May 27 2022

A Ransomware Survival Guide for Financial Services Firms

Ransomware is on the rise. Here’s how financial firms can minimize the impact and reduce their total risk.

The recent spike in ransomware attacks in the financial services industry has been jaw-dropping: a 1,318 percent jump from the first half of 2020 to the same period last year, according to Trend Micro, with no sign of it slowing down.

This creates a growing concern for banks: Not only is the likelihood of an attack greater than ever, but the consequences of a successful ransomware compromise could also have a serious impact on revenue, reputation and regulatory compliance.

Here’s our best guidance for reducing your risk and minimizing the fallout from these attacks.

READ MORE: Find out how AI can help financial institutions with risk mitigation.

Make Ransomware a Shared Responsibility

When a ransomware attack happens, IT teams are responsible for quarantining key systems, tracking down the point of compromise and restoring critical data.

But these attacks don’t happen in a vacuum. According to security firm Palo Alto Networks, the three most common vectors for ransomware compromise are exploit kits, malicious email attachments and malicious email links. Exploit kits leverage known system vulnerabilities and often make their way onto systems when users visit compromised websites. Malicious attachments and links appear as part of seemingly legitimate emails. When users click through, a malicious payload is downloaded and installed.

The result? Surviving ransomware starts with the recognition that defense is a shared responsibility. While IT teams will always be tasked with reducing ransomware’s impact after the fact, financial firms are best served by making ransomware education an essential part of employee training.

This means taking the time to teach staff about common attack vectors and the telltale signs of fake emails or malicious links, and making sure they understand that it’s always better to report suspicious activity rather than remain silent and hope for the best. Paired with regular testing to ensure employees can spot common ransomware attempts, this move to shared responsibility can help stop ransomware while it’s still outside your network.

Click the banner below to unlock exclusive cloud content when you register as an Insider.

Consider Both Ransomware Prevention and Remediation

Attacks are becoming more common and more complex. Add in unstable global conditions, and banks are understandably making an effort to prioritize prevention and reduce the risk of compromise. With the average cost of a ransomware attack in the financial sector now topping $2 million, this makes sense, but prevention alone isn’t enough. Banks must assume that ransomware attacks will successfully compromise their networks at some point. What then?

To effectively address this reality, financial organizations should prioritize both prevention and remediation. Prevention starts with robust data backups that follow the 3-2-1 rule: three copies of data, two onsite and one in the cloud or stored on other media.

These backups enable banks to quickly get back on track if potential ransomware activity is detected and systems are temporarily shut down. Regular backups of critical data ensure only minimal continuity loss if protection takes precedence.

Comprehensive disaster recovery, meanwhile, helps banks significantly reduce downtime after an attack, even if primary data storage is corrupted or destroyed. Robust DR solutions see critical data synchronized across two (or more) instances such that if one fails or becomes otherwise inaccessible, banks can quickly swap over and keep working.

RELATED: Find out why ransomware continues to be a threat — and what you can do about it.

Find the Right Talent to Take on Ransomware

While there are glimmers of hope that the security skills gap is starting to close — the number of open positions has fallen for two consecutive years — about two-thirds of businesses surveyed say the continued shortage of security talent is putting their organization at risk.

Managed security services, such as those from CDW, can help banks close the gap between InfoSec needs and available talent. This starts with robust vulnerability assessments that include both cloud and on-premises operations to determine where networks are vulnerable and help bank IT teams get a handle on where new solutions are needed.

These solutions might include immutable data backups that are encrypted at rest, in transit and at their destinations. Other options include third-party penetration testing to pinpoint potential vulnerabilities, or the addition of virtual CISOs that offer industry expertise without the full commitment or cost of hiring a full-time executive.

The bottom line is that ransomware isn’t going anywhere. To secure key data and survive ongoing attacks, banks need to prioritize shared responsibility, address both prevention and remediation, and leverage the right talent and technologies to reduce their total risk.

This article is part of BizTech's EquITy blog series. Please join the discussion on Twitter by using the #FinanceTech hashtag.


Getty Images/solarseven

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.