­
Cybersecurity Insights Video - Criminalizing Ransomware Payments with Malcolm Harkins - All Articles - CISO Platform
Cybersecurity Insights Video - Criminalizing Ransomware Payments with Malcolm Harkins

Ransomware is a growing scourge. Is it possible to eradicate this entire class of attacks? I think it is but in today’s Cybersecurity Insights interview I have a lively debate with Malcolm Harkins on criminalizing ransomware payments and different approaches to undermine Ransomware attacks!

I truly like vigorously debating cybersecurity issues with Malcolm. He brings great insights, passion, and experience to discussions with a willingness to aggressively debate in a constructive way.

We cover a lot of ground in our chat, including the potential merits of denying ransomware cybercriminals their prize by criminalizing payments, and explore other avenues to deter, protect, and prosecute ransomware attacks to mitigate risks.

 

Special thanks to this week’s guest, Malcolm Harkins, whom you can follow on LinkedIn: https://www.linkedin.com/in/malcolmharkins/

 

Please click the Like button if you found this insightful and subscribe to the Cybersecurity Insights channel for more interviews, best-practices, rants, and strategic viewpoints. https://www.youtube.com/c/CybersecurityInsights

 

Follow me on:

 

Votes: 0
E-mail me when people leave their comments –

CISO and Cybersecurity Strategist

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Comments

  • Chris Gebhardt Perhaps I am not articulating the plan clearly.  Criminalizing the payments is the act which gets the first domino to fall, but it is not the actual control which inhibits attacks.  What results from that first move is a chain reaction which ultimately leverages the very greed and effeciency of the cybercriminals themselves, to stop ransomware attacks.  The only reason why we must criminalize the payments is because otherwise some significant percentage of victims will pay, therefore preserve the incentives for attackers to continue.  We need everyone to stop paying this extortion for the attackers to move on.

    I go over the details, arguments, logic, timelines, etc. in great detail in a video series available on the Cybersecurity Insights channel 

    https://youtube.com/playlist?list=PLuIYhlNYyCmn0cCA6OqHqfL_qGSsizxBF

  • We made using drugs and narcotics illegal. Still have users.

    We made human trafficking illegal.  Still have that.

    We made homicide illegal.  Still have crimes of passion.

    We made insider trading illegal. Still have them.

    We made tax evasion illegal.  People still do it.  (Who has voluntarily paid a Use Tax for something they bought in a tax free non-resident state?)

    Where there is a will, there is a way.  Send the money to a blind offshort trust to disperse "as it sees fit."   Companies will utilize Monero cryptocurrency which obfuscates payer and receiver details in the chain.  Payment would be circumstantial at that point.

    Perhaps my time in law enforcement has jaded me but I don't see this as the best way to stop ransomware/theft.

    Good dialog...

  • Chris Gebhardt Criminalizing payments stops all those organizations from funding cybercrimanls that may attack or impact you.  Stop the funding of crime.  As long as cybercriminals are being paid, they will continue to victimize.  More attacks, more victims, and more impacts.

    This is a strategic plan as there is no tactical maneuver which works.  Stop the funding and the attacks will stop.  Otherwise the attacks will get worse.  Stopping the attacks helps everyone.  Less victims and impact.  

    Your argument of only a victim once, has already been proven wrong.  Attackers target those who have paid before with great vigor.  Even if they have improved their security, they will be targeted because the attacker knows they will pay.  Being paid is all that matters to them.  If the community stops paying, they will move back to other crimes (DDOS, account phishing, financial fraud, etc. - which is exactly where we want them).

    By the way, this strategy has been proven to work time and again with criminals.  Remove the attackers objective and they don't attack.

  • This is a zero sum game argument.  If you criminalize the payments, then you force organizations to act as criminals.  They will go underground to restore their business operations. If you don't criminalize the payments, it is still a deminishing field as those attacked, who survive, come back more strong than ever before.  Those that are attacked twice are fools and deserve what they get.

This reply was deleted.

Join The Community Discussion

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (Monthly)

  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

CISO MeetUp: Executive Cocktail Reception @ Black Hat USA , Las Vegas 2025

  • Description:

    We are excited to invite you to the CISO MeetUp: Executive Cocktail Reception if you are there at the Black Hat Conference USA, Las Vegas 2025. This event is organized by EC-Council & FireCompass with CISOPlatform as proud community partner. 

    This evening is designed for Director-level and above cybersecurity professionals to connect, collaborate, and unwind in a relaxed setting. Enjoy…

  • Created by: Biswajit Banerjee
  • Tags: black hat 2025, ciso meetup, cocktail reception, usa events, cybersecurity events, ciso

6 City Playbook Round Table Series (Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata)

  • Description:

    Join us for an exclusive 6-city roundtable series across Delhi, Mumbai, Bangalore, Pune, Chennai, and Kolkata. Curated for top cybersecurity leaders, this series will spotlight proven strategies, real-world insights, and impactful playbooks from the industry’s best.

    Network with peers, exchange ideas, and contribute to shaping the Top 100 Security Playbooks of the year.

    Date : Sept 2025 - Oct 2025

    Venue: Delhi, Mumbai, Bangalore, Pune,…

  • Created by: Biswajit Banerjee

National Insider Risk Symposium, Washington DC, USA 2025

  • Description:

    We are excited to invite you to the 10th National Insider Risk Symposium, a premier forum bringing together leaders and experts from both the commercial and public sectors to address the evolving landscape of insider threats. CISOPlatform is a proud community partner for this event. 

    Event Details:
    Venue: National Housing Center, 1201 15th St NW, Washington, D.C. 20005
    Dates: September 17–18,…

  • Created by: Biswajit Banerjee
  • Tags: national insider risk symposium, ciso, cybersecurity events, usa events