As the cybersecurity landscape continues to worsen across the globe, of particular concern is the alarming rise in ransomware breaches, especially within the financial services sector. According to the Financial Crimes Enforcement Network, cyberattacks, and ransomware specifically, are the most significant threats to U.S. financial institutions. 

With more pervasive and sophisticated methods, ransomware attacks continue to create a new level of threat for the industry. Last year, 55 percent of financial organizations fell victim, up from 34 percent the previous year – a 62 percent increase.* 

Research by Trend Micro Inc. found that the banking industry has been disproportionately affected by ransomware, experiencing a 1,318 percent year-on-year increase in attacks in the first half of 2021. 

What Exactly Is Ransomware? 

Ransomware is a type of malicious software (malware) designed to block access to a computer system or data. It often encrypts the data and locks the system’s screen or user’s files, then spreads to shared storage drives and other accessible systems.  

Cyber attackers hold the system or data “hostage” until a ransom is paid. Usually, the ransom is a substantial amount of money or cryptocurrency.  

If the demands are not met, the system or encrypted data remains unavailable, or data may be deleted. An emerging tactic is for the cybercriminals to steal sensitive data and threaten to publicly disclose it or sell it if the ransom isn’t paid, creating a double extortion scheme. 

Mitigating the Risks 

Early detection of a cyberattack is always important, but it is even more crucial with ransomware. Recognizing and eliminating the attack before the data is encrypted is vital, because once you see the ransom demand message, the damage has already been done.  

Whatever the size of your business, it’s critical to invest in anti-malware solutions that monitor your network for any malicious activity. These techniques include signature-based detection, behavior-based detection, and detection through abnormal traffic.   

Also, educate employees on how to detect ransomware and the action to take if they notice a suspicious email or link. Most ransomware attackers leverage human error to compromise systems. 

While early detection is crucial, organizations must also implement effective ransomware recovery measures in case of an attack. So, it’s important to have a comprehensive data backup strategy. Data backups can restore the data to normal, as well as remove the infection, which eliminates the question of having to pay the ransom. 

Should You Pay? 

FBI and Department of Homeland Security recommend that companies avoid paying ransoms, because doing so encourages more attacks. 

The decision of whether to pay the ransom should be made carefully at the organization’s highest level. And understanding what happens if you pay is key to making that decision. 

Theoretically, if you pay the ransom, the attackers will provide a decryption tool and withdraw the threat to publish stolen data. But payment is no guarantee that all data will be restored. Gartner, Inc. notes the following realities of ransomware that must be considered: 

• On average only 65 percent of the data is recovered, and only 8 percent of organizations recover all their data.** 

• Encrypted files are often unrecoverable. Attacker-provided decrypters may crash or fail. You may need to build a new decryption tool by extracting keys from the tool the attacker provides. 

• Recovering data can take several weeks, particularly if a large amount of it has been encrypted. 

• There is no guarantee that the hackers will delete the stolen data. They could sell or disclose the information later if it has value. 

Before negotiating with attackers, it’s important to engage a professional incident response team and consult law enforcement and regulatory bodies. 

However, the best alternative to the pay-or-don’t-pay dilemma is to have a business continuity plan in place and to proactively defend your financial institution against ransomware attacks. 

*source: The State of Ransomware in Financial Services 2022, Sophos report 

**source: The State of Ransomware 2021, Sophos report 

As awareness continues to grow, cybersecurity is emerging as a top strategic priority for individuals and businesses. And in the banking and finance sector, its importance cannot be overstated.

Precisely because financial institutions work so closely with highly sensitive data, they have become a frequent target of cybercriminals, who compromise the information and use it for financial fraud, identity theft, and other malicious activities.

With factors such as increased digitalization, remote working, and changing technologies, cybersecurity is becoming even more critical. Financial services companies must take a proactive stance.

Nearly 50 percent of banks view reducing and preventing cyberattacks and fraud, along with protecting sensitive data, as their top challenges.* Cybersecurity solutions to prevent modern threats are vital to keeping such institutions and their customers protected around the clock. These include strategies focused on the following technologies.

Multi-factor Authentication (MFA): A layered security approach requires a combination of two or more credentials to verify a user’s identity. It should be used on all accounts, especially for high-privileged users, to help protect critical systems.

User Activity Monitoring (UAM): Tool that monitors and tracks end-user behavior on devices and networks and helps detect and stop insider threats (whether unintentional or malicious).

Data Encryption: Security method rendering information (in transit or at rest) unreadable when accessed without proper authorization, making it much more difficult for cybercriminals to steal data.

Data Loss Prevention (DLP): Set of tools that ensures sensitive data is not lost by blocking it from leaving the network unauthorized. DLP prevents the accidental or malicious sharing of data that could put the organization at risk.

Threat Intelligence Feeds: Resource that provides awareness of trends in malicious activity, typical cyberattacks, and habits of attackers within networks to help organizations stay current and prepared for the latest threats.

The Human Factor

Identifying and implementing the right technology tools will help keep customer data safe and avoid losses of resources and reputation. And while these measures are key to cybersecurity, it is people who ultimately make such strategies effective.

Building a culture of security through ongoing education and training is one of the best defenses against cyberattacks and part of the holistic approach needed in today’s environment to keep banks and financial institutions safe. Next month, we’ll focus on that part of the security equation. 

*source: 2022 OneSpan Global Financial Regulations Report

The cybersecurity landscape continues to evolve. Global geopolitical uncertainties, upcoming mid-term elections, and the ongoing pandemic have combined to create a heightened threat environment. And banks and financial institutions have become increasingly attractive targets for cybercriminals using ever more sophisticated methods. 

It’s estimated that financial services firms are around 300 times more likely than other companies to be the victims of a cyberattack.* Security incidents in the financial sector are extremely expensive, with the average cost of a data breach reaching $5.72 million in 2021.** 

Clearly, the stakes are high – with large amounts of money and valuable data involved, as well as the potential effects on the economy. Not to mention the regulatory issues and associated fines, legal ramifications, and damage to corporate reputation.

Staying Ahead of the Curve
A decade ago, the majority of financial cyberattacks were designed to steal information, such as credit cards, PINs, and passwords. Today, the attacks are more destructive, aimed at crippling businesses and disrupting operations. Last year alone the banking industry experienced an increase of 1,318% in ransomware attacks, according to Security Magazine.

To protect their customers’ assets as well as their own resources from emerging threats, financial companies must improve their cybersecurity posture by staying informed of industry trends and implementing best practices. Let’s look at a few of those.

Addressing Risks in Digital Banking
The coronavirus pandemic has accelerated the banking industry’s digital transformation and completely changed consumer behavior. Consumers are increasingly choosing cashless payment alternatives using digital banking platforms, such as mobile apps and web portals.

These digital solutions create new vulnerabilities, including insecure data storage, insufficient authentication, and direct code tampering. These, in turn, put consumers at risk for exploitation by cybercriminals using techniques such as app-based banking trojans and fake banking apps.

To keep up with consumer and payment trends and avoid major security risks, banks must invest in cybersecurity practices for mobile and web platforms.

Monitoring Third Party Services
By nature, banking is a highly collaborative business. Third-party vendors help financial institutions access expertise or improve efficiency, enabling them to remain competitive in the industry.

Third parties and their cybersecurity practices must be carefully monitored to avoid vulnerabilities which could expose critical infrastructure to threats. The APIs used by banks must also be carefully examined to identify and prevent potential risks associated with third parties. 

Using AI for Fraud Prevention
Artificial Intelligence (AI) techniques have been used by major banks for years to detect deviations and anomalies. But AI is now playing a crucial role in customer behavior monitoring for fraud detection and prevention.

It also improves risk management, as AI-powered solutions can analyze data in massive volumes and quickly spot patterns from several channels. This helps predict and prevent credit risks and can also identify malicious acts, such as identity theft and money laundering.

It’s a Business Decision
Making cybersecurity a priority is no longer simply a safety measure tactic for your IT health. It’s now incumbant on banks and financial institutions to make it a critical business initiative. It must be a part of annual business budgeting discussions and overall strategic planning. This is not just the opinion of a few experts. It’s a recommendation from state and federal banking regulatory bodies.

*source: Boston Consulting Group
**source: IBM

Due to the greater international situation surrounding recent attacks occurring in Ukraine by Russia, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have released the following information for U.S. financial institutions:

In this heightened threat environment, CISA asks that organizations lower thresholds for reporting incidents to the FBI or CISA to help the U.S. government identify issues and help protect against further attack or victims.

Reporting can be to CISA at central@cisa.gov or (888) 282-0870; or to an FBI local field office, to the FBI’s 24/7 CyWatch at (855) 292-3937, or to CyWatch@fbi.gov.

And, for bank business customers and consumers, you may find information at CISA’s Shields-Up website: https://www.cisa.gov/shields-up

Authorities have shared with Keep My Bank Secure that they have been in contact with banks and banking commissions to communicate specific steps they will need to take in this heightened threat environment. Keep My Bank Secure will continue to post updates as this situation evolves.