Among all other cyber threats, ransomware attacks are now a major concern for financial firms. According to Verizon’s Data Breach Investigations Report, in 2018, 39% of malware attacks were related to ransomware. Financial firms are a top target for these attacks.
A ransomware attack holds a company’s digital assets as a hostage by encrypting the files and databases, which are released (unencrypted) only after the ransom has been paid.
Today, the U.S Securities and Exchange Commission mandates immediate disclosure of cyber attack incidents. Hence, in addition to ransom payout which typically is a large amount, such attacks can cost financial institutions hundreds of millions of dollars due to the loss in brand reputation, impact in customer experience, and in IT expenses to upgrade cybersecurity in response to such attacks.
How IT can boost ransomware defense
According to Verizon’s 2018 Data Breach Investigations Report, 92% of the attacks were initiated using successful email phishing campaigns. Once the malware embedded in the malicious URL of such emails infects a computer, it can spread across other devices in the corporate IT network immediately.
From an IT perspective, the most effective solution to combat ransomware is to implement a layered defense strategy.
Software upgrades, patches, and tools
When the IT systems in the enterprise network are regularly updated with the latest software versions, security patches are applied on a regular basis, and effective anti-phishing and anti-malware tools are employed, then the risks of an attack are significantly reduced, if not eliminated completely.
Although patching and upgrades sound straightforward, many financial firms fail to keep their systems up-to-date due to various operational reasons. For example, an upgrade cycle may cause business disruption, or the system might be at a remote location or used by telecommuters.
To overcome these challenges, IT can enforce automatic patching and upgrades those execute outside the business hours.
As cybercriminals increasingly depend on user weaknesses, in financial institutions insider threats rank high among cyber risks. Employees are often unaware of IT security policies, browsing best practices, signs of a phishing campaign, and benefits of VPN usage etc. Regular security training and audits can improve employee awareness and reduce insider threats. When the employees are trained to suspect malicious attachments and to comply with the security guidelines, then the chances of a malware breakout is significantly reduced.
Limiting resource access
Enforcing the principle of least privilege limits the access to network and system resources to authorized personnel. In scenarios where access privileges are not based on user roles, malware infections are seen to spread much faster. Systems used by third-parties may require additional security configuration as well. User authentication using strong credentials and multi-factor authentication for privileged users can secure a firm’s computing resources from malicious intrusions.
System and Network Management
IT departments in traditional institutions often collocate data in a physically secure location, which in itself can be a single point of attack. Again, with the increasing adoption of cloud-based services, IT has limited control over the security policies enforced by the cloud provider. However, effective network and device management on-premises can reduce the risk of ransomware attacks.
If an attack happens, network segmentation contains the consequences within a network segment and prevents the spread of the attack. Network monitoring tools can detect malicious activities by monitoring file read/write/delete activity, unusual CPU or disk activity etc.
Certain phishing attacks take control of trusted email servers and send emails from it and remain undetected by phishing filters. Regular security scans, application firewalls, and software vaults for opening links and attachments are useful protection schemes to combat in such scenarios.
Effective backup is usually the last line of defense if ransomware does break in. If a computer is backed up, and the backup remains un-infected, then it can be retrieved to resume operations. Hot and cold backups can both be used depending on the use case scenario. Backup needs to be done on systems having separate access controls and in ways that retain operational capabilities (i.e. retaining indexes and configurations necessary to use the information). When done diligently, backups can save from the fallouts of a ransomware attack.
Given a steady rise in the sophistication of ransomware attacks, implementing prevention plans alone may not be sufficient. To minimize the risks of reputation damage, financial institutions can invest in IT-resilience plans that include robust measures of business continuity, backups, disaster recovery, and cloud mobility. There are also software-based resiliency solutions which alert the IT teams immediately after ransomware infects the system, and can trigger a data recovery sequence.
In spite of these options, financial institutions often find it difficult to implement these measures due to their size, IT budget, and other resource priorities. At DataComm, we specialize in securing financial institutions from ransomware in a timely and cost-effect manner.
We can limit or transfer the impact of ransomware by offering insurance that covers some of the costs of maintaining services and recovering data processing resources in the event of an attack. We can also limit the impact by having a Business Continuity Plan that includes alternative processes that address ransomware scenarios, such as, damage to strategic assets including servers, databases and network devices; damage to vendors; and damage to cloud-based resources.