It's hard to read the news at the moment without Ransomware being mentioned. For example, I typed "ransomware" into Google News this morning and got more than 1 million hits in 0.23 seconds. Even when I limited my search to the past 24 hours it returned over 6 pages of links. Therefore, with so many experts writing things that are sufficiently interesting or important to feature as "News" — why has the problem not yet been solved?
In order to try to answer this I delved a little further on what is being classed as news-worthy with respect to ransomware. By far the most articles that my Google search unearthed referred to new and exotic threats that had the ability to exploit hitherto unknown vulnerabilities in IT systems and organisational annihilation can only be averted by purchasing some new cutting-edge technology. Other articles reported on the damage and pain felt by actual victims – and others extrapolated this by explaining the damage and pain that could be experienced by organizations that have not been a victim but could be. Another large category were the insurers who, by selling ransomware insurance alongside insurance for other large-scale potential business disrupters such as fire, storms, flooding and terrorism make people perceive it as a risk that they have very little control over and it something best left to the experts to deal with — at vast expense.
Whilst there is nothing illegal about using fear tactics to sell products, and, if you have a product that addresses a particular threat then the most appropriate time to market it is when the threat is in the news because that is when it can help most people. Likewise, it is not an exaggeration to say that ransomware can cause quite significant disruption. However, ransomware is a pan-organizational problem and cannot be solved by a single product or even a range of products without significant cultural change also being implemented in an organization.
Download the full report to continue reading.