Medibank - PAY THE RANSOM
Skeeve Stevens
? Futurist | A.I | Weaponisation of Technology | Cyber* | Security-Tech | Risk/Threats re Tech | Robotics | IoT | Media SME | Advisory/Consulting | Professional Speaker | Polymath
Let me begin by saying that in no way do I support criminals or them benfiting from their crimes. These people are scumbags who prey on those too clueless to protect themselves.
But. MEDIBANK. PAY THE RANSOM.
Who do think you are that you get to decide that your customers (of which I am one) will have to deal with the release of the data on their own?
YOU screwed up here. You need to take responsibility for what has occured.
What is this bullshit from you? Policy?
Who cares if it is government policy or not? You are NOT a government entity, nor is any government a significant shareholder of Medibank Private.
The comments from the Criminals are accurate. Crime is just a business. An illegal one yes, but it is still a business. If they do wrong after you pay, they'd lose their reputation, which would make their efforts counterproductive, and they seem to have spent some serious effort hacking you.
领英推荐
Should they be rewarded for their criminal acts? No, of course not. But this is not an act that actually hurts Medibank as an entity. Medibank will go on. But it IS something that will seriously hurt many of your customers.
But now the Criminals are going to come after your customers directly. Threatening people who can't afford to pay and may have their lives ruined.
You have a market cap of around 7.4billion dollars. You CAN afford this.
Your CEO David Koczkar said he was 'distressed'. Oh poor him.
If you do not pay the ransom, then I hope there is a class-action lawsuit that will take your organisation to your knees.
The lives of those who could be ruined from your negligence will be your responsibility.
I am a customer of yours and have paid you many thousands of dollars over the years. You need to treat our data with respect and you need to pay the ransom to protect your customers.
...Skeeve Stevens (Cybersecurity Expert and ex-Hacker)
Management Consulting firm | Growth Hacking | Global B2B Conference | Brand Architecture | Business Experience |Business Process Automation | Software Solutions
1 年Skeeve, thanks for sharing!
Digital Platform & Product Leadership
2 年Great topic to discuss in an open and honest way Skeeve Stevens. As one of the customers impacted by both Medibank and Optus, I would not want these businesses to fund this. It sets a dangerous precedent that would no doubt be copied. Whilst both organisations failed to protect my data, I also, should have been given more opportunity to have my say about my data. The sooner we conclude privacy is gone and we shift our focus towards data ethics and CDR, the better off we'll be.
Virtual Chief Information Security Officer (vCISO)
2 年Skeeve Stevens kudos to you for having the courage to write this article! Once this is settled one way or another I would like to see the board and exec of Medibank and Optus hauled over the coals to explain why they ignored their cyber leaders and teams and presided over corporate culture that placed so little value on protecting our data, but rather focussed on profit. We need to hear from current and in particular previous CISO's and team members as to attitudes towards Cyber and data protection, what real support they were given, how often did they meet with the CEO and Board, etc, etc.
Business Leader | Passionate DEI Advocate | Creative Superbeing
2 年There doesn't seem to be the same scale of pile-on pressure being applied to Medibank in the press and by government as there was Optus either. I'm not a customer of Medibank, but their public response to the breach does strike me as all platitudes and no care for the consequences.
Lead Engineer
2 年I completely agree that as a customer, if there was a good chance that paying the ransom would protect my data, I would want Medibank to pay (despite encouraging the behaviour and effectively funding further attacks)... but is there a good chance? ?? https://www.forbes.com/sites/daveywinder/2021/05/02/ransomware-reality-shock-92-who-pay-dont-get-their-data-back/?sh=b2f968ae0c75