Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Security Leadership and ManagementCybersecurity NewsBanking/Finance/Insurance

Financial Services in the Ransomware Crosshairs: Why and What to Do

By Darius Goodall
ransom-enews
June 11, 2018

Cybercriminals are leveraging ransomware threats to extort big money from organizations of all sizes in every industry, but financial services organizations are one of today’s primary targets.

It is non-negotiable for financial services companies to maintain the privacy of theirs customers and the security of their confidential data. If a bank or credit union is hit with a ransomware attack, significant backlash is undoubtedly going to ensue – especially if customer data is held ransom for a significant amount of time.

Why financial services organizations?

Here are a few key reasons why financial services is being heavily targeted:

1. They store a lot of valuable and confidential customer and corporate data.

2. They tend to have significant cash on hand, and the high cost of downtime – makes them more likely to pay a ransom to get back encrypted data.

3. Their IT security is perceived to be deficient especially within smaller banks and credit unions.

Financial Services companies continue to exhibit effective security, which isn’t surprising considering their continued adoption of security frameworks, such as the NIST Cybersecurity Framework (CSF). Nonetheless, there is still room for improvement with ransomware attacks continuing to be a growing challenge. Effectively combating ransomware requires a well-thought-out combination of technical and cultural measures. This includes:

Training and Awareness

Most ransomware attacks begin with an email containing a malicious link or attachment. Consequently, the single most important measure you can take to reduce the likelihood of a successful attack is to train yourself, staff and partners to practice safe computing and recognize red flags that indicate a potentially malicious email.

Ensure all users understand the following key practices, and maintain awareness with a program of regular reminders:

  • Don’t open suspicious emails. Pretty much anything unexpected or out of the ordinary is a potential attack, even if it comes from a trusted source. If possible, contact known senders separately to confirm the email is authentic before opening.
  • Learn to spot red flags. Some telltale signs of an attack include:
    • Grammar or spelling errors in a supposedly professional email;
    • Odd, middle-of-the-night time of sending;
    • “Typosquatting,” in which the “From” domain looks legitimate at first glance, but is actually slightly misspelled or has things added – “hacker@bankofarnerica.com,” for example; or
    • Buttons and links in the email that connect to unexpected, suspicious URLs. Always check this, by hovering the cursor over the link or button, and checking the URL that appears at the bottom left of your window.
  • When in doubt – delete or don’t open.

Train your entire staff to approach email with security in mind. A number of services exist to provide such training, including periodically sending fake phishing emails to staff members and alerting them if they respond unsafely.

Secure Your Network

Effective user training can help stop a lot of attacks, but keeping your network free of ransomware and other advanced malware also requires a combination of effective perimeter filtering, strategically designed network architecture, and the capability to detect and eliminate resident malware that may already be inside your network.

  • Prevent threats from entering the network by deploying a firewall along with a comprehensive email security strategy to stop threats.
  • Control and segment network access to minimize the spread of threats, in the event that they still get in.
  • Clean house. Your infrastructure likely contains a number of latent threats, so all applications and inboxes – whether locally hosted or cloud-based – must be regularly scanned for malicious content and vulnerabilities. 

Backup – Your Last, Best Defense Against Ransomware

When a ransomware attack succeeds, your critical files – HR, payroll, customer financial information, strategic planning documents, email records, etc. could all be encrypted, and the only way to obtain the decryption key is to pay a ransom.

But if you have the right backup strategy in place, instead of paying the ransom, you can simply restore your files from the most recent backup – your attackers will have to find someone else to rob.

Automated, cloud-based backup services can provide the greatest security. Reputable vendors offer a variety of very simple and secure backup service options, priced for organizations of any size, and requiring minimal staff time. Advanced solutions can even allow you to spin up a virtual copy of your servers in the cloud, restoring access to your critical files and applications within minutes of an attack or other disaster.

Financial Services IT Security: A Non-Negotiable Requirement

Financial Services organizations like yours are entrusted with the most personal, financial information that people have – not just their social security numbers, but their banking accounts and credit histories.

If that trust is betrayed – if you fail to take the steps necessary to keep that data safe against ransomware and other advanced malware – the cost to your business could extend far beyond paying a ransom. If your reputation for safeguarding customer data is damaged, rebuilding trust can take many years.

No matter how much progress your organization has made in improving IT security, this is no time to rest on your laurels. Those who continue to commit significant resources to implementing effective security will emerge as winners in a competitive environment that is ever more profoundly affected by ransomware and other advanced malware attacks.

KEYWORDS: bank security data breach financial security phishing ransomware

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Darius Goodall is the director of security products for Barracuda. Goodall leads product marketing for all of Barracuda Networks’ security products. He is an accomplished product marketing professional with extensive experience in business development, technology alliances and technical marketing, creating and delivering winning strategies. Goodall has a proven track record in the development and management of effective marketing programs including leading teams with Dell, Luminus Networks and Extreme Networks.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

patient at healthcare reception desk

Almost Half of Healthcare Breaches Involved Microsoft 365

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • smartphone-app-development-freepik.jpg

    Why mobile app developers need to prioritize user data privacy and security — and what they can do to ensure it

    See More
  • cybercamera

    Why Financial Services Must Adopt a Zero Trust Approach to Cybersecurity

    See More
  • financial security freepik

    The force of biometrics in post-pandemic financial services security

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing