Jay Ralph, Managed Cloud Global Sales Lead at SoftwareONE
We’ve seen a slew of high-profile ransomware attacks in 2021. From hackers compromising IT management software supplier Kaseya, to the long-running cyber-attack on the Irish health service, hackers have caused devastation to businesses. GCHQ say ransomware attacks in the UK have doubled in a year, with the banking industry being a particular target. Not surprisingly, hackers see banks as an ideal target due to the sensitive customer data, records and huge financial rewards they could reap if an attack succeeds. Globally, financial institutions experienced a 1,318% year-on-year increase in ransomware attacks in the first half of 2021, which is leading organisations to consider their security posture.
While large, multinational banks have robust cyber defences and more in-house cyber resources to fend off hackers, middle-market banks are more vulnerable to attack. These banks are less likely to use traditional, on-premises infrastructures, instead operating hyperscale and multi-cloud environments. This expands their digital footprint and can mean ransomware spreads more quickly throughout their IT infrastructure, putting them at greater risk of suffering major data loss and paying a ransom. The first step in avoiding this fate and fending off hackers successfully is for banks to know what they are up against. The following steps are those most commonly used by malicious actors using ransomware to attack financial organisations:
- Social Engineering – Hackers prey on end-users’ trust and emotions. They require users to take an action, like clicking a link, which sets the ransomware process in motion. A dangerous email could be as simple as your boss seemingly sending you an appreciation gift card, or have an attachment purporting to be financial documents from a customer.
- Executable Ransomware – Bank employees downloading an attachment or clicking a link triggers malicious code to write a file to the disk. Unfortunately, they have now downloaded and installed ransomware that executes when installed. From there, the ransomware spreads rapidly across the bank’s network and will execute on the malicious actor’s cue.
- Fileless Attacks – When an employee clicks on the link or document, they download the ransomware code. However, they do not need to install the ransomware for it to execute and impact their device. Malicious code can hide inside legitimate applications, like Microsoft Word, which means any web-based application, storage location, or database is at risk. Fileless ransomware leaves little evidence as it doesn’t save anything on a device, which makes it difficult to find and remove it.
Typically, attacks happen at night or at a weekend. This puts strain on small IT teams at middle-market banks to carry out root cause analysis with limited insight into infrastructure. They must also communicate with key stakeholders on how the attack happened, its severity and impact, when it can be fixed, and whether to pay the ransom. Finally, teams must restore the affected data so the bank can get up and running. While protecting against ransomware might seem like a Herculean task for smaller banks, creating a proactive, defence-in-depth approach can mitigate both the likelihood and impact of a ransomware attack.
How to build defence-in-depth
Understanding vulnerabilities in their security strategy can help banks take a proactive approach to mitigate data breach risk. Here are four steps they can take to protect their business against ransomware:
- Start with Cybersecurity Awareness – Making employees aware of risks can help stop a ransomware attack ever occurring. Banks should look at training programs that offer baseline testing, to get a sense of what employees currently understand about cybersecurity and appropriate reporting to measure training effectiveness. They should use interactive and engaging content, incorporate gamification, and automate simulated phishing attacks to ensure users retain what they learn.
- Engage in Penetration Testing – Banks should schedule regular vulnerability assessments and penetration tests. Malicious code generally needs to engage in a pattern of behaviour as part of a ransomware attack, so it’s important that small banks test for these attack patterns and ensure their security controls’ effectiveness.
- Create a Regular Backup Plan – Many banks assume if they have Microsoft 365 that their systems are backed up. This is incorrect. Banks still need to set up backup and recovery procedures to prevent lost income and data from ransomware attacks. This can either be done in-house or through a partner. The ideal partner can automatically detect, compress, and duplicate data across your IT infrastructure, and will consolidate backup solutions to lower costs and maintain compliance with backup policies and security controls. They will also be able to restore data in the event of an attack, meaning the victim bank can concentrate on root cause analysis and communicating with customers and stakeholders.
Ransomware will continue to plague banks for as long as cybercriminals can make money through it. Any organisation of any size could be a victim, but there are steps smaller banks can take to mitigate risk of an attack and reduce impact on your organisation if one ever takes place.