This week, Arj and Jordan dive into the vexed question of whether companies should pay ransoms to cybercriminals.
The government's position is clear: do not pay. The reality on the ground for most companies is much more complex. Arj and Jordan step through these complexities and the competing imperatives organisations face when confronted with this difficult decision.
Important note: This is a complex topic and it's important to emphasise that in this discussion we aren't advocating one way or the other in relation to paying ransoms generally - merely illustrating how businesses faced with a ransom demand do have various and competing considerations.
Links:
Medibank breach round-up (Guardian) https://www.theguardian.com/australia-news/2022/nov/12/medibank-v-the-hackers-how-the-health-insurer-fell-to-a-mass-data-theft
National coordination mechanism invoked (IT News) https://www.itnews.com.au/news/gov-invokes-emergency-coordination-as-medibank-breach-worsens-586965
ACSC ransomware advice https://www.cyber.gov.au/ransomware
Ransomware action plan https://www.homeaffairs.gov.au/cyber-security-subsite/files/ransomware-action-plan.pdf
Labor call for National Ransomware Strategy https://timwatts.net.au/media/187357/beyond-the-blame-game-ransomware-discussion-paper.pdf
Panama Papers https://en.wikipedia.org/wiki/Panama_Papers
Credits:
Music by Bensound.com
