The Federal Government's Ransomware Action Plan has received a lukewarm welcome from security professionals, with one calling for an increased focus on prevention and adoption of advanced cyber security measures.
The CEO of VeroGuard said
"Whilst the recognition of the cyber security problem in the plan is welcome, an immediate increased focus on preventing the crimes is needed and adoption of enhanced cyber security referred to by the World Economic Forum embraced."
Home Affairs Minister Karen Andrews announced the plan on Wednesday, saying that when it took effect, businesses that had an annual turnover of $10 million or more would have to report ransomware attacks. She said the government would also introduce new criminal offences and tougher penalties. But Andrews gave no indication as to when the plan would come into force.
"It makes absolutely no sense to continue doing the same thing and expect a different result. For example, a key recommendation by the Australian Cyber Security Centre to prevent ransomware includes turning on multi-factor authentication, but they also acknowledge that not all MFA are equal.
Breaches of software-based 2FA solutions are becoming common, yet significantly ‘enhanced MFA cyber security’ solutions are already available in the market that happen to be developed, produced and run in Australia.
The government could be doing a lot more to enhance cyber security and protect businesses and citizens online."
VeroGuard's CEO went further on the implementation of measures "that would have immediate and material impact on the problem, such as mandating strong MFA rather than any MFA, integrating strong MFA and digital identity into government systems rather than vulnerable applications and biometric-based tools".
"I would like to add that a focus on sovereign solutions will also mean better control over our critical infrastructure, economic outcomes and development of high value jobs in the digital economy," he added.
Sam Varghese - 14 October 2021