Ransomware and Phishing Attacks in the News
In May 2021, a ransomware attack targeted one of the nation’s largest pipeline companies, resulting in a nearly $5 million ransom payment, disruption of fuel supply and even panic purchasing among consumers in certain regions of the country. Shortly thereafter, JBS—which is among the largest meat processing companies in the world—was also hit with a ransomware attack, paying $11 million to keep its data safe.
These headline-grabbing ransomware attacks are only the latest of their kind, and they won’t be the last. The recent increase in frequency of ransomware attacks is an enormous concern for all organizations, but especially for financial institutions, whose data is particularly sensitive to these attacks. While ransomware is certainly a growing threat, institutions must be vigilant against other cyber threats as well, including phishing attacks.
According to Microsoft, the same group that perpetrated the SolarWinds attacks in 2020 recently launched phishing attacks against a variety of organizations using an email-based campaign. In recent years, phishing attacks have become increasingly sophisticated. The once tell-tale signs of a phishing email—such as misspelled words and poor grammar—are no longer necessarily present, making vigilance against such attacks more important than ever.
CSI’s 2021 Banking Priorities Executive Report revealed the overwhelming majority (81%) of bankers view social engineering as the greatest cybersecurity threat in 2021. Another top cybersecurity threat identified by bankers in that report was phishing aimed at internal targets that let attackers into internal systems (32%). There is plenty of evidence to support this concern, as employees working from home continue to be targets for cybercriminals.
How to Protect Against Ransomware
In light of these recent attacks, ensure your institution is prepared to confront heightened risk. Use these essential steps as a guide to enhance your institution’s preparedness for attacks and defend against future threats, including ransomware.
1. Get an Incident Response Plan Ready
The automated nature of modern ransomware, coupled with the immense scale used in attacks, are warning signs to all financial institutions. Expect ransomware attacks to increase in scale, frequency and sophistication as more cybercriminals seek an easy payout. With attacks on the rise, institutions must consider the operational, financial and reputational implications of being held hostage by ransomware.
If your institution does not have an actionable plan in writing, developing one should be your first priority. Communicating a plan of action to your entire organization in your Incident Response Plan (IRP) — which highlights prevention, detection and protocol during an attack — allows for a quicker response and possible isolation of any infected devices. As part of your IRP, consider including answers to the following:
- Are you adequately backing up your systems and data?
- How would you deal with employees or customers not being able to access your systems?
- How would you communicate with your stakeholders?
- How would you deal with the attackers?
2. Backup, Backup, Backup!
Regular data backups are essential. Your institution should also test your data backups to ensure they work properly. The best recommendation is to backup data daily and maintain a rolling two weeks of backups to minimize the damage from a potential attack. Ransomware thrives on holding your data captive. But if data has been duplicated and stored elsewhere, ransomware becomes far less threatening.
3. Your Employees Are Your Weakest Point … And Your Strongest Defense
A core component of most cyberattacks remains consistent: at some point, the attack encounters a human who allows the cybercriminal access to your system. Therefore, training your staff—especially at the highly targeted customer service level—should be paramount. Educating employees and providing them with social engineering training reduces the likelihood of those employees inadvertently aiding an attack.
4. Unity in the Face of Adversity
Cybercriminals often use confusion and fear as their weapons of choice. Their methods are constantly evolving, designed to circumnavigate any new roadblock they encounter.
Therefore, the best means of fighting cybercrime is creating a unified community dedicated to a constant and open flow of information and articulation of best practices. Organizations such as FS-ISAC allow institutions and businesses across all industries to share best practices and insight in the hopes of achieving a unified front against cybercrime.
5. Evaluate Privilege Control
Allowing all your employees unlimited access to your customers’ secure data is an enormous liability. Ensure that only employees who need deep access into valuable customer files have it and only give administrative privileges to an appropriate few. Limiting these privileges to a smaller, more acutely trained pool of employees will decrease your institution’s overall risk.
Additionally, consider requiring multi-factor authentication (MFA) to enhance protection. Using MFA requires multiple factors to verify a user’s identity, preventing a hacker from accessing accounts by obtaining or cracking a password. By authenticating a user’s identity and protecting credentials using two or more pieces of evidence, your institution will further strengthen the resilience of your network.
6. Secure Your Perimeter—Especially in the Cloud
Without tight perimeter security, your institution is basically leaving the front door wide open. It’s no longer optional to simply deploy firewalls and intrusion prevention systems. Financial institutions must go above-and-beyond typical security measures to keep their systems safe and should consider taking advantage of enterprise-grade security solutions.
It’s important to understand that your perimeter extends beyond your physical perimeter. As more institutions prioritize a cloud migration, ensure you approach cloud adoption with security considerations in mind. Having the proper security configurations and deploying the latest enhancements for your environment will maximize the benefits of the cloud. Further, monitoring your entire perimeter—including your cloud-based IT infrastructure—is critical.
7. Constantly Monitor Your Network
One of the biggest challenges community financial institutions face is monitoring for suspicious activity. Security systems and tools are critical, but neither take the place of eyes on glass. One of the wisest investments you can make is partnering with a managed services provider (MSP) that offers around-the-clock assistance in monitoring for suspicious activity. These same providers can also assist with administrative functions, such as system and software updates.
In addition, a qualified MSP can offer practical advice and answer questions to make sure your institution is doing everything possible to prevent attacks.
Stay One Step Ahead of Cybercriminals with Cybersecurity Monitoring
Cybersecurity is not just a technology issue; it is a business issue. Don’t leave your institution vulnerable to ransomware or other cyberattacks. By keeping a pulse on evolving threats and monitoring your entire environment, you can mitigate your institution’s cyber risk to keep your networks, data and users secure.
Watch CSI’s on-demand webinar to learn more about strategies to detect, prevent and manage cybersecurity threats.
Sean Martin serves as a product manager for CSI Managed Services and has extensive knowledge on implementing effective systems security and network management practices. He speaks and writes frequently on security-related topics affecting the financial services industry and holds Cisco CCNA and CCIE written certifications.