Anti-ransomware technology isn’t wholly effective in preventing attacks

Many companies that invest in anti-ransomware technology still find themselves the victim of attacks, according to a new study by Malwarebytes.

The Second Annual State of Ransomware Report, which surveyed more than a thousand small and medium-sized enterprises, found that more than a third of respondents claimed to have been running anti-ransomware technology over the past year, but just as many were hit by a ransomware attack in that period.

This indicates that technology alone should not be responsible for cyber security. Instead, efforts need to be made across all levels of the business. Ransomware often targets people – getting them to click on malicious links and attachments – so it’s important to complement anti-ransomware technology with staff training programmes and policies for your employees to follow.

Preventing attacks is a high priority

With ransomware a growing concern, the majority of respondents (75%) said that preventing attacks is a high priority. Despite this, nearly half of respondents have little or moderate confidence in their ability to protect their organisation.

Adam Kujawa, director of malware intelligence at Malwarebytes, said: “It’s clear from these findings that there is widespread awareness of the threat of ransomware among businesses, but many are not yet confident in their ability to deal with it.

“Companies of all sizes need to remain vigilant and continue to place a higher priority on protecting themselves against ransomware.”

Despite the rise in attacks, 72% of organisations say that ransomware demands should never be paid. We always recommend refusing to pay the ransom, because there is no guarantee that the criminals will return your systems to normal – as many organisations found out following June’s NotPetya outbreak. But even if you are able to recover your data, you will be a target for repeated attacks.

Mitigate the threat of ransomware

The best way to mitigate the threat of ransomware is to adopt an ISO 27001-compliant information security management system (ISMS). ISO 27001 is the international standard that describes best practice for an ISMS, providing a system of processes, documents, technology and people to help organisations manage their information security practices.

Although there is no such thing as 100% secure, ISO 27001 can significantly reduce the likelihood of your organisation being hit by ransomware. And if you do fall victim, ISO 27001 can help reduce the damage.

We offer a variety of products and services to help you implement an ISO 27001-compliant ISMS, including a pocket guide, packaged solutions and training courses.

Find the right ISO 27001 solution for you >>