It's hard to read the news at the moment without Ransomware being mentioned. For example, I typed "ransomware" into Google News this morning and got more than 1 million hits in 0.23 seconds. Even when I limited my search to the past 24 hours it returned over 6 pages of links. Therefore, with so many experts writing things that are sufficiently interesting or important to feature as "News" — why has the problem not yet been solved?
In order to try to answer this I delved a little further on what is being classed as news-worthy with respect to ransomware. By far the most articles that my Google search unearthed referred to new and exotic threats that had the ability to exploit hitherto unknown vulnerabilities in IT systems and organisational annihilation can only be averted by purchasing some new cutting-edge technology. Other articles reported on the damage and pain felt by actual victims – and others extrapolated this by explaining the damage and pain that could be experienced by organisations that have not been a victim but could be. Another large category were the insurers who, by selling ransomware insurance alongside insurance for other large-scale potential business disrupters such as fire, storms, flooding and terrorism make people perceive it as a risk that they have very little control over and it something best left to the experts to deal with — at vast expense.
Whilst there is nothing illegal about using fear tactics to sell products, and, if you have a product that addresses a particular threat then the most appropriate time to market it is when the threat is in the news because that is when it can help most people. Likewise, it is not an exaggeration to say that ransomware can cause quite significant disruption. However, ransomware is a pan-organisational problem and cannot be solved by a single product or even a range of products without significant cultural change also being implemented in an organisation.
My hasty and totally unscientific investigation has drawn me to the conclusion that the simultaneous promotion of multiple 'magic' products all, quite legitimately, pointing to the single threat of ransomware but addressing different niche aspects of the problem has resulted in the dual effects of 'analysis paralysis' coupled with what marketers sometimes refer to as the 'FUD Factor' (when selling by fear, uncertainty and doubt fails to create fun, usefulness and delight in your customers). The drawback to using fear, uncertainty and doubt (FUD) as a sales tactic for scarce events is that, when the stated or implied threats fail to materialise over time, the decisionmaker frequently reacts by withdrawing budgeting or support from future initiatives. If you then compounded this by the fact that, viewed from the CEO's perspective, the hundreds of clearly very diverse products, cannot possibly all answer his or her ransomware prayers has led to a situation where minions are continuously tasked to evaluate options and decision and action is never taken.
Therefore, without wanting to confuse matters still further here are four things that every ceo should know about ransomware.
To download the white paper, please complete the form opposite.