During these extremely challenging times, organisations of all sizes are experiencing many business challenges, the threat from a Ransomware led cyber attack being just one, but a very important one. The bad-guys are taking full advantage of the world’s current situation and the treat from ransomware attacks is very real and various survey’s tell us it’s the number 1 threat to disrupting business operations.
The Financial Services sector, being a major target, with one of the top four targets for ransomware attack
Financial Services is a digital industry with heavy reliance on the use of technology and the breadth of information they store about their customers. In addition, the large banks, insurance companies, wealth management providers etc., are seen to have the funds to pay the ransom. Furthermore, disrupting access to critical data in a Financial Services firm increases the urgency to pay a ransom.
The bad-guys are constantly evolving their techniques. They no longer encrypt your live database as soon as they break into your network. They take their time, patiently waiting until their malware is deep in your backups. They then trigger the encryption of your live database. You are now unable to restore your live database from a viable backup, as the data is too old and out of date. Therefore, you have no choice, but to pay the ransom.
So, you get your data back, but that could leave you in trouble with the Authorities. In the US, the Treasury has announced that it plans to crack down on the payment of ransomware attackers and it may be seen as an illegal act to facilitate ransomware payments to cyber criminals. Before, companies could decide whether or not to pay cybercriminals off. Now those decisions are being brought under government oversight and we are likely to see a much tougher stance in handling of these incidents.
The New Year holidays of 2020, saw Travelex hit by a ransomware attack, which took their systems down for 2 and half weeks, during which time, they could not service their customers. This was a major contribution for Travelex going into administration.
Could your busines survive such an attack?
So, what can we do?
- Have the basic hygiene factors in place. Secure configuration, including Patch Management and Malware Protection. Ensure networked devices are configured appropriately, including no default settings. All networked devices are patched and no more than 1 month out of date. If they are on a network, they are a potential access point that can be exploited.
Management of backups is essential to provide the ability to be able to recover from an incident, from a clean and viable back-up.
- Implement appropriate and effective access controls, implement 2 Factor Authentication, especially on Privileged Accounts and on Remote Access Users.
- Understand business related technology and cyber risks, fully understand the organisation’s business risks of using technology and cyber-enabled solutions, and ensure that controls are working effectively to manage these risks.
- Effectively manage the full supply chain, understand the risk of the organisation’s complete supply chain, the risk of your third parties, and their third parties, from the perspective of the value and sensitivity of the information they handle and also how the supplier impacts on the organisation delivering services to its customers.
- An appropriate security culture has been established, leadership, encouraging a technology and cyber security aware culture, including providing an ongoing awareness and education programme. The C-suite and senior management team not only saying the right things, but also backing their words, with their actions.
- An effective incident response process is in place, establishing an appropriate and responsive Incident Management Capability. Recognise that breaches will happen, be prepared to Respond and Recover. Breaches will happen, the organisation will be judged by its shareholders, regulators, customers and business partners on how well and quickly the organisation is able to Respond and Recover.
- Effective performance monitoring, performance monitoring, defining appropriate, meaningful and easily obtainable KPIs (Key Performance Indicators) and KRIs (Key Risk Indicators). Providing easy to understand Dashboard to the C-Suite.
- Have the rights skills, in the right numbers, in the right places, ensure that the organisation has the right cyber security skills in the right numbers; in the right places and that their training is kept up to date.