Traditional antivirus fails to stop ransomware 100% of the time.
That’s according to a recent survey from Barkly of companies that suffered successful ransomware attacks during the last 12 months. A full 100% reported they were running antivirus at the time of the attack.
And antivirus wasn’t the only security solution that came up short. Victims reported that 95% of the attacks bypassed the victim’s firewall(s); 77% of the attacks bypassed email filtering; 52% of the attacks bypassed anti-malware; and 33% of the attacks were successful even though the victim had conducted security awareness training.
Not a great track record. But what’s baffling is the finding that most companies don’t alter their approaches after a ransomware attack.
“Instead of branching out and investing in new forms of protection, the majority of respondents chose to simply double down on the same poor-performing solutions,” said Jonathan Crowe, a security researcher at Barkly.
In fact, 26% (re)invested in email filtering; 25% (re)invested in security awareness training services; 20% (re)invested in antivirus; and 17% (re)invested in firewall(s). That’s in addition to the 43% that didn't invest in any additional solutions at all.
“One way to read these reactions is that, lacking obviously better options but still feeling the pressure to do something, companies are taking the only immediate path they see forward — adding more of the basic, foundational security solutions that have widely-accepted benefits even though they also have widely-acknowledged holes,” Crowe said.
Many IT pros said that they preferred to address vulnerabilities and make improvements on their own. Two thirds responded to the attacks by conducting their own user awareness initiatives. Nearly half reacted by making updates to their existing security policies.
“The fact that a whopping 43 percent of respondents chose not to invest in any additional security solutions whatsoever is also an indication that, when it comes to preventing ransomware, IT pros simply don't see many good options (new or established) they feel like they can trust,” Crowe said.
Another factor is that backups might be making IT staff complacent. Barkly research showed that 81% were confident backup would provide them with complete recovery from a ransomware attack. But less than half of those who had actually experienced an attack were able to fully recover their data with backup.
“While backup is unquestionably a necessity and while it has undoubtedly helped save many an IT pro's bacon, it's also far from a given that every ransomware scenario will be able to be quickly remedied with a simple wipe and restore,” Crowe said. “The idea of increasing widespread reliance on backup, a solution that's really meant to be used as a last resort, makes many security experts nervous. There's also the worry that some ransomware variants make copies of encrypted data that criminals can later sell or post publicly.”
Photo © wsf-s