By Dr Darren Williams, CEO and Founder of BlackFog
As the end of the year draws closer many businesses are now looking forward to the start of the holiday period.
The problem is, so too are the cybercriminals, and there is no respite for organisations from cyberthreats and the ever-present risk of ransomware attacks over the festive season. In fact, criminal groups will use the downtime to launch attacks, counting on the fact that firms will be at their most vulnerable, operating with fewer staff and less prepared to deal with a full-scale incident. We’ve already seen the number of ransomware attacks targeting the financial sector increase by 83% in November, which does not bode well for the holiday season and, although financial institutions are amongst the most mature when it comes to cybersecurity strategies, they remain a key target for criminals.
To avoid the holiday season from becoming one of ‘bad tidings’ here we outline three best practices to mitigate the risk and stay ransomware-free over the holidays and beyond.
Top Tip 1: Get the basics right
Most cybercriminals are focused on financial gain, aiming to secure maximum profit with minimal effort. This means they will find the path of least resistance, because the faster they can get into the network and execute their ransomware, the greater their effort to reward ratio.
Poor password hygiene and unpatched systems are two of the easiest ways into a system, so getting these basics right will go a long way in reducing the risk of ransomware and other threats. Implementing strict password policies and ensuring there is a regular cadence for software updates will increase the chances of attackers looking for easier prey elsewhere.
Employee education is another basic element of cybersecurity that it’s critical to get right. Regular workshops, updated training on the latest cyberthreats, and simulated attack scenarios are particularly useful for educating and instilling a sense of responsibility and vigilance into the business culture.
By cultivating a security-conscious work culture, financial institutions can transform every staff member from a potential risk into a proactive defender against cyberthreats.
Top Tip 2: Protect against data exfiltration
Next generation security solutions including advanced threat detection and anti data exfiltration technology are important tools against modern threat actors.
Threat detection tools are an essential part of the security stack, providing continuous vigilance for network intrusion. Traditional defensive based detection tools often work on threat signatures of known malware, which can lead to blind spots for unknown attacks and more advanced strategies like fileless ransomware.
Anti data exfiltration (ADX) is one of the best ways to fill this gap. These solutions sit on endpoints across the network and monitor outgoing traffic to look for more signs of unusual behaviour. They are trained to understand normal business activity, and to spot anomalies even without a known threat signature.
As the name suggests, ADX prevents attackers from removing data from the network which is particularly valuable as more ransomware attacks now combine exfiltration with encryption. If attackers aren’t able to steal data, they will simply move on to the next target.
Top Tip 3: Be ready with a business continuity strategy
Finally, it’s important to acknowledge that a sufficiently persistent and skilled attacker can eventually overcome any defence, even if the organisation has done everything right. It is therefore essential to have recovery and response strategies in place to ensure that business can continue even in the worst-case scenario. This avoids situations such as that faced by the Industrial & Commercial Bank of China Ltd.’s U.S. unit when they relied on runners with USB sticks to complete settlements in the aftermath of a serious ransomware attack.
Effective backup policies are important to ensure any disruption is kept to a minimum, however with criminal gangs increasingly intent on data exfiltration – and using the threats of double and even triple extortion as their blackmail leverage – relying on this as a contingency plan is no longer enough.
In addition to getting your business up and running again, it’s also vital to have the processes in place for responding to threats in line with regulatory requirements. The ICO requires breaches to be reported within 72 hours and those organisations within scope of the EU’s Digital Operational Resilience Act (DORA) – which covers a wide range of financial institutions – will have obligations to comply with its incident reporting mechanisms.
No company ever wants to deal with the fallout of a ransomware and data theft attack, especially when preparing for time off. By proactively implementing the right processes and tools, financial firms can avert disruption in the holiday period and avoid far-reaching financial, legal and regulatory impacts in the year beyond.