MailGuard Blog

It’s one of the most contentious topics facing businesses and cybersecurity professionals at the moment: Should ransomware payments be illegal?

The holidays are fast approaching, and with retailers and consumers getting ready for the biggest sales of the year on Black Friday (the 26th of November), cybercriminals, who have been perfecting their social engineering techniques, are also gearing up to wreak havoc.  

The verdict is in, most industry experts and business leaders agree that Government contractors should be legally accountable for not meeting cybersecurity standards. A somewhat harsh stance perhaps, or simply being cruel to be kind?

The facts and figures are quite clear. We only need to look at the latest news headlines to witness the upwards trend of cyber threats that are facing individuals and organisations worldwide. From local councils to major corporations and government departments, no one is immune. We see evidence of this every day – from the recent cyber-attack in Melbourne, Australia, at the City of Stonnington Council, to Accenture’s $50 million dollar ransomware threat – cybersecurity is the number one threat facing businesses today. President Biden, in his address to the CEO’s of some of the largest corporations in the world, such as Google, Apple and JP Morgan Chase, urged leaders to up their commitment to cybersecurity, “The reality is that most of our critical infrastructure is owned and operated by the private sector, and the federal government can’t meet this challenge alone…You have the power, capacity and responsibility, I believe, to raise the bar on cybersecurity. Ultimately we’ve got a lot of work to do”. It’s becoming more apparent that a cyber resilient culture within businesses is imperative.

Compromise can happen to anyone. It’s no longer a case of ‘If a cyberattack hits my business’ but ‘A cyberattack will hit my business’. We have come a long way from the thinking that only certain types of businesses (or business functions) could be the recipient of a cyberattack. Most security professionals now assume that a breach is inevitable and prepare accordingly.

We all use passwords. In fact, we need them to access almost any online device. They are the key to retrieving sensitive data, whether it be online banking, classified company documents or social profiles, such as LinkedIn. They’re the first line of defense to protect crucial information, and often the most vulnerable. It’s not surprising then, that cybercriminals often create phishing scams to steal password credentials in order to procure data for use in criminal activity.

As I write this, the threat of Ransomware is rapidly on the rise. So much so that the Australian Federal Police has formed a task force - Operation Orcus - following in the footsteps of the US Government, in an attempt to combat the specialised criminal infrastructure that is wreaking havoc across large scale organisations here and globally. High profile victims such as Nine Entertainment, JBS and Uniting Care, along with the recent Kaseya interception have been making headlines and may continue to do so without superior intelligence targeting organised crime groups.  

“By any measure, 2020 was the worst year ever when it comes to ransomware and related extortion events. And if we don’t break the back of this cycle, a problem that’s already bad is going to get worse.”

- Acting Deputy Attorney General John Carlin, the United States Department of Justice (DOJ), April 2021

Your business data is being held hostage, encrypted with only your attackers holding the keys. So, do you pay up the ransom, or try to recover without handing over company profits to cybercriminals?

In a year we would all rather forget; an unfortunate side effect has been a rise in ransomware incidents and opportunistic cyber-attacks. Our current situation has been unexpectedly thrust upon us, forcing a rapid change to our ways of working, and a more vulnerable remote workforce. One positive that’s close to my own heart though, is a growing awareness of cybercrime, and a shared responsibility across the entire organisation from the Board and the CEO, through to the front line, to boost cyber resilience.

If your company has been hit by a ransomware attack, would you pay the ransom?  

As the COVID-19 crisis continues to unfold, new reports showcasing the good, bad and ugly side of tech continue to emerge every day. The world applauded when mobile device monitoring was enlisted to enforce self-isolation, but it was also horrifying to see cybercriminals setting up fake websites offering fraudulent Coronavirus vaccines.  

Recently, we have seen a surge in cyber-attacks that are capitalising on fears around COVID-19, like this scam intercepted by my team at the end of February, and wider media reports like this one with cybercriminals creating thousands of illegitimate Coronavirus-related websites on a daily basis. 

Q&A with Craig McDonald, CEO & Founder, MailGuard

On March 11, the World Health Organization declared COVID-19 a pandemic. Two weeks on, and we are seeing technology at its best and worst. Technology is all around us, and as business leaders and tech partners, we understand its power – for good and evil. Here’s a quick look at just a few of the ways that tech is being enlisted during the current crisis.