Ansa CEO calls for legislation against paying hackers

ANSA McAl CEO Anthony N Sabga III called for legislation to be passed that would make it illegal for a company to pay hackers who hold data at ransom through ransomware attacks.

He made the statement during a press conference on the release of the company’s financial results for the nine months of the year ending on September 30.

“In making oneself a hard target, I think there are some opportunities that as a region or possibly as a nation that we can consider,” he said. “Were we to have national legislation passed that it was illegal for any company to pay for a cybersecurity ransom, that will permeate very quickly into the world of these hackers. Then, realising the difficulty of getting a reward, it may turn hackers away to other jurisdictions.”

He said the proposed legislation may not reduce the number of cyberattacks, but it may serve as a form of target hardening to pre-empt any occurrence of attacks.

Noting Ansa McAl’s own experiences with cyberattacks – namely the attack on the company’s systems in 2020, Sabga said ANSA McAl has since made significant investments in a cybersecurity campaign dubbed “Operation Shields Up.”

Chief Information Officer Ian Galt said the cybersecurity campaign involved a list of measures, including a 24/7 monitoring centre which monitors attacks locally and overseas, installing a suite of cybersecurity products and extensive education for customers and staff.

“You can have all the defence, but each and every person has to be knowledgeable.”

Asked whether legislation on reporting incidents of cyberattacks should also be considered, Sabga said there were strong data protection laws in other parts of the world that make reporting a requirement.

“Those data protection laws will instruct what an organisation such as ours would have already done – making sure that you have in place all the security infrastructure and in the event of any penetration of that, any sort of management and mitigation.”

Galt said ANSA McAl gets more than 1,000 attempts on its systems monthly, which he claims is “nothing out of the ordinary.”

He added that reports come to him daily and, depending on the threat level, it goes to his superiors, all the way to the CEO if the threat is substantial.

“I am happy to say that for the two-odd years since we’ve made the investment, we’ve yet to have a report sent to him, which is a good thing,” he said.

On Tuesday, TSTT announced that then-CEO Lisa Agard had “departed” from her role, days after she admitted to a cyberattack on the company that resulted in more than a million lines of code containing key data from the company being stolen and dumped on the dark web by hackers.