In late March, a ransomware attack crippled many of Atlanta’s municipal computer systems. True to its name, the ransomware attack demanded payment in exchange for access to these corrupted municipal systems. Although the city has weathered the brunt of the threat, this headline-grabbing ransomware attack is only the latest of its kind, and it certainly won’t be the last. At this very moment, cyber criminals are developing new and devious methods to infect systems and data with this infamous cybersecurity threat.
So, why ransomware? For cyber criminals, the answer is simple: a desirable risk-to-pay ratio. Ransomware attacks pose little risk to the hacker, provide a quick pay out for both individual criminals and criminal organizations, and are perpetuated with relative ease and anonymity. These factors have made ransomware an attractive method of extortion. In fact, a 2017 Verizon report stated that ransomware is currently the fifth most-used form of malware, up from 22nd place in 2014.
The recent increase in frequency of ransomware is an enormous concern for all organizations, but especially for American financial institutions, whose data is particularly sensitive to ransomware attacks. And the financial industry has certainly taken notice. CSI’s 2018 Banking Priorities Study revealed that 54% of the banking executives surveyed identified ransomware as their biggest cybersecurity threat in the coming year. In conjunction with that statistic, 59% stated they planned to increase spending to thwart cybersecurity threats in 2018.
Increased spending is certainly justified given ransomware’s recent surge. However, spending must be allocated to specific functions within your institution in order to be effective.
Use these essential steps as a guide to ensure your institution is ready for future ransomware attacks:
1. Get a Plan on Paper, Today!
The automated nature of modern ransomware, coupled with the immense scale used in attacks, are warning signs to all financial institutions. Expect ransomware attacks to increase in scale, frequency and sophistication as more cybercriminals seek an easy payout. If your institution does not have an actionable plan in writing, this should be your first priority. Outlining a plan of action, which highlights prevention, detection, and protocol during an attack—communicated across your entire institution—allows for a quicker response and possible isolation of any infected devices.
2. Backup, Backup, Backup!
Ransomware thrives on holding your data captive. But if data has been duplicated and stored elsewhere, ransomware becomes far less threatening. Therefore, regular data backups are essential. It is also extremely important that you test your data backups periodically, so that you know they work properly.
3. Your Employees are Your Weakest Point … And Your Strongest Defense
The core component of all ransomware attacks remains consistent: at some point, the attack encounters a human who allows the ransomware into your system. Therefore, training your staff—especially at the highly targeted customer service level—should be a top priority. Educating employees and providing them with social engineering training reduces the likelihood of those employees aiding an attack.
Further, it’s an enormous liability to allow all of your employees unlimited access to your customers’ secure data, so ensure that only employees who need deep access into valuable customer files have it. Limiting these privileges to a smaller, more acutely trained pool of employees will decrease your institution’s overall risk. Furthermore, only give administrative privileges to an appropriate few.
4. Unity in the Face of Adversity
The above-mentioned steps certainly aid in your individual institution’s ransomware defense. However, they do not strike a fatal blow to ransomware as a whole. Cyber criminals operate best when their targets float in a cloud of ignorance, and they use confusion and fear as their weapons of choice. Their methods are constantly evolving, designed to circumnavigate any new roadblock they encounter. Therefore, the best means of fighting ransomware—and all cybercrime—is creating a unified community dedicated to a constant and open flow of information and articulation of best practices. Organizations such as FS-ISAC allow institutions and businesses across all industries to share best practices and insight in the hopes of achieving a unified front against cybercrime.
In the immortal words of Henry Ford: “Coming together is a beginning. Keeping together is progress. Working together is success.”
Tyler Leet serves as director of Risk and Compliance Services for CSI’s Regulatory Compliance Group. With more than 15 years of experience in the information security, risk and compliance industries, Tyler oversees and participates in the development and maintenance of the risk and compliance-related services conducted for a wide variety of financial institutions and organizations.