Big four bank ANZ’s chief information security officer Lynwen Connick has warned organisations against paying ransoms to hackers, saying the payments only lead to more attacks.
The two recent high-profile cyber attacks against meat-processing company JBS and Georgia-based Colonial Pipeline both ended in multi-million ransoms being paid to hackers after they froze computer systems and brought their respective operations to a halt.
“When organisations pay ransoms it gives the perpetrators more funding and more motivation to continue with their attack,” Ms Connick said.
Ms Connick, who previously led cyber policy and intelligence at the department of the Prime Minister and Cabinet from 2013 to 2016, added that the attacks on JBS and Colonial Pipeline highlighted that no industry was safe from hackers.
“There’s been a lack of awareness in the past. It is an important issue and a major risk for organisations small and large,” she said. “If you’re doing business online, if you operate a computer, you need to have good cyber security controls in place.”
Cyber attacks have become more sophisticated and were being perpetrated by individuals, sophisticated crime gangs and nation-states, Ms Connick said, adding that the volume of attacks often spikes during times of crisis.
According to Ms Connick, ANZ was now blocking around 12 million malicious emails per month, up from 4 million before the pandemic. Of these, around 5000 emails a day used information about COVID-19 to lure unsuspecting victims, including latest case numbers or exposure sites. These ‘phishing’ emails are often the gateway for hackers to mount a full-scale attack on an organisation’s network.
“Cyber criminals often play on peoples’ vulnerabilities, when they might not be thinking properly and open an email and click on a link that maybe they wouldn’t normally,” she said.
Federal Labor has called for a national ransomware strategy that would include mandatory reporting when victims pay ransoms to assist law enforcement investigations and help other businesses be better prepared for an attack.