Submitted by giuliomagnifico t3_yvweup in technology
badillustrations t1_iwhzfxc wrote
Reply to comment by Fun_Ad_9878 in Australia to consider banning ransomware payments by giuliomagnifico
> I got news for you. Unlike license violations where the company pressures it's workers to break the law and the employee has no benefit, in the case of ransomware payments the employees are usually at fault
I guess I don't understand this assumption. There are equivalents of SOX compliance across many countries and that everyone in a compliance team would be totally cool signing off on illegal activity is a little strange to assume.
I think bitcoin is a little secondary to this conversation. Someone could convert X dollars to bitcoin and it's hard to track, but just taking X dollars out of an account needs to be accounted for just as if someone took it out to cash.
Fun_Ad_9878 t1_iwi0g27 wrote
>I think bitcoin is a little secondary to this conversation. Someone could convert X dollars to bitcoin and it's hard to track, but just taking X dollars out of an account needs to be accounted for just as if someone took it out to cash.
The expense could easily be itemized as a security expense. Data recovery expense. If they really wanted to get creative then they could list it as any old expense like employee's party or who knows what else. If a receipt is a problem then they can just pay said employee a bonus and he could convert it. There are plenty of ways. If the payment is done in conventional ways then it can be stopped usually.
LeastDescription4 t1_iwibztw wrote
In an unrelated note, do you know how invasive ASIC can be? Their "proactive surveillance" is fun.
Basically any financial company is well aware of the level of scrutiny behind stuff like this, so I wouldn't be surprised to see another government agency being given similar controls/access. Probably the OIAC I guess considering they already do the mandatory data breach reporting stuff.
DasKapitalist t1_iwi2ly9 wrote
>There are equivalents of SOX compliance across many countries and that everyone in a compliance team would be totally cool signing off on illegal activity is a little strange to assume.
Every USA-based company which does business internationally and "complies" with the FCPA laughs as your optimism. Bribing people in third world to do their job (or to "protect" your business from "accidents") is both illegal and ubiquitous. It's the sort of thing you'd see categorized as "consulting expenses, "travel and entertainment expense", or "risk mitigation expense".
For ransomeware, they'd probably just label it "data recovery expense" or "penetration testing expense" if the accountant had a sense of humor.
Viewing a single comment thread. View all comments