In 2022, 40% of large financial institutions surveyed reported they had been the target of ransomware, a type of malware. Given the geopolitical climate and evolving nature of cybersecurity, financial institutions of all sizes should remain alert and vigilant to detect and prevent malware threats.
Want to learn more about protecting your institution’s data and reputation? Watch our on-demand webinar, CSI: Cybersecurity Scene Investigation.
What is Malware?
Malware encompasses various types of malicious software—including ransomware, viruses and spyware—that cyber criminals use to gain unauthorized access to a system. Malware commonly enters a system via an email with a malicious link or attachment but can also lurk in removable media, photos or videos. If you visit a malicious website, malware can be downloaded and installed on your computer without your knowledge.
Cyber criminals use malware to steal data, wreak havoc on systems, stealthily observe or engage in other potentially harmful activities. Some types of malware seek out network vulnerabilities to spread and move to new targets.
The Human Element of a Malware Attack
Cyber criminals recognize our natural curiosity, often exploiting it to improve their chances of detonating malware. A common tactic involves removable media, or a criminal leaving a removable USB drive with an intriguing label such as “salaries” or “payroll information” for a victim to find. Fraudsters will also sprinkle files around a network with similar names to pique curiosity.
Preying upon inquisitiveness, cyber criminals count on their unsuspecting victims to insert the media into their devices and open the file or attachment. Once this happens, the malware is executed and the infection spreads. The adage says, “curiosity killed the cat,” but in this case, curiosity killed a secure environment and led to a malware infection.
7 Strategies to Strengthen Your Malware Defenses
To strengthen your cybersecurity posture and prevent attacks, your institution should implement multiple layers of defenses. Below are several strategies to mitigate your risk of devastating malware effects.
1. Limit damage with threat detection and response: Endpoint detection and response (EDR) software can minimize the damage from malware by evaluating files in real time to identify and respond to threats. EDR detects suspicious behavior and provides your organization with information about incidents, including visibility into activity on endpoint devices. EDR software can also retroactively evaluate files to alert you if a file that was previously considered clean has subsequently been judged as malicious.
2. Implement multi-factor authentication: If someone obtains an account password, multi-factor authentication (MFA) helps protect against account compromise. It does take a user longer to access an account, but the additional layer of protection is valuable. MFA should be enabled on any account possible. MFA is particularly effective in preventing O365 account compromise, which is usually the result of declining MFA and overusing credentials on multiple sites, including social media and email.
3. Provide security awareness training: Some emails carrying malware could make it past your security controls—that’s just an unfortunate reality. Conducting security awareness at least once a year can lead to your employees being more informed and vigilant. If a user is educated, they’ll have a heightened awareness and know not to click on anything suspicious. This training should include information on the latest schemes, including what employees should do if they encounter a suspicious email, file or removable media.
4. Promote a security-focused culture: While training is important, cultivating and maintaining a company culture centered around cybersecurity will help mitigate your risk further. There is a distinctly human element regarding security that should not be overlooked. We’ve all clicked something that we shouldn’t have, so ensure you have a culture of grace when it comes to security. Don’t shame or embarrass someone who is reporting an incident. Your employees should be comfortable immediately reporting suspicious activity because that gives you the greatest chance of expedited remediation to limit any potential damage.
5. Enforce conditional access policies: Conditional access policies protect regulated content in a system by requiring certain criteria to be met before granting access. For example, if an employee at your financial institution wanted to access their corporate email using a new network, they would need to complete MFA before doing so. Your institution could also use conditional access policies to prevent anyone from accessing O365 from a different country.
6. Have an incident response plan: Your institution should have an incident response plan to guide actions before and after an incident. Developing robust processes will help protect your institution from financial, operational, reputational and other risks. Make sure procedures for handling security events are up to date by reviewing them at least annually. Your institution should also test your IRP to ensure its effectiveness.
7. Prioritize backups: Even the best defenses can’t prevent every attack, and yet, recovery from attacks is often underemphasized and undertested. If you experienced an attack and had to reset or restart your systems, how long would it take you to be back up and running? Could you recover your data promptly? Without tested backups, your institution could take days or months to fully recover from an attack. In the financial world, regulators are not likely to be satisfied with anything other than near-immediate recovery. Institutions often focus on checking regulatory boxes but regret this course of action if they need to utilize their recovery processes.
Elevate Your Malware Defenses
As malware threats continue to plague financial institutions and other organizations, it’s critical that you stay informed of the latest tactics cyber criminals use and continually review your defenses. Understanding the threats allows you to mitigate vulnerabilities and protect your organization, data and reputation.
Watch our on-demand webinar to learn more about preventing and minimizing the impact of cyber attacks.
WATCH THE WEBINAR
Stephen Smith, Director of Network and Security
Stephen G. Smith has more than 24 years of Information Technology experience in the areas of Systems Management, Information Security and Compliance. Prior to joining CSI, Stephen worked for more than a decade as the IT Security and Compliance officer for a civilian U.S. Department of Defense & NATO contractor in the field of distributed logistics databases. Stephen has been with CSI since 2009 and is currently serving clients as the Director of Network & Security Operations out of the CSI Managed Services group.