Image: Getty Images
The threat of ransomware dominates the cyber news right now, and rightly so. But this week Rachael Falk, chief executive officer of Australia's Cyber Security Cooperative Research Centre, made a very good point.
Ransomware is "totally foreseeable and preventable because it's a known problem", Falk told a panel discussion at the Australian Strategy Policy Institute (ASPI) on Tuesday.
"It's known that ransomware is out there. And it's known that, invariably, the cyber criminals get into organisations through stealing credentials that they get on the dark web [or a user] clicking on a link and a vulnerability," she said.
"We're not talking about some sort of nation-state really funky sort of zero day that's happening. This is going on the world over, so it's entirely foreseeable."
There are "four or five steps you could take that could significantly mitigate this risk," Falk said. These are patching, multi-factor authentication, and all the stuff in the Australian Signals Directorate's Essential Eight baseline mitigation strategies.
The latest Essential Eight Maturity Model even comes with detailed checklists for Windows-based networks.
"Companies are on notice that this is a risk for them," Falk said. "There's a known problem often, and a known fix, but people haven't done it."
So given this laziness, given that cyber wake-up calls have been ignored since the 1970s, and given that organisations continue to willfully fail to follow the advice they're given, your correspondent has a question.
Has the time come to let Darwinism loose? Should we let all these lazy organisations get hacked, and just let God sort them out?
"I love that approach," Falk said. "It is glacial-like movement, and I think the only change now that might accelerate it is legislation, which obviously government is potentially seeking to introduce at the moment," she said, referring to proposed changes to critical infrastructure laws.
Maybe we'll only start paying attention when there's more 5G, more device-to-device communication, and more personal dependence on the network.
"I kind of wonder, though, in a macabre kind of way, will the test be when people just can't use their phones for half an hour," Falk said.
"That's when you'll get people going, oh, we just have to have law about this because we can't cope with [no] iPhones, internet, fridge, streaming, Netflix, you name it."
OK, we're joking. Probably.
In cybersecurity as in public health, blaming the victim is counterproductive. And in many cases it's the customers and citizens who'd really suffer from ransomware and other cyber attacks that take out an organisation.
"It could really, really impact life, and be a threat and risk to life. So I think people have to start thinking about this as not some sort of a joke," Falk said.
"The fact that we joke about, oh, the internet being down for 30 minutes, it could be the matter of a medical procedure is stopped and someone dies halfway through."
In Germany last year, for example, a patient died following a ransomware attack on a hospital in Duesseldorf, which caused her to be re-routed to a hospital more than 30 kilometres away. A police investigation found that she probably would have died anyway, but next time we may not be so lucky.
Fortunately, a global consensus on how to tackle ransomware does seem to be emerging.
Just one example is a new report from ASPI's International Cyber Policy Centre, Exfiltrate, encrypt, extort: The global rise of ransomware and Australia's policy options, of which Falk is co-author.
On the vexed question of whether organisations should pay a ransom or not, the report recommends that paying them should not be criminalised. Instead, there should be a "mandatory reporting regime ... without fear of legal repercussions".
This would be a major step in transparency. Out of all the major ransomware incidents in Australia -- Toll Holdings, BlueScope Steel, Lion Dairy and Drinks, legal document-management services firm Law in Order, Nine Entertainment, Eastern Health in Victoria, Uniting Care Qld, and JBS Foods -- only JBS has admitted to paying a ransom of $11 million.
Such a scheme has already been proposed by Labor in its Ransomware Payments Bill 2021 introduced onto parliament last month as part of its national ransomware strategy.
The ASPI report recommends expanding the role of the ASD's Australian Cyber Security Centre (ACSC) to include the real-time distribution of publicly available alerts.
ACSC should also publish a list of ransomware threat actors and aliases, giving details of their modus operandi and key target sectors, along with suggested mitigation methods.
The ASD is already known to be using its classified capabilities to warn of impending ransomware attacks.
The report also recommends tackling the "low-hanging fruit" of incentivisation and education.
This includes incentives such as tax breaks for cyber investment, grants, or subsidy programs; a "concerted nationwide public ransomware education campaign, led by the ACSC, across all media"; and a "business-focused multi-media public education campaign", also led by the ACSC.
"[This campaign should] educate organisations of all sizes and their people about basic cybersecurity and cyber hygiene. It should focus on the key areas of patching, multifactor authentication, legacy technology, and human error."
Finally, the report recommends creating a "dedicated cross-departmental ransomware taskforce", including state and territory representatives, to share threat intelligence and develop policy proposals.
Your correspondent finds none of these recommendations unreasonable, though there are perhaps questions about whether ACSC is currently well-equipped to run an effective and engaging major public information campaign.
Nevertheless, given how slowly Australian organisations have adapted to cyber risks over the last couple of decades, maybe we need a little less carrot and a bit more stick.
Here is the original post:
May ransomware blight all the cyber stragglers and let God sort them out - ZDNet
- Darwinists Devolve - Discovery Institute - February 11th, 2024 [February 11th, 2024]
- Darwin's fatal competition model - Times of Malta - February 11th, 2024 [February 11th, 2024]
- Bitcoin Halving Is Poised to Unleash Darwinism on Miners - CoinDesk - December 12th, 2023 [December 12th, 2023]
- David Gelernters Farewell to Darwinism - Discovery Institute - November 20th, 2023 [November 20th, 2023]
- Darwinizing the Universe: A Theory That Explains Everything ... - BreakPoint.org - November 20th, 2023 [November 20th, 2023]
- Science Lab: Evolving Dak, McCarthy on the attack - DallasCowboys.com - November 20th, 2023 [November 20th, 2023]
- How to ensure that all students have scientific literacy - Inside Higher Ed - August 14th, 2023 [August 14th, 2023]
- The Darwinism of timepieces - Manila Bulletin - May 2nd, 2023 [May 2nd, 2023]
- ProSocial World: How the principles of evolution can create lasting ... - Science Daily - May 2nd, 2023 [May 2nd, 2023]
- New National Museum of Wildlife Art exhibition announced - Buckrail - May 2nd, 2023 [May 2nd, 2023]
- Digital Darwinism: How To Build Future-fit Foundations For Business ... - The Drum - April 22nd, 2023 [April 22nd, 2023]
- In Breath-Holding, Kate and a Croc Are Champions - Discovery Institute - April 22nd, 2023 [April 22nd, 2023]
- How the principles of evolution can create lasting global change ... - Binghamton - April 22nd, 2023 [April 22nd, 2023]
- What is essentialism? And how does it shape attitudes to transgender people and sexual diversity? - Phys.org - April 22nd, 2023 [April 22nd, 2023]
- Media CEO Says Writers Should Be Using AI to Churn Out 30-50 ... - Futurism - April 22nd, 2023 [April 22nd, 2023]
- Survival of the richest - Perspective Magazine - April 22nd, 2023 [April 22nd, 2023]
- Darwinism - an overview | ScienceDirect Topics - February 7th, 2023 [February 7th, 2023]
- Darwinism Theory of Evolution (With Criticism) | Biology - January 4th, 2023 [January 4th, 2023]
- Survival of the fittest | Definition, Applications, & Examples - December 25th, 2022 [December 25th, 2022]
- Naturalistic fallacy - Wikipedia - December 25th, 2022 [December 25th, 2022]
- Social Darwinism | Definition & Facts | Britannica - December 21st, 2022 [December 21st, 2022]
- Epigenetics Directs Genetics And Thats a Problem for Darwinism - December 16th, 2022 [December 16th, 2022]
- Herbert Spencer | Biography, Social Darwinism, Survival of the Fittest ... - November 27th, 2022 [November 27th, 2022]
- Herbert Spencer and Social Darwinism - SciHi BlogSciHi Blog - November 27th, 2022 [November 27th, 2022]
- Epigenetics: Adaptation Without Darwinism CEH - November 21st, 2022 [November 21st, 2022]
- Is Darwinism a Theory in Crisis? | Evolution News - November 21st, 2022 [November 21st, 2022]
- Social Darwinism | Examples & History - Study.com - October 25th, 2022 [October 25th, 2022]
- Survival of the fittest - Wikipedia - October 23rd, 2022 [October 23rd, 2022]
- Michael Behe: Game Over for Darwinism | Evolution News - October 23rd, 2022 [October 23rd, 2022]
- Gnter Bechlys Journey to Faith - Discovery Institute - October 13th, 2022 [October 13th, 2022]
- Gene Sharing Is More Widespread than Thought | Evolution News - October 6th, 2022 [October 6th, 2022]
- The Complicated Legacy of Herbert Spencer, the Man Who Coined 'Survival ... - October 6th, 2022 [October 6th, 2022]
- Darwinian Racism, Past and Present - Discovery Institute - October 6th, 2022 [October 6th, 2022]
- God Created Wholes, Not Parts | Peter J. Leithart - First Things - October 6th, 2022 [October 6th, 2022]
- Does Ian Remind Us We're in This Together? - LA Progressive - October 6th, 2022 [October 6th, 2022]
- A Pleasure to Serve - by Kevin D. Williamson - The Dispatch - October 6th, 2022 [October 6th, 2022]
- Opinion: Darwin, mega trends and tech drive food and beverage venture investing - FoodBev.com - October 6th, 2022 [October 6th, 2022]
- The mad, bad and dangerous theories of Thomas Henry Huxley - The Spectator - October 6th, 2022 [October 6th, 2022]
- Emily Whitten: Start with evolution | WORLD - WORLD News Group - September 20th, 2022 [September 20th, 2022]
- The Fading All-American Story - Word and Way - September 20th, 2022 [September 20th, 2022]
- What did the U.S. know about the Holocaust and when did we know it? - Forward - September 20th, 2022 [September 20th, 2022]
- What now for the British monarchy and its legacy for First Nations people? - National Indigenous Times - September 15th, 2022 [September 15th, 2022]
- Why Darwin Eclipsed Wallace: Darwin and the English Class System - Discovery Institute - August 25th, 2022 [August 25th, 2022]
- Michael Behe Debates Evolution and Catholicism - Discovery Institute - August 25th, 2022 [August 25th, 2022]
- Critical Race Theory's Merchants of Doubt | Time - TIME - August 2nd, 2022 [August 2nd, 2022]
- Survival of the briefest | Strictly Opinion | richmondregister.com - Richmond Register - August 2nd, 2022 [August 2nd, 2022]
- Critical Race Theorys Merchants of Doubt - Yahoo News - August 2nd, 2022 [August 2nd, 2022]
- Experts Share Opinions on Aliens and Humanity's Role in Space Exploration - The Future of Things - July 27th, 2022 [July 27th, 2022]
- Gnter Bechly: Species Pairs Wreck Darwinism - Discovery Institute - July 3rd, 2022 [July 3rd, 2022]
- Donate Darwinism for a Tax Credit? Evolutionists Admit Their Field's Failures - Discovery Institute - July 3rd, 2022 [July 3rd, 2022]
- Do we need a new theory of evolution? - The Guardian - June 30th, 2022 [June 30th, 2022]
- Overruling Roe v. Wade: The International Dimension - International Policy Digest - June 30th, 2022 [June 30th, 2022]
- On Darwinism and the Abdication of Reason - Discovery Institute - June 22nd, 2022 [June 22nd, 2022]
- Fact-Checking Professor Dave on Darwinism | Evolution News - June 5th, 2022 [June 5th, 2022]
- Texas Conservatives: Defenders Of Capitalism And The Free Market? Not So Much - Reform Austin - May 25th, 2022 [May 25th, 2022]
- Humans Could Go Extinct. Here's How and Who's Trying to Stop It - CNET - May 25th, 2022 [May 25th, 2022]
- Darwin, Galton, and Replacement Theory - Discovery Institute - May 21st, 2022 [May 21st, 2022]
- UPES takes the lead in rebooting business education and entrepreneurship - Times of India - May 21st, 2022 [May 21st, 2022]
- The implementation of brand safety is weak in India: MMA Impact India 2022 - The Financial Express - May 21st, 2022 [May 21st, 2022]
- The Real Roots of Racism: Pseudo-Science - Discovery Institute - May 13th, 2022 [May 13th, 2022]
- How We Moved Beyond Darwin to the Miracle of Man - Discovery Institute - May 13th, 2022 [May 13th, 2022]
- Opinion | Courage Seemed to be Dead. Then Came Zelensky. - The New York Times - May 13th, 2022 [May 13th, 2022]
- As PopSci turns 150, we reflect on the highs and lows of our long history - Popular Science - May 3rd, 2022 [May 3rd, 2022]
- "RB takes Darwinism very seriously" Lando Norris doesn't think highly of Red Bull driver programme; Carlos... - The Sportsrush - April 29th, 2022 [April 29th, 2022]
- Darwinism and the So What? Question: John West's Darwin Day in America - Discovery Institute - March 27th, 2022 [March 27th, 2022]
- Andrew Carnegie - Social Darwinism & Andrew Carnegie - March 23rd, 2022 [March 23rd, 2022]
- The Rise of Theistic Darwinism - Discovery Institute - March 23rd, 2022 [March 23rd, 2022]
- The Racism of Darwin and Darwinism - Discovery Institute - February 11th, 2022 [February 11th, 2022]
- Darwin's Rhetorical Foundation of Sand: Theological Utilitarianism - Discovery Institute - February 11th, 2022 [February 11th, 2022]
- Darwin's Reticence: On the Origin of a Book - Discovery Institute - February 11th, 2022 [February 11th, 2022]
- Evolutionary Thinking: On Darwinism, Doubt and Dunedin - RNZ - February 11th, 2022 [February 11th, 2022]
- Top Scientific Problems with Evolution - Discovery Institute - February 11th, 2022 [February 11th, 2022]
- Allowing 'Darwinism to Kill Off' the 'Foolish' Unvaccinated is a 'Necessary Evil,' According to a D.C. Mayor's Office official - The Lee Daily... - February 7th, 2022 [February 7th, 2022]
- Darwin and the Newtonian Metanarrative - Discovery Institute - January 30th, 2022 [January 30th, 2022]
- Social Darwinism - Communication Theory - December 29th, 2021 [December 29th, 2021]
- The Dead Talk Back to Darwin - Discovery Institute - December 15th, 2021 [December 15th, 2021]
- Materialist Science as Paternalistic Propaganda - Discovery Institute - December 15th, 2021 [December 15th, 2021]
- Why Darwinism Is False | Discovery Institute - December 3rd, 2021 [December 3rd, 2021]
- Herbert Spencer: Theory & Social Darwinism - Video ... - December 3rd, 2021 [December 3rd, 2021]
- Social Welfare History Project Social Darwinism and the Poor - November 28th, 2021 [November 28th, 2021]