PC Matic Exposes Failing Security Vendors
The concept of an antivirus failing isn’t new. To be quite frank, it has become rather common. New ransomware attacks are being successfully executed daily, and only a fraction of them are made public. And what’s worse — those that do go public, rarely share which security solution they were using at the time of the infection. Shouldn’t that be one of the first things they disclose? If the organization got infected, that solution failed. Other customers, both at a business and home-user level, likely would want to know that.
Since the infected organizations typically do not come forward with this information, PC Matic has begun digging for it. According to the Freedom of Information Act, anyone can make a public record request for specific information to any entity that is primarily funded by the public. Therefore, PC Matic has submitted public records requests to over 100 U.S. public municipalities, school systems, and law enforcement agencies.
The documentation we’ve received thus far is quite surprising.
“…we contacted the North Dakota Information Technology Department, a state agency, and they indicated during September 2016, the North Dakota Health Department computers were using Symantec End Point Protection antivirus.” – North Dakota Health Department, Department of Mineral Resources ransomware attack
“At the time of our ransomwareinfection we were using the Symantec Enterprise Antivirus Suite.” – Devin Barber, IT Manager, City of Yuba City ransomware attack
“Response: the vendor is ESET.” – Caroline Celaya, Public Records Requests Manager, San Francisco Transportation Municipality Agency
Symantec is one of the top-used security solution vendors used by public agencies, with 33.3% reporting using their products at the time of the ransomware infection. Beyond what is included above, other vendors used include Microsoft, Trend Micro, and Malwarebytes.
Knowing the Weakness Isn’t Enough
These organizations have verbalized their security solution failed them. They know where their weakness is, yet 75% of those infected, aren’t doing anything about it. Three out of four organizations hit with ransomware have not switched security solution providers. Instead, they’ve either kept the exact same solution or boosted their protection plan with the same vendor.
“In response to your Right To Know request dated August 27, 2018, the following information is provided: Antivirus – Was and continues to be Microsoft System Center End Point Protection.” – Sandra Warner, Open Records Office, Pennsylvania State Senate ransomware attack
“According to our computer vendor our server was using Trend Micro prior to the incident. Currently we are using Trend Micro Worry Free Advanced 9.” – Joseph Massetti, Derby Police Department ransomware attack
“The City of Muscatine utilizes Malwarebytes and to date has not changed its service provider.” – Gregg Mandsager, City Administrator, City of Muscatine ransomware attack
“In response to your request, we were using Microsoft antivirus solution and we are still using Microsoft antivirus solution.” – Becky Crouch, Office of Operations, Chester County School District ransomware attack
Does this make sense to anyone? The vendor failed to protect the information once already, but the organization continues to trust them to meet their cyber security needs? Or worse yet, they’re paying them more money, in hopes that by doing so, they’ll get better protection. Just how long will it be, before they fall victim to another attack?