The recent surge of cyberattacks — including ransomware — is an enormous concern for all organizations, but especially for financial institutions, whose data is particularly sensitive and valuable to cybercriminals.

CSI’s 2021 Consumer Cybersecurity Poll Executive Report revealed that nearly half of Americans (48%) would leave their financial institution if it suffered a data breach. IBM reported that the average total cost of a breach in the financial services industry was $5.85 million in 2020. To avoid the financial and reputational pitfalls of a breach resulting from a cyberattack, institutions should take note and proactively strengthen their defenses.

How to strengthen your preparedness for cyberattacks

The following steps can act as a guide to enhance an institution’s preparedness for attacks and defense against evolving cyber threats, including ransomware.

1. Cultivate a security-centric culture: A core component of most cyberattacks remains consistent: at some point, the attack encounters a human who allows the cybercriminal access to your system. Therefore, training staff and creating a cybersecurity-focused culture should be paramount to any organization. By educating employees on suspicious behavior and providing them with training, security leaders can reduce the likelihood of employees inadvertently aiding an attack.

2. Conduct regular backups: Since ransomware thrives on holding data captive, having your data duplicated and stored elsewhere makes ransomware less of a threat. In addition to maintaining regular backups, enterprise organizations should test their data backups to ensure they function properly. Consider implementing a risk-based backup program and determining the frequency and retention period of backups according to the criticality of the data.

3. Develop a plan: It’s no secret that ransomware attacks are expected to increase in scale, frequency and sophistication as more cybercriminals seek an easy payout. Ensure that financial institutions are prepared by developing an actionable incident response plan. Communicating a plan of action across an entire organization⁠ — including highlighting prevention, detection and protocols during an attack — allows for a more efficient response to an incident and streamlines possible isolation of any infected devices.

4. Assess privilege control: When was the last time your institution reviewed privilege controls? Allowing all employees unlimited access to sensitive data is an enormous liability. By ensuring that only employees who need deep access to valuable files have it and only giving administrative privileges to an appropriate few, institutions can decrease overall risk.

Further, consider requiring multi-factor authentication (MFA) to enhance protections. According to Microsoft, MFA can block more than 99% of account compromise attacks. By authenticating a user’s identity and protecting credentials using two or more pieces of evidence, an institution can further strengthen the resilience of its network.

5. Protect the perimeter: Without tight perimeter security, risk increases. Financial institutions must go above and beyond typical security measures to keep their systems safe and should consider taking advantage of enterprise-grade security solutions.

Remember that perimeters extend beyond the physical. Many institutions are prioritizing a cloud migration for their IT infrastructure, and ensuring that security considerations remain top-of-mind is critical. Having the proper security configurations and deploying the latest enhancements for your environment will maximize the benefits of the cloud.

6. Monitor networks with a SIEM: One of the biggest challenges organizations face is monitoring for suspicious activity. A Security Information and Event Management (SIEM) solution mitigates cybersecurity risks by collecting and reviewing event logs for connected devices across a technology environment, detecting anomalies and alerting in real-time. A SIEM solution delivers protection and insight by providing a holistic look at an IT environment.

The comprehensive nature of SIEM makes it one of the most critical layers of security, as it is one of the few options to merge traditionally segregated systems. To streamline the process of correctly configuring and maintaining a SIEM solution, many organizations partner with a managed services provider for SIEM-as-a-Service.

Mitigating cyber risk

This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.