Key Points
- New laws are being considered to ban companies from making ransom payments to hackers.
- Cyber Security Minister Clare O'Neil says the growing volume of cyberattacks necessitates long-term reform on data protection.
- It comes after the announcement of a new policing operation involving the Australian Federal Police and the Australian Signals Directorate.
It could soon be illegal for companies that fall victim to data breaches to pay ransoms to the hackers.
Home Affairs Minister and Cyber Security Minister Clare O'Neil confirmed the government was examining whether new laws were needed to stop ransom payments in the wake of the Medibank and Optus data breaches.
While Ms O'Neil said while short-term successes were needed in cyber security reform following the mass hacks, other long-term outcomes were being considered, including banning ransom payments.
It follows the government launching a high-tech policing operation targeting the network of hackers behind the Medibank attack, which stole the medical histories and private information of customers.
"The way we're thinking about the reform task ... is a bunch of quick wins, things that we can do fast, and the standing up for the new police operation is one of those," Ms O'Neil told the ABC's Insiders on Sunday.
"There's some really big policy questions that we're going to need to think about and consult on, and we're going to do that in the context of the cyber security strategy.
"We'll have a look at (making ransom payments illegal)."
Ms O'Neil said Medibank was right not to pay the ransom demanded by the hackers, with those behind the breach threatening to release more data if the amount was not paid.
Volume of cyber attacks increasing
Federal police confirmed on Friday Russian criminals were behind the attack on Australia's largest private health insurer.
A 100 officer-strong, standing cybercrime operation targeting hackers will be led by Australian Federal Police and the Australian Signals Directorate.
"This is Australia standing up and punching back," Ms O'Neil said.
"We are not going to sit back while our citizens are treated this way and allow there to be no consequences for that.
"We are offensively going to find these people, hunt them down and debilitate them before they can attack our country."
The minister said the response to cyber attacks needed to be improved, due to their number.
She said institutions like NAB received 50 million attacks a month, while the tax office was subject to three million per month.
"I don't think anyone can promise cyber attacks are going to go away and one of the things people need to understand is really how relentless this is," she said.
"We have got to adapt our whole approach and our whole thinking about this new crime type."
Almost 500,000 health claims were stolen along with personal information, as part of the Medibank breach.
The insurer has created a one-stop shop of mental health and other support services affected customers can access via its website.
Ms O'Neil said companies needed to ensure better security of data.
"What this is for us is a national vulnerability and what we need to make sure is that companies are only holding data for the point of time where it's actually useful and the data is otherwise disposed of," she said.
