Mar 05 2019

Financial Services Firms Go the Extra Mile to Thwart Ransomware

Banks and investment firms continue to be attractive targets for cybercriminals, so they prepare accordingly.

Olympia Financial Group was hit by ransomware, the financial services firm acknowledged in a recent press release. Eight days later, the firm announced it had completely recovered from the crippling cyberattack.

The ransomware attack did not affect ongoing operations, including foreign exchange trades, at Olympia, the company said. “The malware used to perform the attack encrypted electronic data stored on Olympia’s network so it cannot be read or used,” but no customer information was compromised, according to a press release.

Ransomware is cited as a top cybersecurity concern and a top cause of security breaches in "The Cybersecurity Insight Report," published by CDW. Because financial services firms present particularly attractive targets for cybercriminals, their IT leadership should take particular care in mitigating ransomware attacks.

"Cybercriminals are constantly attacking all of these endpoints using multiple methods and vulnerabilities, from ransomware to zero-day exploits. It is essential that IT admins look at predictive security for endpoints that includes anti-ransomware and anti-exploit capabilities that are enhanced with deep learning technology," says Dan Schiappa, senior vice president and general manager of products at Sophos, in the CDW report.

Cybersecurity Report

Financial Services Companies Appeal as Targets

As noted in Security magazine, financial services firms offer an appealing target to ransomware attackers for several reasons:

  1. The firms store a lot of valuable and confidential customer and corporate data.
  2. The firms tend to have significant cash on hand, and the high cost of downtime makes them more likely to pay a ransom to get back encrypted data.
  3. Their IT security is perceived to be deficient, especially within smaller banks and credit unions.

Generally speaking, financial services firms “continue to exhibit effective security,” but there is room for improvement, Security says.

Training and awareness can go a long way to mitigating ransomware attacks, particularly as most of the attacks enter a network via an email containing a malicious link or attachment. Firms should remind employees of the following, Security says:

  • Don’t open suspicious emails.
  • Learn to spot red flags. 
  • When in doubt, delete or don’t open.

MORE-FROM-BIZTECH: Discover These 5 Tips for Updating a Cybersecurity Incident Response Plan

Financial Firms Combat Cybercriminals with Targeted Actions

About a year ago, 18 financial institutions and the Financial Services Information Sharing and Analysis Center simulated a computer network attack with ransomware, hosted by ManTech International, CyberScoop reports.

Big U.S. banks and other participants connected to ManTech’s Advanced Cyber Range Environment, a facility designed to test cyberdefenses against malware. The exercise “mimicked the WannaCry ransomware, which struck more than 300,000 computers in 150 countries last year,” CyberScoop says. The exercise started with a phishing email, like most ransomware attacks.

“All critical infrastructure industries, especially financial institutions, should perform regular, realistic exercises to build up their resilience muscle memory,” FS-ISAC CEO Bill Nelson said in a statement.

In addition to drills, Jadee Hanson, CISO of Code42, recommends additional steps for financial services firms to undertake:

  • Perform regular system updates and patches, so that vulnerable systems are not used to run ransomware exploits.
  • Conduct regular external system data backups. This allows you to restore information from prior to the time of the ransomware attack.
  • Make sure all users are aware of and educated about the tactics used in ransomware and other attacks. This will make users less likely to click on suspicious links and infect their companies with ransomware.
Zephyr18/ Getty Images

aaa 1