iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Australia’s newly appointed cyber security coordinator has echoed government opinions of paying hackers a ransom, calling it a “mistake”.
Less than a month after being appointed, RAAF Air Marshal Darren Goldie has said that paying a hacker a demanded ransom does not guarantee the security of stolen data but instead could paint a target on Australian businesses.
“Paying a ransom neither guarantees that your data won’t be released nor guarantees that they won’t be back next week asking for another ransom,” he said.
“I think it is a mistake. I think it feeds that criminal model and we’ll see Australia become a rich target.”
Goldie’s opinion is one shared by not only the Australian government and its departments but also by many of the nation’s major businesses, including Medibank and Latitude Financial, both of which have suffered at the hands of some of the most severe cyber attacks ever seen in Australia.
Despite heavy pressure from threat actors, a large number of organisations are taking a stance against paying ransom, as it could lead to further attacks.
“In line with advice from cyber crime experts, Latitude strongly believes that paying a ransom will be detrimental to our customers and cause harm to the broader community by encouraging further criminal attacks,” outlined Latitude in a statement issued following the attack it suffered earlier this year.
Similarly, Minister for Home Affairs and Cyber Security Clare O’Neil has repeatedly pushed businesses to resist paying ransom payments.
“The idea that we’re going to trust [hackers] people to delete data that they have taken off and may have copied a million times is just frankly silly,” she said.
“We’re standing strong as a country against this; we don’t want to fuel the ransomware business model.”
Discussion on whether to outright ban ransomware payments has been heavily debated, with insurance companies and legal firms standing against outright banning ransomware payments.
“Prohibiting the payments of ransoms is a complex policy issue,” said Andrew Hall, chief executive and managing director of the Insurance Council of Australia.
“The Insurance Council suggests that a broad range of policy responses and actions be considered to counter ransomware, such as strengthening cyber security standards and disclosure regimes (including reporting and sharing of ransomware incidents), tougher penalties and enforcement against cyber criminals, and greater international co-operation and coordination of financial sanctions regimes and information sharing.”
In addition to his comments on ransomware payments, cyber security coordinator Goldie outlined what his new role meant for Australian cyber security, saying that it came at a time when the number and severity of cyber attacks had increased.
“My role as the coordinator is to understand the completeness and whether or not our response as a Commonwealth is adequate,” he said.
“We are comparatively a wealthy nation. We are one of the most connected nations in the world.
“That brings us great benefit, but by that increases our cyber risk.”
Goldie had previously said that his first task as cyber security coordinator is to investigate the ongoing HWL Ebsworth hack, which has affected a large number of major companies and government agencies.
He revealed that on top of the Office of the Australian Information Commissioner (OAIC) and, more recently, the Fair Work Ombudsman being affected in the attack, the federal Department of Health and Medicare have also been affected.
“We are seeing the incident transition from being focused on affected Commonwealth agencies now to the way it impacts right through society,” he said.
A total of 1.4 terabytes of stolen data were uploaded to the dark web as part of the HWL Ebsworth attack.
Goldie also touched on the danger that artificial intelligence (AI) presents to the nation’s cyber security, saying that it could allow cyber attacks to create more advanced threats.
“What we are concerned about is the use of artificial intelligence to increase the sophistication and the agility of threat actors when it comes into cyber space,” he said.
“The challenge with cyber is it will continue to evolve as a threat.”
The threat of AI on global security has been discussed at length by technological leaders and, more recently, governments worldwide, with the United Nations Security Council meeting for its first discussion on AI risk yesterday (18 July).
Be the first to hear the latest developments in the cyber industry.
