top of page

Maybe Medibank Could Have Used This Software To Prevent Their Hack

Recently one of our team received an email from a vendor advertising a product that guarantees to stop ransomware. This is not just limited to a claim to help in recovery, it claims to stop the ransomware completely. That's a pretty amazing claim to me. If I ran a business outside of IT, I'd be very interested in that. Let's have a look:



So, why wouldn't Medibank / Optus / any-other-major-firm-that's-been-hacked use software like this to 100% guarantee they aren't affected by ransomware?


A 100% guarantee does not mean 100% protection

A guarantee doesn't normally mean "won't fail". It means that if it does fail, then the vendor will need to kind of "make you whole again" afterwards. It's usually expensive for a vendor to do this, so having a guarantee should mean they try harder to prevent failure. But, if it does fail, then the vendor above promises to "refund your annual subscription fee". Given that most ransomware attacks cost an Australian small business over $20,000 (https://www.softwareadvice.com.au/blog/2716/ransomware-attacks-on-smes-in-australia), you're unlikely to get close to recovering that from the guarantee. Big companies come out even worse that this, so it doesn't make sense to choose software based on the guarantee.


Ransomware is not even the most costly attack

2021 FBI US-dollar statistics for how much attacks cost put Business Email Compromise in the USD$Multi-billions while ransomware attacks cost around USD$49 million. Ransomware protection is needed, but there's a lot more to cybersecurity protection that this. Ransomware was not the cause of the Medibank hack and so protection there would not have prevented the hack.


Call To Action

I appreciate how financial advice advertisements in Australia are followed by a phrase similar to "this advice does not take into account your personal circumstances". Perhaps cybersecurity advertising should say the same. Every business has slightly different risk factors. Our Cybersecurity Review Service is designed specifically to look at this and deliver a report of the top items that should be looked at in your business. Don't wait until it's too late - get in touch below and we can book a review.

Commenti


SIRTECH NEWS

bottom of page