Cold hard realities of cyberattacks, ransomware

 By Leon Gettler, Talking Business >>

THE METHODS for dealing with cyberattacks and ransomware have been around for a relatively long time, technologically.

But according to global network protection company Tenable, the problem remains that a lot of companies have not ‘got the basics down’.

Scott McKinnel, the Australia and New Zealand regional manager for Tenable, said a Tenable survey conducted by Forrester revealed that 92 percent of organisations said 70 percent of their business had been impacted by cybercriminal activity resulting in significant business loss. He also outlined how cyberattacks and ransomware had become increasingly profitable for cyber criminals.

Mr McKinnel said, a couple of years ago, the modus operandi of cyber criminals had been to target individuals.

“What it’s evolved to now is ransomware and clearly they’ve been able to monetize it and find a great financial venture for them.” Mr McKinnel told Talking Business

“The way they do that is two-fold. One is to move away from targeting individuals and targeting organisations that have critical infrastructure … which clearly has a larger impact, not just financially, it brings things to a fall.”

Governments step up legislative support

Mr McKinnel said governments were now moving to legislating to protect vulnerable sectors.

There used to be four such sectors. Now there are 11 sectors centred around critical infrastructure. Among the critical 11 sectors are utilities, financials, water, electricity, food supply, hospitals and health care.

“That’s come about because of awareness of how reliant we are on multiple sectors and supply chains – the fundamental existence in our society,” he said.

 “If these organisations and services are to halt, it’s a major impact to society. That’s the new vector that cybercriminals are targeting.”

Mr McKinnel said businesses now needed a plan or process to deal with a cyberattack which could result in them ceasing operations, costing them millions of dollars every day.

“Most of these exploits these cyber criminals use have been out for ages and are easy to fix and remediate,” he said.

“The ability of organisations to put in controls and multi-factor authentication has been around for years so it’s not like these are super sophisticated attacks. People just get caught in the wild because they haven’t done the basic hygiene properly.”

Boards consider true risks of cyberattacks

Mr McKinnel said boards and tech people were clearly aware that cyber security was now a major risk.

“Where we see issues is between the technical practitioners who understand what needs to be done, and the very highest echelon of commercial people and directors that know something needs to be done – and often there’s this mish-mash in the middle of communication,” he said.

Mr McKinnel said this came down to organisations having plans that set out who was responsible for mitigating risk and triaging and allocating.

“There is this swirling mess right now because historically people have seen it as a technical issue … and their only task was doing what they can,” he said.

“What people could probably do is have a clear understanding of the lines of communication and setting up a framework, a governance policy, having an awareness throughout the organisation that this is a business risk now, not an IT issue or IT risk, and treating it as you would with occupational safety and health or other major elements of risk for a business.”


Hear the complete interview and catch up with other topical business news on Leon Gettler’s Talking Business podcast, released every Friday at



Contact Us


PO Box 2144