Australia's government is considering a ban on ransomware payments — do you think that could be effective? Why or why not?

Security Strategy & Roadmap Threat Intelligence & Incident Response

4.1k views2 Upvotes19 Comments

Sort by:

VP of IT in Manufacturing3 years ago

Yes. It would be a good step but will not be effective in isolation. Not only the greed of the cyber criminals needs to be controlled but the implementation also needs to be effective.

Secondly the tracking mechanisms for the ransomware needs to be improved and successfully closed cases highlighted so that others have the confidence in the law enforcement.

Director of IT in Education3 years ago

I think it is a good thing to remove the incentive to cyber criminals. However, it also should be dealt with on a case by case basis, if a company cannot continue without accessing their data, then they might be out of business fast. A cost benefit analysis should be considered in certain cases.

Director of IT in Software3 years ago

I like this move and hope that other country will follow it. I am certain that it will be effective

Director, Strategic Security Initiatives in Software3 years ago

It's could be effective.

VP of Information Security in Finance (non-banking)3 years ago

This will redirect attention to other segments or sectors. Good move.

Content you might like

Apart from compliance concerns, what are the toughest roadblocks currently preventing organizations from adopting AI-enabled security solutions?

For European companies with DORA requirements – DORA expects to have in place exit strategies for critical IT providers, and internal IT providers. How are you handling exit strategies for internal IT providers (especially when they're set up as separate legal entities within your group)? More importantly, has anyone actually conducted the required exit strategy tests for internal providers, and if so, how did you approach it?

How do you monitor and restrict the types of visitor behavior information and PII 3rd-parties can discern, record, or extract via scripts and applications on your website?

We don't use any 3rd-party scripts17%

We can't monitor or restrict 3rd-party script behavior on our website31%

We trust vendors based on initial reviews21%

We test scripts periodically17%

We use Web Privacy Management, WebAppSec, or PriSec Software9%

We outsource website privacy and app security monitoring services2%

Other (please describe)

View Results

Ransomware negotiator Retainer? Do you currently hold a retainer with a ransomware negotiator consulting firm? If so any recommendations?

In which of the following communication channels are your organization and employees most susceptible to compliance violations, phishing, malware, and/or other threats?

Social Media (LinkedIn, Twitter, Facebook, i.e.)19%

Collaboration Tools (Slack, MS Teams, Zoom, i.e.)45%

Mobile Chat Apps (WeChat, WhatsApp, Telegram, i.e.)19%

We are lacking in visibility, security, and compliance for all social media, collaboration, and mobile chat channels.12%

We are fully protected against risks across digital communications.4%