Hospitals, government services, and businesses should brace themselves for cyberattacks and start discussing whether they would pay cybercriminals a ransom, according to global firm Palo Alto Networks (Palo Alto).
Sean Duca, vice president and regional chief security officer Asia-Pacific and Japan at Palo Alto, noted that Australians have become more aware of the consequences of cybercrimes. However, Australia must focus on the potential for cybercrimes to cripple systems.
As reported by 3BA, Duca added: “What are your crown jewels, and if someone wants to get access to that, how much is it worth to you? [What if] you've got people sitting mid-operation on an operating table, and the systems around them can't actually work [because they're locked down]? Do we just let the individual die because we don’t want to pay the ransom?”
Mohiuddin Ahmed, senior computing and security lecturer at Edith Cowan University, predicts a rise in cyber threats over the next year, the same as security giant Sophos' cyber threat forecasts for 2023.
“We use lots of internet-connected healthcare devices, and if those devices are hacked and remotely compromised by these cyber criminals, we'll be left in a situation where we have to pay ransom; otherwise, people's lives will be at stake,” Ahmed said, as reported by 3BA. “Imagine that for senior citizens using pacemakers or any other embedded or implanted devices. Who knows, if we do not pay attention, if we do not follow cyber hygiene, things [may] go catastrophic.”
Cybersecurity researcher Mamoun Alazab suggested scaling up Australia's cybersecurity investment to keep pace with crime.
“We focus so much on [Australia's] offensive operation – we need to focus on the defensive operation,” he said, as reported by 3BA. “We are encouraging other … criminal groups to get together to prove us wrong, to cause more embarrassment.”
Australia ranks eighth in the top 10 countries most affected by ransomware attacks, according to a recent report. Last week, energy company AGL reported experiencing a cyber incident, following the cyberattacks faced by children's charity The Smith Family and private health insurer Medibank.