Please see my new article in The Times of Israel called “Lessons From Israel In Stopping Ransomware.”
Israel is a small, but powerful nation that wants to stop attacks before they get to their door, and indeed, their lives depend on that. We can learn from Israel’s military doctrine of deterrence through overwhelming strength, unity, and disincentivizing the attackers to inform other security issues, such as ransomware attacks. I believe that the answer lies in a public-private security partnership financially backed by the government.
First, companies voluntarily join a public-private security partnership in which they adhere to higher security standards and oversight as well as pledge not to pay ransomware. Additionally, these companies are placed on a public list and given a badge or seal of approval/logo like Brink’s Home Security or ADT to display that indicates they are “fortified,” and in this case, that they won’t pay any ransom, and are backed by the government.
Second, the government provides an incentive for companies to participate in the public-private partnership and not to pay ransomware. The incentive provided is that the companies are backstopped (insured) by the government in the event of a ransomware attack to them. This is similar to ransomware insurance, but the difference is that the cost to companies would be a fraction of what they would otherwise have to pay. The benefit to the taxpayer is that the market for ransomware dries up with companies that have pledged not to pay. As the program become universal, there is no one left for the ransomware attackers to target.