Australia's government is considering a ban on ransomware payments — do you think that could be effective? Why or why not?

Security Strategy & RoadmapThreat Intelligence & Incident Response
4k viewscircle icon2 Upvotescircle icon19 Comments
Sort by:
VP of IT in Manufacturing2 years ago

Yes. It would be a good step but will not be effective in isolation. Not only the greed of the cyber criminals needs to be controlled but the implementation also needs to be effective.

Secondly the tracking mechanisms for the ransomware needs to be improved and successfully closed cases highlighted so that others have the confidence in the law enforcement.

Director of IT in Education2 years ago

I think it is a good thing to remove the incentive to cyber criminals. However, it also should be dealt with on a case by case basis, if a company cannot continue without accessing their data, then they might be out of business fast. A cost benefit analysis should be considered in certain cases.

Director of IT in Software3 years ago

I like this move and hope that other country will follow it. I am certain that it will be effective

Director, Strategic Security Initiatives in Software3 years ago

It's could be effective. 

VP of Information Security in Finance (non-banking)3 years ago

This will redirect attention to other segments or sectors. Good move.

Content you might like

Any tips for evaluating/implementing solutions for application detection and response? What’s your experience been like with these tools so far?

How are you currently managing SIEM costs? Have you found effective ways to actually reduce storage costs for your SIEM?

Read More Comments

As part of our NYSE IPO prep, we’re debating how to communicate our system hardening efforts in regulatory disclosures (e.g., SEC Form 20-F, SFC).

Would you recommend sharing % compliance (e.g., “85% CIS Tier 2”) or sticking to qualitative descriptions of how we identify and mitigate risks? Also, do SFC/ISO 27001 expectations require full ISMS integration, or is a % model acceptable?

During your last ransomware attack, did the cybercriminals successfully encrypt your data?

Yes, they succeeded in encrypting data34%

The attack was halted before any data could be encrypted57%

The data wasn't encrypted but the organization was held for ransom7%

View Results

The White House Office of Management and Budget last week released a draft zero trust strategy that directs federal agencies by the fiscal year 2024, to create an inventory of their devices, encrypt networks, and institute authentication for users to access applications through single sign-on. Is this an aggressive ask/timeline?

Yes, it will take several more years of effort for this type of shift.30%

No, this will push to modernize cyber defenses.52%

This timeline seems just right for the proposed requirements.15%

Other (please comment below!)2%

View Results