Security experts have advised the British government to prioritize building operational resilience over implementing strict measures like banning ransom payments, as discussed in a parliamentary committee hearing.
The government had proposed a ban on public sector and critical infrastructure entities making ransom payments as part of a consultation that began in January and is set to continue until April 8. However, experts who testified at the Joint Committee on the National Security Strategy hearing expressed concerns about the effectiveness of such a ban in deterring cyber threats.
Sadie Creese, a cybersecurity professor at the University of Oxford, highlighted that while a ban on ransom payments might deter threat actors in specific sectors, it could potentially shift the targets onto other victims. She emphasized the importance of enhancing resilience across organizations to combat ransomware attacks effectively.
Similarly, Jamie MacColl, a cyber threat research fellow at the Royal United Services Institute, acknowledged the potential benefits of banning ransom payments by public sector organizations. He noted that while a ban may not entirely prevent attacks, it could prompt organizations to be more cautious in their decision-making regarding ransom payments.
In the view of the experts, forcing victims to carefully consider their response to ransom demands could be a positive step. However, they reiterated that the primary focus should be on strengthening organizations’ resilience to cybersecurity threats rather than relying solely on bans or restrictions.
Creese also underscored the need for comprehensive support mechanisms to assist organizations that may be unable to operate without paying ransom. She highlighted the critical importance of ensuring that essential services continue uninterrupted, especially in cases where lives could be at risk.
Apart from the ransom payment ban proposal, the consultation also sought feedback on a requirement for victims of ransomware attacks to report incidents to the government within a specified timeframe. Witnesses emphasized the significance of clarity in reporting requirements to facilitate efficient information sharing and response to cyber incidents.
Kelly Butler, the cyber head at Marsh, stressed the need for clear guidelines on reporting obligations to avoid ambiguity for victims. She suggested that information sharing should be purposeful and transparent to benefit both the victims and the broader community.
In addition to incident reporting, experts recommended encouraging victims to report details about ransom payments to enhance information sharing and collaboration. MacColl emphasized the importance of establishing a two-way flow of information to ensure that data provided by victims contributes to collective cybersecurity efforts effectively.
Overall, the experts emphasized that while regulatory measures like banning ransom payments and mandatory incident reporting can be valuable tools in combating cyber threats, a holistic approach that prioritizes resilience-building and effective information sharing is essential to address evolving cybersecurity challenges effectively. By fostering a collaborative and proactive cybersecurity culture, organizations can better protect themselves against ransomware attacks and enhance their overall cyber resilience.