Pub. 11 2021-2022 Issue 3


Strengthening Your Bank’s Defenses Against Ransomware

Colorado-Bankers Association-logo
This story appears in the
Colorado Bankers Association Magazine
Pub. 11 2021-2022 Issue 3

Cyberattacks Continue Making Headlines

In May 2021, a ransomware attack targeted one of the nation’s largest pipeline companies, resulting in a nearly $5 million ransom payment, disruption of fuel supply, and even panic purchasing among consumers in certain regions of the country. Shortly thereafter, JBS — which is among the largest meat processing companies in the world — was also hit with a ransomware attack, paying $11 million to keep its data safe.

Another example: Kaseya — an IT solutions developer for managed services providers (MSPs) and enterprise clients — announced it was the victim of a cyberattack in July 2021. Hackers carried out a supply chain ransomware attack by exploiting a vulnerability in Kaseya’s software against multiple MSPs and their customers. It’s estimated that up to 1,500 businesses — including financial institutions — were affected by the attack and experienced ransomware compromise.

The recent increase in the frequency of ransomware attacks is an enormous concern for all organizations, but especially for financial institutions, whose data is particularly sensitive to these attacks. Ransomware is a growing threat, and banks must be vigilant against this type of attack.

CSI’s 2021 Banking Priorities Executive Report revealed the overwhelming majority (81%) of bankers view social engineering as the greatest cybersecurity threat in 2021. Phishing aimed at internal targets that let attackers into internal systems (32%) was another top cybersecurity threat identified by bankers in that report. There is plenty of evidence to support this concern, as employees working from home continue to be targets
for cybercriminals.

Is Your Bank Prepared for a Cyberattack?

As cybercriminals continue to evolve their tactics and cast a wider net for victims, ensure your bank is prepared to confront this heightened risk. Reference these seven steps as a guide to enhance your bank’s preparedness for attacks and defend against future threats, including ransomware.

1. Have a Plan in Place
The automated nature of modern ransomware and the immense scale used in attacks are warning signs to all financial institutions. Ransomware attacks will likely increase in scale, frequency, and sophistication as more cybercriminals seek an easy payout. As ransomware attacks surge, institutions must consider the operational, financial, and reputational implications of being held hostage by ransomware.

Does your institution have an actionable plan in writing? If not, developing one should be your priority. Communicating a plan of action to your entire organization in your Incident Response Plan (IRP) — which highlights prevention, detection and protocol during an attack — allows for a quicker response and possible isolation of any infected devices.

2. Conduct Regular Data Backups
Ransomware thrives on holding your data captive, making regular data backups essential. If your data has been duplicated and stored elsewhere, ransomware becomes far less threatening. To minimize the damage from an attack, the best recommendation is to implement a risk-based backup program with the frequency and retention period of backups defined according to the criticality of the data. After determining your backup schedule, test your data backups to ensure they work properly.

3. Prioritize Employee Education
A core component of most cyberattacks remains consistent: at some point, the attack encounters a human who allows the cybercriminal access to your system. Therefore, training your staff — especially at the highly targeted customer service level — should be paramount. Educating employees and providing them with social engineering training reduces the likelihood of those employees inadvertently aiding an attack.

Ensure your employees are familiar with the signs of ransomware and know how to react when they encounter suspicious activity. With proper training, your bank’s staff will become a powerful line of defense in protecting against malicious attacks.

4. Leverage Industry Best Practices
Cybercriminals often use confusion and fear as their weapons of choice. Their methods are constantly evolving, designed to circumnavigate any new roadblock they encounter. Because of this, one of the best ways of fighting cybercrime is creating a unified community dedicated to a constant and open flow of information and articulation of best practices. Organizations such as FS-ISAC allow institutions and businesses across all industries to share best practices and insight in the hopes of achieving a unified front against cybercrime.

5. Assess Privilege Control
Allowing all your employees unlimited access to your customers’ secure data is an enormous liability. Ensure that only employees who need deep access into valuable customer files have it and only give administrative privileges to an appropriate few. Limiting these privileges to a smaller, more acutely trained pool of employees will decrease your bank’s overall risk.

Additionally, consider requiring multi-factor authentication (MFA) to enhance protection. Using MFA requires multiple factors to verify a user’s identity, preventing a hacker from accessing accounts by obtaining or cracking a password. Authenticating a user’s identity and protecting credentials using two or more pieces of evidence will further strengthen the resilience of your network.

6. Secure Your Entire Perimeter … Including the Cloud
Without tight perimeter security, your bank is basically leaving the front door wide-open. It’s no longer optional to simply deploy firewalls and intrusion prevention systems. Financial institutions must go above and beyond typical security measures to keep their systems safe and should consider taking advantage of enterprise-grade security solutions.

It’s important to understand that your perimeter extends beyond your physical perimeter. As more institutions prioritize cloud migration, ensure you approach cloud adoption with security considerations in mind. Having the proper security configurations and deploying the latest enhancements for your environment will maximize the benefits of the cloud. Further, monitoring your entire perimeter — including your cloud-based IT infrastructure — is critical.

7. Monitor Your Network
One of the biggest challenges community financial institutions face is monitoring for suspicious activity. Security systems and tools are critical, but neither take the place of eyes on glass. One of the wisest investments you can make is partnering with a managed services provider (MSP) that offers around-the-clock assistance in monitoring suspicious activity. These same providers can assist with administrative functions — including system and software updates — and offer practical, actionable advice to make sure your bank is doing everything possible to prevent attacks.

Mitigate Your Bank’s Cybersecurity Risk

Cybersecurity is more than a technology issue; it is a business issue. Don’t leave your bank vulnerable to ransomware or other cyberattacks. By keeping a pulse on current and evolving threats, you can mitigate your cyber risk to keep your networks, data, and users safe.

Gain additional insight on strategies to detect, prevent and manage cybersecurity threats by watching CSI’s on-demand webinar.

Sean Martin serves as a product manager for CSI Managed Services and has extensive knowledge on implementing effective systems security and network management practices. He speaks and writes frequently on security-related topics affecting the financial services industry and holds Cisco CCNA and CCIE written certifications.