📌 The AI Boom Is Here — But Is Your Business Using It Securely? AI isn’t coming — it’s already here. From writing emails to forecasting trends, tools like ChatGPT, Microsoft Copilot, and Google Gemini are now part of daily business operations. What started as experimentation has quickly become embedded in workflows — from marketing and customer service to product development and HR. But while AI promises speed and scale, it also brings one massive wildcard: 👉 Security risk. 🔐 Why It Matters: AI Is a Double-Edged Sword AI tools are incredible productivity enhancers — but most weren’t designed with your business’s compliance or data security in mind. This creates real risk: ⚠️ Sensitive data leaks via prompts ⚠️ Employees using unapproved tools (“Shadow AI”) ⚠️ Compliance gaps (GDPR, ISO, local privacy laws) ⚠️ Lack of internal AI usage policies ⚠️ Exposure of client data or IP to third-party platforms Most SMEs and business leaders don’t even reali...

Date: July 2nd 2025 By: | TheCyberGuyAU Qantas has confirmed a cyber attack has exposed the personal data of millions of its customers — a stark reminder that no brand, no matter how trusted, is immune. What happened? On Monday, Qantas detected unusual activity on a third-party system used by its call centre . That system, now confirmed as compromised, held records for 6 million customers . The initial investigation suggests that a “significant proportion” of the data has been stolen. Names Email addresses Phone numbers Dates of birth Frequent flyer numbers The good news? Qantas says no credit card data, passport numbers, or login credentials were involved. “Our customers trust us with their personal information and we take that responsibility seriously.” — Qantas CEO Vanessa Hudson Who’s behind it? While Qantas has not officially confirmed the group responsible, cybersecurity analysts at CyberCX say the attack has the hallmarks of Scatt...

It starts with something most organisations see as low-risk a guest account invited into your Microsoft Entra environment. But that invitation could open the door to a hidden, high-risk attack path you didn’t even know existed. 🧠 The Unexpected Attack Surface Researchers have discovered a little-known flaw in how Microsoft Entra handles subscriptions and billing roles. It allows a guest user to create and transfer subscriptions into your tenant  while retaining full ownership of them. Here’s how it works: Guest is invited into your Entra ID tenant They use their own billing role from their home tenant to create a subscription They transfer that subscription into your tenant Now they’re the owner  inside your environment And most Azure admins have no visibility of this via standard Entra permission reviews. 🔓 What Can a Guest Do with Subscription Access? Once inside, a “restless guest” can: Access and expose high-privilege account info Mod...

Privacy Awareness Week (June 16–22, 2025) isn’t just a calendar event it’s a timely reminder that data protection is no longer just a compliance checkbox. It’s a business-critical issue. In the past 12 months, Australia has introduced some of the most significant privacy law reforms in decades. If you're a business leader, security professional, or handling sensitive data this affects you. The Big Shift: Privacy Act Reforms The Privacy and Other Legislation Amendment Bill 2024 brings a new wave of accountability. The goal? Equip individuals with stronger rights and give regulators sharper tools to penalise negligence. Here’s what’s new (and enforceable by June 2025): Statutory Tort for Serious Privacy Invasions For the first time, individuals can take legal action for misuse of personal data or serious invasions of their privacy. That includes things like unauthorised access, tracking, or surveillance. Doxxing Is Now a Criminal Offence Publishing someone’s...

  What do ransomware attacks in the UK have to do with your cyber insurance bill in Australia? Possibly, a lot. In the past few months, several big-name UK retailers — including Marks & Spencer , Harrods , and the Co-Op Group — have found themselves in the crosshairs of sophisticated cyberattacks. While Harrods reportedly stopped an incident in its tracks, others weren’t so lucky. Marks & Spencer is staring down a $400 million bill for breach response and recovery. These aren’t isolated hits. According to Google’s Threat Intelligence Group, these attacks are connected to broader campaigns also targeting US-based retailers — and possibly Australian businesses next . Here’s where it gets real: Insurance providers are watching closely. 📈 Insurance Premiums Could Rise - Even If You Haven’t Been Hit Yet For now, cyber insurance premiums have started to stabilise after sharp hikes during the pandemic years. But experts like Monica Shokrai (Google Cloud) say the math i...