Ransomware on the rise: What are the risks?
As financial technology becomes increasingly sophisticated and ubiquitous, so too do the risks of cybercrime. Financial institutions are prime targets for a litany of attacks including ransomware due to the vast quantities of critical value data (CVD) relating
to its customers and employees.
Ransomware is a form of malware that gathers information about the nature and location of CVD, accesses that data and then encrypts it – making it inaccessible for the company unlucky enough to be a victim.
The victim organisation can either restore their data with uninfected and up-to-date backups or pay the attackers’ demands (typically in bitcoin) and hope for
honor among thieves. Once the ransom has been paid, the private key is (presumably) provided to the victims and the data can be decrypted.
One of the effects of the COVID-19 pandemic on the business world has been the acceleration of the shift from office workspaces to remote working – a change that was perhaps inevitable, but that thrust businesses into the uncharted territory of cyberspace
without due preparation.
The world accommodated the unexpected migration into remote teleworking, largely supported by Virtual Private Networks (VPNs) as a mechanism of simulating an
office-like environment. While the shift didn’t necessarily lead to
more data, it did require remote access to data that was previously only accessible from office-based systems and therefore exposed more critical value data.
Unfortunately for the banking and financial services industry, attackers were poised and ready to take advantage of this shift by targeting businesses that lacked the appropriate security controls and maturity, or simply were not prepared for the additional
administrative overhead introduced by the migration to an entirely remote workforce.
How are attackers gaining entry?
Cybercriminals are unlikely to strike the systems being monitored (the front door) and will find the proverbial unlocked window.
One of the easiest and most effective attacks used around the world is business email compromise (BEC). It is an old, but effective tactic where the attackers will create an email address with the name of a company executive with a non-company extension
and send out an email to everyone in the company with an easy Call to Action (CTA). All it takes is a single respondent to execute a payload and grant the intruders access to the corporate network.
How can financial institutions protect themselves?
It’s essential that financial institutions act now as the threat of Ransomware has evolved into a ‘service offering’ known as Ransomware-as-a-Service (RaaS). RaaS enables cybercriminals that are unfamiliar with malware development to outsource this skill
and deploy an attack with relative ease.
To defend against the threat of ransomware, financial services organisations need to treat their defensive posture with the same level of rigour and determination as that of their adversaries. Failure to do so
will result in their business being compromised , and the subsequent theft and monetisation of their critical value data. Security should be a top priority at board-level, making sure that they plan for suitable technology, security training, and threat
exercises like red teaming and purple teaming, inspired by military categorisations of combat readiness (train as you fight).
A defence strategy should also include active threat hunting to seek out attackers that have found their way past the perimeter (which they invariably will) and are trying to establish a foothold within.
Organisations will pay for security – either now without interest or later
with interest. That interest will manifest itself in the loss of customer confidence, loss of market share, regulatory fines, and potentially class action or shareholder derivative lawsuits. Simply put, businesses need to pay now to take advantage
of a significant return on investment or pay the consequences plus interest. With the benefit of hindsight, it’s a no brainer.