This is a malicious attack that has been committed by criminals with a view of causing maximum fear and damage.
Medibank CEO David Koczkar
Then there is the matter of principle. According to Fergus Hanson, director of ASPI’s international cyber policy centre, the more companies succumb to ransom demands, the greater the incentive for cyber criminals to continue.
Loading
That said, in Hanson’s experience many companies do pay criminals – and so widespread is this capitulation that specialist law firms, which advise and act as intermediaries between data thieves and victims, have mushroomed, and cyber insurance is commonplace.
In something of an ironic twist, despite being an insurer Medibank chose not to buy cyber insurance because the number of caveats contained in the policy rendered it poor value for money.
Another factor that needs to be thrown into the ransom payment calculus is whether there is a threat to life. There is clearly a threat to mental health for those Medibank customers that have particularly sensitive information contained in their medical files.
For example, those that have been treated as a result of domestic violence or those whose relationships would be under threat if it was revealed they had been treated for a sexually transmitted disease. There could be numerous consequences for patients that have been treated for drug and alcohol addiction, or patients with depression or even heart conditions that they would rather keep hidden from their employer.
“This is a malicious attack that has been committed by criminals with a view of causing maximum fear and damage, especially to the most vulnerable members of our community,” Koczkar said on Tuesday.
Even if the criminals are paid, there remains a risk that the stolen data will be sold to scammers or state-sponsored actors. That said, the hackers are more likely to act within the constraints of their own business models. If the criminals don’t do what they promise, they won’t have the leverage to demand ransoms in future.
Hanson says the best way to combat cyber criminals is for Australia to ban organisations from paying ransoms. But a lot, and likely the majority, of these incidents go unreported as businesses see them as a threat to profits and brand.
Medibank’s shares are due to begin trading again on Wednesday and more updates are likely on their way. With investigations underway to determine the full magnitude of the breach, Medibank’s board and investors should start counting the dollars the insurer will have to part with.
The Market Recap newsletter is a wrap of the day’s trading. Get it each weekday afternoon.
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Business News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsAzi is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
