don't Be A Sitting Duck PodcastCPS 234: What It Means for Your Business in 2025Is your business really ready for a cyberattack? If you’re in banking, insurance, or superannuation — APRA’s CPS 234 isn’t just a suggestion, it’s mandatory.In this extended episode, Leigh Kefford unpacks the what, why, and how of CPS 234 — Australia’s leading information security standard for regulated financial entities. But even if you’re not regulated, there’s a lot to learn here.What CPS 234 requires from boards, management, and ITWhy third-party accountability still lands on your shouldersWhat actions your business can take today — even as an SMEWhy this isn’t just about compliance — it’s about survivalGe...2025-06-0606 min
Don't Be A Sitting Duck PodcastRansomware Payment Laws Now Mandatory: What You Must ReportFrom 30 May 2025, Australian businesses earning over $3 million per year must report any ransomware or cyber extortion payments to the government within 72 hours. In this episode, Leigh explores:What qualifies as a reportable ransomware or cyber extortion paymentWho needs to report and how to calculate turnover thresholdsWhat’s included in the 72-hour reporting requirementWhy these reports matter for Australia’s national cyber defenceHow to prepare your business now before penalties kick in🎯 Book your free Empower Systems Assessment at nationalpc.com.au/empower🎧 Get the...2025-06-0506 min
Don't Be A Sitting Duck PodcastHealthcare Breach Fears, Retail Attacks & New Ransomware LawsFatalities caused by cyberattacks in hospitals? That’s what healthcare leaders are bracing for—and that’s just the beginning. In this episode of the Don't Be A Sitting Duck Podcast, Leigh Kefford unpacks the critical cybersecurity threats facing Australia right now.We explore:The growing belief that it’s only a matter of time before a cyberattack leads to death in healthcare.New legislation requiring ransomware payment disclosures in Australia.A global surge in retail breaches hitting brands like Victoria’s Secret and The North Face.Full shownotes...2025-06-0504 minDon't Be A Sitting Duck PodcastCybersecurity Threats: Unmanaged Assets, AI Misinformation, and Banking BreachesIn this episode, we delve into the pressing cybersecurity issues facing Australia today. From the dangers of unmanaged digital assets to the rise of AI-generated election misinformation, and the recent malware attacks on major banks, we uncover the vulnerabilities that businesses and individuals must address. Tune in to learn actionable steps to protect your digital environment. 👉 Full transcript and show notes available at sittingduck.com.aucybersecurity threats Australia, unmanaged IT assets, AI misinformation risks, election security Australia, Australian banks cyber attack, malware breach 2025, business cybersecurity, small business IT risk, cybercrime prevention, North Queensland cybersecurity, IT security for law fir...2025-05-0103 minDon't Be A Sitting Duck PodcastAustralia Hit by Infostealer Malware: Banking Credentials Sold OnlineThousands of Australians have had their online banking passwords stolen by stealthy infostealer malware like RedLine and Raccoon Stealer. These credentials are now being sold on dark web marketplaces, putting businesses and individuals at risk. In this episode, I break down how infostealer malware works, why it's so dangerous, and the key steps you must take to protect your business.Episode Notes / Show Notes:How infostealer malware silently steals credentials from AustraliansReal-world breaches involving RedLine and Raccoon Stealer malwareWhy businesses must act urgently to protect sensitive data...2025-04-2904 minDon't Be A Sitting Duck PodcastSuper Fund Cyberattack: What Went Wrong & How to Stay SafeA coordinated cyberattack hit several Australian super funds—including AustralianSuper, Hostplus, and Rest—leading to major financial and data loss. This episode explores how the breach happened, the method known as credential stuffing, and steps businesses can take to avoid a similar fate.Main Stories Covered:Credential stuffing attacks on super funds$500,000 stolen from compromised AustralianSuper accountsThe role of weak passwords and reused credentialsWhy MFA and security audits are now essentialExternal Links:ABC News coverageHostplus official statementCybe...2025-04-0403 minDon't Be A Sitting Duck PodcastRansomware Attacks Hit Record High – Are You at Risk?February 2025 saw ransomware attacks hit an all-time high, with cybercriminals exploiting software vulnerabilities to hold businesses hostage. At the same time, social engineering scams are becoming more deceptive, tricking victims into handing over sensitive information.In this episode, I break down:✅ Why ransomware attacks skyrocketed and how businesses are being targeted✅ The growing threat of social engineering scams and how to spot them✅ Practical steps to protect your data, employees, and financial assetsDon’t wait for a cyberattack to strike—take action now!Get the full show notes and resources...2025-03-1803 minDon't Be A Sitting Duck PodcastMajor Cyber Incidents: Brydens Lawyers Breach, ASIC's Action Against FIIG Securities, and Ballista Botnet ThreatIn this episode, we delve into recent significant cybersecurity incidents: a massive data breach at Brydens Lawyers, ASIC's legal action against FIIG Securities for prolonged cybersecurity failures, and the emergence of the Ballista botnet exploiting vulnerabilities in TP-Link routers. These events highlight the critical need for robust cybersecurity measures across all sectors. For more insights and resources, visit sittingduck.com.au. 2025-03-1804 min
Don't Be A Sitting Duck PodcastCybersecurity in Papua New Guinea: Are They Ready for the Digital Future?Papua New Guinea is going digital—but is it secure?In this episode of Don't Be a Sitting Duck, we dive into the cybersecurity challenges facing PNG’s government, businesses, and critical infrastructure. We discuss real-life cyberattacks—including ransomware incidents affecting PNG’s Department of Finance and the Internal Revenue Commission—and explore what needs to change to protect the nation’s digital future.Key topics covered:The biggest cybersecurity risks facing PNG todayReal-world breaches—what happened & what we can learnGovernment & business accountability in cybersecurityPractical steps for strengthening PNG’s cyber defencesWho should...2025-03-1505 minDon't Be A Sitting Duck PodcastGenea IVF Data Breach Exposes Sensitive Health RecordsA major cybersecurity breach has rocked Australia’s healthcare sector. Genea, a leading IVF provider, was hit by a cyberattack that compromised sensitive patient data, exposing medical histories, test results, and personal information on the dark web. In this episode, we break down how the attack happened, why it matters, and—most importantly—what businesses can do to prevent similar breaches.🔗 Show notes & resources: sittingduck.com.au2025-03-0802 minDon't Be A Sitting Duck PodcastAPRA’s CPS 230 & CPS 234: Strengthening Operational & Cyber ResilienceIn this episode of Don't Be A Sitting Duck, we unpack APRA’s latest regulatory updates:
CPS 230 on Operational Risk Management and CPS 234 on Information Security.
With CPS 230 set to take effect in July 2025, organizations must prepare for stronger risk management, business continuity, and third-party oversight—especially in cloud outsourcing.
Plus, we break down CPS 234, which mandates strict cybersecurity controls, risk assessments, and incident response requirements for financial institutions.
Get ahead of compliance and fortify your organisation’s resilience—this is one episode you can’t afford to miss!
Resources & Next Steps: Check out the show notes and other cybersecurity insights a...2025-02-2504 minDon't Be A Sitting Duck PodcastLazarus Group’s $21M Crypto Heist & Australian IVF Data BreachCybercriminals are relentless, and this week’s stories prove just how high the stakes are.
North Korea’s Lazarus Group Strikes Again: The notorious state-backed hacking group has pulled off another major crypto heist, stealing $21 million in Ethereum from the Bybit exchange. But how did they do it, and what does this mean for the future of cryptocurrency security?
Australian IVF Data Breach: A major Australian fertility clinic has suffered a devastating data breach, potentially exposing highly sensitive patient records. With medical data being one of the most valuable assets on the dark web, what risks do patients now face?
In t...2025-02-2403 min
Don't Be A Sitting Duck PodcastPNG Tax Office Cyberattack – What It Means for Businesses & GovernmentPapua New Guinea’s Tax Office Hacked – What You Need to Know!
The Internal Revenue Commission (IRC) of Papua New Guinea has suffered a devastating ransomware attack, shutting down critical systems and exposing major cybersecurity weaknesses. With government agencies and businesses now on high alert, this breach raises urgent questions about cybersecurity in PNG and beyond.
In this episode of the Don't Be A Sitting Duck Podcast, we break down:✅ How the cyberattack happened and what it means for PNG’s government and businesses✅ The real security gaps that left PNG’s tax system vulnerable✅ What businesses must do NOW to protect the...2025-02-1606 minDon't Be A Sitting Duck PodcastGame Over: Steam Malware, Romance Scam Script, and Cybersecurity AwarenessIs your favorite game a cybersecurity threat? In today’s episode of Don't Be A Sitting Duck, we dive into a shocking Steam malware case where a popular game turned into a digital trap. Plus, the Australian Federal Police have released a romance scam playbook used by criminals—learn how scammers manipulate victims with scripted deception. Lastly, we discuss four practical ways to bring cybersecurity awareness into your community and why proactive education matters more than ever.
Stay informed. Stay secure. Tune in now to uncover these crucial cybersecurity insights.
Resources & Next Steps: Check out the show notes and other cybe...2025-02-1504 minDon't Be A Sitting Duck PodcastCommBank & Telstra’s Fraud Tech, Valentine’s Phishing Scams, and Cybercrime as a National Security ThreatIn this episode of Don't Be A Sitting Duck, we’re breaking down three major cybersecurity threats that businesses need to be aware of:
CommBank & Telstra’s Fraud Detection Partnership – A new fraud indicator system is set to improve identity theft detection by 25%. Learn how this technology works and what businesses can do to protect themselves from financial fraud.
Valentine’s Day Phishing Scams – Cybercriminals are taking advantage of the holiday season, creating thousands of fake websites and phishing emails designed to steal personal and payment information. We’ll discuss how to spot these scams before they cause harm.
Cybercrime as a Nationa...2025-02-1204 minDon't Be A Sitting Duck PodcastApple’s Zero-Day Patch, Healthcare Cyber Risks & Australia’s Cyber Attack SurgeIn today’s episode, we dive into three critical cybersecurity threats that businesses can’t afford to ignore. Apple has just released an urgent patch for a zero-day vulnerability affecting iPhones and iPads—find out why it matters and what you should do immediately. Meanwhile, cyber threats in the healthcare sector are escalating, pushing the need for stronger collaboration and proactive defense strategies. And in Australia, cyber attacks have surged to an alarming rate—one every second.
I’ll break down what these threats mean for your business and, more importantly, how you can take action to stay protected. Don’t wait until...2025-02-1104 min
Don't Be A Sitting Duck PodcastDeepSeek AI – A Cyber Threat You Can’t IgnoreArtificial Intelligence is evolving, but so are cyber threats. In this episode of Don't Be A Sitting Duck, we break down DeepSeek AI and how cybercriminals are leveraging it to supercharge phishing, malware, and business email compromise attacks. Learn how to defend against AI-driven threats and ensure your business isn’t an easy target.
What is DeepSeek AI? How cybercriminals are weaponizing AI Why phishing attacks are getting harder to detect The steps businesses must take to protect themselves
Don’t be a sitting duck—stay informed, stay protected. Visit sittingduck.com.au for more cybersecurity insights.2025-02-1005 minDon't Be A Sitting Duck PodcastNorth Korean Hackers, LinkedIn Scams & ACSC Phishing WarningsWelcome to another episode of Don’t Be A Sitting Duck! This week, we uncover shocking cybersecurity threats that businesses and individuals must be aware of:
North Korean hackers, also known as the Lazarus Group, are using LinkedIn job scams to steal credentials and deploy malware. We’ll break down how this attack works and how you can avoid being a victim.
Building a culture of cybersecurity within businesses is critical to defending against cyber threats. We discuss key employee training strategies that turn security awareness into a strength rather than a vulnerability.
The Australian Cyber Security Centre (ACSC) has issu...2025-02-0904 minDon't Be A Sitting Duck PodcastThermomix Recipe Community Data Breach – What You Need to KnowVorwerk, the company behind Thermomix, has confirmed a data breach affecting users of its Recipe Community forum in Australia, New Zealand, and several European countries. While no passwords or financial information were compromised, personal details—including names, addresses, birthdays, and phone numbers—were accessed by cybercriminals.
In this episode of Don't Be A Sitting Duck, we break down:
What happened in the breach
What data was stolen
What you need to do right now to protect yourself
How to avoid scams and identity fraud attempts
Book your free Empower Systems Assessment at nationalpc.com.au—it’s the easiest way to under...2025-02-0705 minDon't Be A Sitting Duck Podcast47 Million Data Breaches in 2024 + AI Bans & Windows 11 WarningsIn this episode of Don't Be A Sitting Duck, we break down three major cybersecurity stories affecting businesses today:
DeepSeek AI Banned – Why the Australian Government has banned DeepSeek AI from all government devices.
47 Million Data Breaches in 2024 – One breach every second? The latest report reveals shocking cyber attack statistics.
Windows 11 – Act Now! – Businesses must prepare for the transition before it’s too late.
Cyber threats are evolving, and now more than ever, businesses must take action to protect themselves. Tune in for expert insights and practical cybersecurity tips.
Read more at www.sittingduck.com.au Powered by nationalpc.com.au
️ Subscr...2025-02-0704 min
Don't Be A Sitting Duck PodcastAfter the Flood: Protecting Your Business from Hidden Cyber ThreatsFloods can devastate businesses, causing physical damage and operational chaos—but the risks don’t stop there. In this episode of Don't Be A Sitting Duck, we explore the hidden cybersecurity threats that emerge after a flood. From compromised devices to phishing scams disguised as recovery support, disasters create the perfect storm for cybercriminals to strike.
We'll walk you through the essential steps to safeguard your business, including how to handle damaged IT infrastructure, spot post-disaster phishing attacks, and secure your network before reconnecting. Whether you're recovering from a flood or preparing for the unexpected, this episode will help you prot...2025-02-0305 min
Don't Be A Sitting Duck Podcast03/02/2025 - Apple Gift Card Scams: How They Work and How to Avoid ThemIn this episode of Don’t Be A Sitting Duck Podcast, we’re uncovering the tricks behind Apple gift card scams—one of the most common and deceptive frauds targeting individuals and businesses alike. Learn how scammers convince victims to pay using gift cards, the warning signs to watch for, and what to do if you’ve been targeted.
But knowing the scam isn’t enough. If you want to protect your business with proactive cybersecurity solutions, visit nationalpc.com.au for expert guidance and support tailored to keep your systems safe from evolving threats.
What You’ll Learn:
How Apple gift c...2025-02-0205 min
Don't Be A Sitting Duck PodcastThe National PC Way: Simplifying IT to Empower Your BusinessWhy keep juggling IT providers when you can have it all in one place?
In this episode of Don’t Be A Sitting Duck Podcast, we break down The National PC Way—a smarter, more proactive approach to managed IT services in Townsville.
What You’ll Learn:
Why traditional IT support is costing your business time & money
How The National PC Way unifies managed IT, cybersecurity, and compliance
The power of Empower SHIELD & Empower COMPLIANCE in securing your business
Why businesses in Townsville are switching to fully managed IT services
Listen now and discover why The National PC Way is changi...2025-02-0205 minDon't Be A Sitting Duck Podcast31/01/2025 - DeepSeek AI Warning, Dover’s Cybersecurity Emergency, and 2025 Cyber PrioritiesIn today’s episode of Don’t Be A Sitting Duck Podcast, we break down three major cybersecurity developments:
DeepSeek AI Privacy Concerns – Australian ministers are urging caution over the Chinese-developed AI chatbot DeepSeek, citing potential security risks.
Dover’s Cybersecurity Emergency – The City of Dover has declared a state of emergency due to a potential cybersecurity breach, highlighting the importance of incident response plans.
Top 2025 Cybersecurity Priorities – We explore nine essential priorities to strengthen your cybersecurity strategy this year.
Take Action:We provide actionable tips on securing your data, responding to breaches, and building a strong cybersecurity strategy. Visit sittingduck...2025-01-3005 min
Don't Be A Sitting Duck PodcastSPECIAL - Take Caution: Cyclone Preparedness for North Queensland BusinessesWith a potential cyclone approaching North Queensland, now is the time to ensure your business is ready. In this special ‘Take Caution’ episode, we share critical IT and cybersecurity steps to protect your data, keep operations running, and stay secure. Don’t wait—prepare now!Key Takeaways:Back up and test critical business data before a cyclone forms.Power down non-essential equipment and protect hardware.Ensure cloud-based communication tools are accessible.Watch out for cyber scams targeting disaster response efforts.Have a structured post-cyclone IT recovery plan.Visit National PC Disaster Resources Hub for...2025-01-3003 minDon't Be A Sitting Duck Podcast30/01/2025 - Numberless Debit Cards, CREST Accreditation, and Rising Email AttacksIn today’s episode of Don’t Be A Sitting Duck Podcast, we cover three critical topics shaping the cybersecurity landscape:
Numberless Debit Cards in Australia: AMP and Mastercard are introducing Australia’s first debit cards without visible numbers to combat scams and fraud.
Vonahi Security’s CREST Accreditation: Learn how this globally recognized certification elevates cybersecurity standards for penetration testing.
Email-Based Cyber Attacks Surge in APAC: A 26.9% increase in email threats highlights the growing sophistication of phishing schemes in the region.
Take Action Today:We share practical tips to help protect your business from these evolving threats. Visit sittingduck.com.au f...2025-01-2904 minDon't Be A Sitting Duck Podcast29/01/2025 - AI Cyber Threats, Open Security Doors, and PIN Code WeaknessesIn this episode of the Don’t Be A Sitting Duck Podcast, we unpack three critical cybersecurity stories every business owner needs to know:
EU’s Cybersecurity Plans for AI and Quantum Threats: Learn how the EU is funding initiatives to counter AI-driven threats and prepare for quantum-based cyber risks.
Common Security Oversights Leave Businesses Vulnerable: Discover how simple lapses, like unpatched systems and weak authentication, make companies easy targets for hackers.
The Risk of Weak PIN Codes: A staggering one in ten people still use common PINs like '1234,' exposing themselves and their businesses to unnecessary risk.
Take Acti...2025-01-2804 min
Don't Be A Sitting Duck PodcastSPECIAL - SIM Swapping in Australia: Don’t Let Scammers Hijack Your LifeSIM swapping is one of the fastest-growing cyber threats in Australia, and it’s hitting closer to home than you think. Scammers are finding ways to hijack your phone number, take over your accounts, and drain your finances—often before you even realize it’s happening.
In this special episode of the "Don’t Be A Sitting Duck Podcast," we’ll cover:
What SIM swapping is and how it works.
Real Australian cases of SIM swap scams.
What the Australian Communications and Media Authority (ACMA) is doing to fight back.
Practical, easy-to-follow steps you can take today to protect yourself and your a...2025-01-2705 minDon't Be A Sitting Duck Podcast28/01/2025 - Cl0p Ransomware, PayPal Fine, and Clutch Industries CyberattackIn this episode of Don’t Be A Sitting Duck Podcast, we explore three critical cybersecurity stories making headlines:
Cl0p Ransomware Targets Australian Companies: Major Australian firms Ampol, Linfox, and Steel Blue are listed as victims of the Cl0p ransomware gang after vulnerabilities in Cleo's file transfer software were exploited.
PayPal’s $2M Cybersecurity Fine: PayPal was fined for lapses that exposed customer data, showing even global giants can fall short of proper security measures.
Clutch Industries Cyberattack: Australian automotive manufacturer Clutch Industries fell victim to ransomware, with attackers claiming to have stolen 350GB of sensitive data.
Take Acti...2025-01-2704 minDon't Be A Sitting Duck Podcast27/01/2025 - Shady Hosting, Record DDoS Attack, and Subaru’s Connected Car RisksIn today’s episode of Don’t Be A Sitting Duck Podcast, we explore three critical cybersecurity stories you need to know:
Bulletproof Hosting Providers: Discover how shady hosting providers enable cybercriminals and how you can protect your business from becoming a target.
Record-Breaking DDoS Attack: Learn about the largest-ever Distributed Denial-of-Service attack and steps you can take to safeguard your operations.
Subaru Starlink Vulnerability: Uncover the risks of connected vehicle technologies, including a major security flaw Subaru has recently patched.
Stay informed with practical tips to enhance your cybersecurity defenses. Don’t let your business or personal data become a sitt...2025-01-2603 minDon't Be A Sitting Duck Podcast24/01/2025 - JB Hi-Fi Data Claims, HPE Breach Investigation, and TikTok Phones on eBayIn this episode of Don’t Be A Sitting Duck Podcast, we dive into three fascinating cybersecurity stories making waves:
JB Hi-Fi Data Breach Claim Debunked: A hacker’s bold claim of stealing 12 million customer records from JB Hi-Fi turned out to be false. We explain how recycled breach data caused unnecessary alarm and the lessons businesses can learn.
HPE Breach Under Investigation: Hewlett Packard Enterprise is responding to a hacker’s claim of accessing sensitive data, including source code and private repositories. Learn how quick response protocols are crucial in managing potential breaches.
TikTok Phones Selling for Thousands: Used phones...2025-01-2304 minDon't Be A Sitting Duck Podcast23/01/2025 - Ransomware Gangs, End-of-Support for Microsoft Exchange, and TikTok Privacy ConcernsIn this episode of Don’t Be A Sitting Duck Podcast, we explore three major cybersecurity stories that every business owner needs to know:
Ransomware Gangs Impersonating IT Support: Learn how cybercriminals are using Microsoft Teams to trick employees and demand ransoms, and discover tips to stay one step ahead.
Microsoft Exchange End-of-Support: With support ending for Exchange 2016 and 2019 this October, we discuss why upgrading now is critical to keeping your business safe.
TikTok Ban Update: The U.S. ban on TikTok may be on hold, but privacy concerns linger. We break down what this means for businesses and your da...2025-01-2303 min