Sep 16 2021

Ransomware: What Financial Firms Need to Know

Ransomware is a growing problem for financial firms. Here’s what you need to know.

Financial services companies are frequent targets of ransomware attacks. In May, the DarkSide and Ragnar Locker groups hit several small banks in quick succession, and in July, multiple firms were hit by the REvil criminal network as part of a $70 million attack. On September 4, a bank in California found itself compromised by the AVOS Locker gang, which called out the breach on its official leak site.

To address these emerging concerns and ensure they’re ready to meet evolving ransomware challenges, experts say banks must adopt a threefold approach that prioritizes ongoing risk recognition, threat assessment implementation and best-practice data backup deployments.

Exploring the Threat Landscape for Financial Services

Banks face an uphill climb in the fight against malware. With data breach costs in the financial sector second only to those in healthcare and 75 percent of breaches stemming from hacking or malware, external threats are both commonplace and costly. What’s more, paying up on ransomware demands could put banks in violation of the Treasury Department’s Office of Foreign Assets Control regulations.

According to Gaurav Deep Singh Johar, a member of the emerging trends working group for the IT professional association ISACA, evolving market conditions are also changing the nature of the threat landscape.

“Financial institutions need to be available 24/7, and with the pandemic, the demand for services has increased significantly,” says Johar. “Typically, there would be a back-end system at the physical branch, but today, customers want services at their fingertips. If any of these services are compromised, what could be the impact? Many payments and services are time-critical. As a result, the magnitude of threat is much higher.”

He also points to the impact of ransomware breaches on reputation. “North American financial institutions have held very strong during the pandemic,” he says. “They have been supporting the economy in whatever way possible. There’s a huge reputational impact if ransomware prevents clients from getting stimulus or support funds.”

Banks Must Conduct Cybersecurity Assessments

To reduce the risk of ransomware, Johar points to the benefits of a multifold approach capable of identifying and addressing key threats.

While many banks already have dedicated teams in place to monitor cybersecurity threats 24/7, embedded artificial intelligence and machine learning tools are increasingly critical to capture threat data before key systems are compromised.

“Employee awareness also plays a huge role,” he says. “Banks need to train employees about what could go wrong and what threats look like. They also need to address lateral threat movement with the deployment of microsegmentation tools that offer granular control.”

Along with internal oversight, banks can benefit from robust third-party threat assessments to ensure they’re targeting critical concerns and making the best use of security resources. 

MORE FROM BIZTECH: How banks can protect their hybrid work environments.

Best Practices for Banks’ Data Backups

If ransomware attacks are successful in compromising bank networks, the right backup strategy is critical to minimize operational disruption.

“Traditionally, banks have done a good job with backups,” says Johar, “but today’s ransomware has significantly increased their importance. While banks have always maintained redundant systems, they now need real-time data backups to make on-demand switching possible.”

While the cloud is often tapped for this backup process, Johar says banks must identify which data needs to make the move to the cloud and which is better kept close to home on core systems. “Ask yourself what is going to the cloud and what needs to go to the cloud. Make sure you have a clear understanding of where original data — and its copies — are stored.”

For cloud backups, Johar’s advice is simple: “Don’t give up the keys to the kingdom.” Banks must make sure that access and actions are strictly controlled to reduce the risk of compromise and limit the need for backup failover.

When it comes to defending critical financial assets against ransomware, Johar argues for a multilayer approach that provides complete visibility of assets, access and actions.

“Trust nothing,” he says. “Check everything.”

perinjo/Getty Images