Ian Yip was reacting to a report that the Australian Labor Party had called for a national ransomware strategy.
Labor's cyber security spokesman Tim Watts told Parliament on Wednesday that tacking ransomware should not be left to business and the question of payment of ransoms should be tackled.
“The rapidly growing costs of successful attacks on targeted entities – in downtime, remediation, ransoms and supply chains interruptions – combined with the growing costs to all organisations of defending themselves against these attacks is an unsustainable burden on the nation,” Watts was quoted as saying.
"The cause is typically not the ransomware itself. It's the defences, or lack thereof, that lead up to a ransomware attack. Ransomware happens to be the 'highest threat' as stated by the Australian Cyber Security Centre because it's the most profitable for cyber criminals.
"Deploying a nationwide ransomware strategy is akin to one that focuses on stopping high-end television thefts from homes. It's not the stealing of the television that's the core problem.
"It's the fact that the thieves managed to get in to steal it because there weren't enough protection mechanisms in place. If a home doesn't have a high-end television, or if it was weighed down with a ball and chain, the thieves would simply take something else."
Neil Pollock (above, right), chief executive of global cyber security company FirstWave Cloud Technology, made a similar point to Yip.
"Last year's 2020 Cyber Security Strategy from the Federal Government and this push from Labor for a national ransomware strategy are steps in the right direction to help local SMEs be prepared for the inevitability of cyber attacks," he said.
"However, the government needs to ensure a holistic approach is taken to tackling this constantly evolving and growing national issue.
"As well as investing in the resources and processes to deter bad actors from targeting Australian businesses, there also needs to be an urgency among local businesses to educate themselves on cyber-safe behaviours, leverage local and effective technology solutions to protect them while they're running their business, and collaborate with relevant organisations to maintain cyber safety and awareness."