The sophistication of ransomware is unprecedented and causes serious problems for businesses across Australia.
The simple fact is this type of malware is one of the most persistent forms of cybercrime.
According to the Australian Institute of Criminology, small to medium businesses are high-risk targets for ransomware.
Ransomware attacks lock up or encrypt victim’s files or devices so they can’t be used, taking personal data and threatening the sale or release if ransom demands aren’t met.
The retail sector is a key target for attackers because of the large amount of data they collect.
Imagine being unable to shop at your favourite Australian retailer due to a ransomware attack.
For the store, it causes widespread outages and halts sales, disrupting everything from in-store purchases to online purchases and store deliveries.
But it’s not just the retailer that’s affected in this scenario. Each one of us can have our personal details exposed, such as credit card numbers, bank details and addresses.
A ransomware attack can start with a simple phishing email or text that looks trustworthy but is intended to make victims click a malicious link or download an infected attachment.
Ransomware alone costs the Australian economy up to an estimated $3 billion in damages each year.
In response to this growing threat, the Albanese Labor Government’s Cyber Security Legislative Package will create mandatory ransom payment reporting requirements for businesses that are affected by a cyber incident and make a ransomware payment.
The package includes several initiatives – including the introduction of cybersecurity standards for smart devices and the creation of a Cyber Incident Review Board – to bring Australia in line with international best practices.
Mandatory reporting of ransomware payments will apply to businesses in Australia that meet an annual turnover threshold.
They’ll be required to report a ransomware payment to the Department of Home Affairs or the Australian Signals Directorate (ASD) within 72 hours of making the payment or becoming aware of the payment.
ASD advises against paying extortion demands as there’s no guarantee the files will be restored, or prevented from being sold or leaked online.
The current voluntary reporting scheme is underutilised, limiting the government’s understanding of the ransomware threat landscape.
Not having an accurate picture only empowers cybercriminals to exploit more businesses.
As we’ve seen around the world, ransomware can affect any organisation, including the professional and technical industry, retail trade, manufacturing, healthcare and construction.
Just last week, the ASD’s Annual Cyber Threat Report for 2023-24 highlighted Australia’s rapidly evolving cyber threat landscape, with over 87,000 reports of cyber crime received over the financial year – an average of a report every six minutes.
The report shows the average cost of cyber crime for small businesses rose by 8% from last year to $49,600 per report, and by 17% for individuals to $30,700 per report.
I must stress, the introduction of mandatory reporting isn’t about calling out businesses and harming their reputation.
Instead, it’ll enable us to determine the threat environment and assist Australia’s domestic law enforcement to disrupt cybercrime activities, locally and abroad.
As part of the mandatory reporting obligation, businesses will be protected from regulators and law enforcement.
The department has emphasised the importance of an ‘education first’ approach, not an enforcement-led approach, to assist businesses.
This is all about providing support to the industry to reduce the risk of a cyberattack in the first place.
It’ll also allow us to understand the sheer scope ransomware has on the Australian economy and protect businesses to recover as quickly as possible.
That’s why the Albanese Government is committed to lifting our country’s cyber legislative strategy and doing everything we can to support businesses from highly destructive ransomware attacks.
Never miss a story: sign up to SmartCompany’s free daily newsletter and find our best stories on LinkedIn.
Senator Raff Ciccone is a Federal Labor Senator for Victoria and Chair of the Parliamentary Joint Committee on Intelligence and Security.
