Welcome to Cyber Horror Stories, a mini-series featuring real incidents, real consequences, and the very real lessons learned from three chilling (and true) cyber security incidents. Joining host Brendan Ritchie is Matt O’Kane, Director at Notion Digital Forensics. When it comes to cyber security… Matt’s seen the worst of the worst. And he’s also the kind of guy who doesn’t just clean up the messes. He helps companies learn from them.
In this episode, Brendan speaks with Matt about a real-world cyber incident and data breach that triggered lasting change within a franchise — not just in systems and processes, but in culture.
Key themes: – How the data breach unfolded — and what was at stake – The shift towards a culture of data safety – Why cyber security education and awareness now matter more than ever
Follow us on our channels:
Matt’s not just another cybersecurity consultant. With a foundation in computer programming and deep expertise in digital forensics, incident response, and cyber resilience, he’s the first call when something’s gone terribly wrong.
“My specialty is cyber resilience. That’s planning for when things go wrong — and helping companies bounce back quickly.”
Matt’s role is to uncover the who, what, when, where and how. He and his team use forensic investigation methods to answer key questions:
An Australian professional services company was growing quickly. They had just over 100 employees and a thriving customer base. Their IT was managed by an external MSP. Things were humming along — until one weekend changed everything.
A frustrated internal IT staff member, who still had high-level system access, logged in remotely and started deleting files. Not just any files — crucial ones. Client records. Payroll data. Internal documentation. One by one, he wiped them clean.
It wasn’t some elaborate hack. It was a trusted insider, quietly erasing the company’s digital backbone.
By the time Monday morning rolled around, the damage was done.
While this sounds like an extreme example, it’s far more common than most businesses realise. It wasn’t a technical failure — it was a human one, compounded by:
This was a preventable breach. But it highlights something critical — most breaches don’t look like Hollywood hacker scenes. They look like trusted staff making dangerous decisions without oversight.
The immediate impacts were severe:
And all of this could have been avoided with better processes in place.
Matt’s team was called in by the MSP. From there, a structured, internationally recognised incident response process kicked off.
The first priority was stopping further access. This meant:
Using digital forensics, the team:
Luckily, offsite backups existed. Although they weren’t tested regularly, the team was able to restore roughly 90 percent of the deleted data. It was close — but a full recovery was possible thanks to this single fortunate detail.
Leadership took swift action:
This wasn’t just about getting systems back online — it was about rebuilding trust from the inside out.
Every business should pay close attention to what this situation revealed.
Businesses tend to focus on external attackers. But insider threats — particularly from people with legitimate access — are just as dangerous, if not more so.
When someone leaves or moves roles, their access must be revoked immediately. It’s not just good practice — it’s essential.
Backups that aren’t regularly tested are nothing more than expensive wishful thinking. You need to be sure they’ll work under pressure.
No one should have more access than they need. Full admin rights should be rare and monitored.
Hope is not a strategy. Having a clear, tested plan can be the difference between a minor disruption and a total disaster.
For Australian businesses — especially those with between 50 and 200 staff — growing pains often mean the existing IT provider or internal support no longer cuts it. Here’s what you should prioritise.
Start by assessing your current state:
If you don’t have one, create one. If you do, test it regularly and make sure key people know their roles.
People are your first line of defence — and your biggest vulnerability. Run training sessions at least quarterly. Make them engaging, relevant, and based on real scenarios.
Look for an MSP or security provider that:
It’s tempting to believe “we’re too small to be a target” or “we’ve got antivirus — we’ll be fine.” But cyber incidents aren’t just happening to global giants anymore.
Mid-sized businesses in Sydney, Melbourne, Brisbane, and across Australia are increasingly becoming prime targets — or worse, the victims of internal incidents they never saw coming.
The businesses that survive are the ones that plan ahead.
“It’s not about if something goes wrong. It’s about how ready you are when it does.” – Matt O’Kane
In Part 2 of Cyber Horror Stories, we’ll dive into a real-life ransomware attack that shut down operations for 10 days — and the surprising approach that helped the company come back stronger than ever.
If your business is growing and your cybersecurity hasn’t caught up, we can help.
Our Cyber Health Check is designed for Australian organisations who want to:
We support companies in:
Sydney | Melbourne | Brisbane | Perth | Adelaide
IT Consulting
Cloud Migration Services
IT Infrastructure Projects
Business Continuity Planning
IT Procurement
Managed IT Services
IT Support Services
Managed Cloud Services
End User Computing
Unified Communications
Connectivity
Virtual CIO
Managed Security Services
Cybersecurity Risk Assessment
Cloud Backup and Disaster Recovery
Cyber Security Connect and Protect Program
IT Strategy
Digital Transformation
Microsoft 365 Consulting Services
SharePoint Consulting Services
Power BI
Awards and Certifications
Management Team
Client Case Studies
Our Commitment to the Environment
CSAT Charity Donations
Media Kit
Sydney
