Financial Services in the Ransomware Crosshairs: Why and What to Do

June 11, 2018

Cybercriminals are leveraging ransomware threats to extort big money from organizations of all sizes in every industry, but financial services organizations are one of today’s primary targets.

It is non-negotiable for financial services companies to maintain the privacy of theirs customers and the security of their confidential data. If a bank or credit union is hit with a ransomware attack, significant backlash is undoubtedly going to ensue – especially if customer data is held ransom for a significant amount of time.

Why financial services organizations?

Here are a few key reasons why financial services is being heavily targeted:

1. They store a lot of valuable and confidential customer and corporate data.

2. They tend to have significant cash on hand, and the high cost of downtime – makes them more likely to pay a ransom to get back encrypted data.

3. Their IT security is perceived to be deficient especially within smaller banks and credit unions.

Financial Services companies continue to exhibit effective security, which isn’t surprising considering their continued adoption of security frameworks, such as the NIST Cybersecurity Framework (CSF). Nonetheless, there is still room for improvement with ransomware attacks continuing to be a growing challenge. Effectively combating ransomware requires a well-thought-out combination of technical and cultural measures. This includes:

Training and Awareness

Most ransomware attacks begin with an email containing a malicious link or attachment. Consequently, the single most important measure you can take to reduce the likelihood of a successful attack is to train yourself, staff and partners to practice safe computing and recognize red flags that indicate a potentially malicious email.

Ensure all users understand the following key practices, and maintain awareness with a program of regular reminders:

Don’t open suspicious emails. Pretty much anything unexpected or out of the ordinary is a potential attack, even if it comes from a trusted source. If possible, contact known senders separately to confirm the email is authentic before opening.
Learn to spot red flags. Some telltale signs of an attack include:
- Grammar or spelling errors in a supposedly professional email;
- Odd, middle-of-the-night time of sending;
- “Typosquatting,” in which the “From” domain looks legitimate at first glance, but is actually slightly misspelled or has things added – “hacker@bankofarnerica.com,” for example; or
- Buttons and links in the email that connect to unexpected, suspicious URLs. Always check this, by hovering the cursor over the link or button, and checking the URL that appears at the bottom left of your window.
When in doubt – delete or don’t open.

Train your entire staff to approach email with security in mind. A number of services exist to provide such training, including periodically sending fake phishing emails to staff members and alerting them if they respond unsafely.

Secure Your Network

Effective user training can help stop a lot of attacks, but keeping your network free of ransomware and other advanced malware also requires a combination of effective perimeter filtering, strategically designed network architecture, and the capability to detect and eliminate resident malware that may already be inside your network.

Prevent threats from entering the network by deploying a firewall along with a comprehensive email security strategy to stop threats.
Control and segment network access to minimize the spread of threats, in the event that they still get in.
Clean house. Your infrastructure likely contains a number of latent threats, so all applications and inboxes – whether locally hosted or cloud-based – must be regularly scanned for malicious content and vulnerabilities.

Backup – Your Last, Best Defense Against Ransomware

When a ransomware attack succeeds, your critical files – HR, payroll, customer financial information, strategic planning documents, email records, etc. could all be encrypted, and the only way to obtain the decryption key is to pay a ransom.

But if you have the right backup strategy in place, instead of paying the ransom, you can simply restore your files from the most recent backup – your attackers will have to find someone else to rob.

Automated, cloud-based backup services can provide the greatest security. Reputable vendors offer a variety of very simple and secure backup service options, priced for organizations of any size, and requiring minimal staff time. Advanced solutions can even allow you to spin up a virtual copy of your servers in the cloud, restoring access to your critical files and applications within minutes of an attack or other disaster.

Financial Services IT Security: A Non-Negotiable Requirement

Financial Services organizations like yours are entrusted with the most personal, financial information that people have – not just their social security numbers, but their banking accounts and credit histories.

If that trust is betrayed – if you fail to take the steps necessary to keep that data safe against ransomware and other advanced malware – the cost to your business could extend far beyond paying a ransom. If your reputation for safeguarding customer data is damaged, rebuilding trust can take many years.

No matter how much progress your organization has made in improving IT security, this is no time to rest on your laurels. Those who continue to commit significant resources to implementing effective security will emerge as winners in a competitive environment that is ever more profoundly affected by ransomware and other advanced malware attacks.

Darius Goodall is the director of security products for Barracuda. Goodall leads product marketing for all of Barracuda Networks’ security products. He is an accomplished product marketing professional with extensive experience in business development, technology alliances and technical marketing, creating and delivering winning strategies. Goodall has a proven track record in the development and management of effective marketing programs including leading teams with Dell, Luminus Networks and Extreme Networks.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

Financial Services in the Ransomware Crosshairs: Why and What to Do

Training and Awareness

Secure Your Network

Backup – Your Last, Best Defense Against Ransomware

Financial Services IT Security: A Non-Negotiable Requirement

Related Articles

Report Abusive Comment