As data breaches and ransomware attacks continue to make the news, you’re right to be concerned about potential threats to your financial institution. Cybersecurity in finance is a deep topic that is more about building good habits and changing your mindset than any sort of quick fix. In this article, we’ll look at the common attacks, how they’re typically employed, and what you can do to mitigate your risk.
The Stakes Ransomware Attacks
In early May, news broke that the Colonial Pipeline, the largest petroleum pipeline in the United States that carries 2.5 million barrels of gasoline, diesel, heating oil, and jet fuel a day (nearly half of the East Coast’s fuel supply), was being shut down thanks to a ransomware attack. Panic ensued and customers rushed to the pumps fearing shortages and price spikes in the weeks to come. State and federal agencies were forced to issue emergency orders to mitigate the effects in order to prevent the crisis from getting out of hand.
Executives at the Georgia-based Colonial Pipeline Company, however, were faced with a difficult decision. Either pay a hefty ransom or spend months and several tens of millions of dollars to completely restore the organization’s systems. In the end, they decided to pay $4.4 million worth of bitcoin to solve the problem as quickly as possible. While the US Department of Justice’s new Ransomware and Digital Extortion Task Force was able to recover 64 of the 75 bitcoins paid to the attackers, that only amounted to $2.3 million in recovered assets because the currency had depreciated in value in the month that followed. According to Recode, this breach was possible because of a single leaked password for an old account without two-factor authentication (TFA) enabled.
In 2019, when the City of Baltimore was hit with a ransomware attack, they chose not to pay the $76,000 the attackers demanded. The impact was catastrophic, leaving city employees without access to their work email and costing the city over $18.2 million to restore systems and make up for lost or delayed revenue. The attack was mainly due to a lack of solid IT practices, including inadequate IT spending, a decentralized budget, massive turnover at the CIO level, and an overreliance on years-outdated software. It should be noted that although the disparity between paying and not paying looks bad on paper, a large portion of Baltimore’s spending was targeted at digital security transformation efforts to ensure that an attack like this would never happen to them again.
The FBI recommends not paying ransoms because it only serves to incentivize hackers to make more attacks, but also adds that the bigger problem is businesses that are unwilling to admit they’ve been hacked in the first place. The truth is that your organization will face a difficult and costly decision either way if you’re caught up in a cyberattack. Most organizations never get all of their data back, even if they pay. Meanwhile, with ransomware attacks on the rise, how can you make sure that your financial institution is protected? The first step is to understand the mechanics of how these attacks can happen.
For most ransomware attacks, the attacker needs to gain a foothold into your network in order to do damage. The most common technique is a phishing attack, where a victim is tricked into clicking on a malicious link or opening a fake attachment that deploys malware into your system. While we’ve all received spam with cryptic messages and a random link, phishing attacks can be much more sophisticated, and look like totally legitimate emails if you don’t know what to look for. They can appear to come from your vendors or even from your coworkers inside of your organization, or even something like a shared cloud document or spreadsheet.
As ransomware attacks have become more popular, attackers have become more and more organized and targeted. Hacking agencies have sprung up in Eastern Europe, Russia, and other countries that look more like legitimate businesses complete with management, a physical office, and departments all focused on how to most effectively turn a profit from ransomware attacks. Attacks are tailormade for specific, targeted organizations, and teams comb through the data they harvest to find other ways to extort their victims, like publicly releasing sensitive information, or selling customer data to the highest bidder.
Out of date software or unpatched devices are another major threat vector. Cybersecurity in finance can be difficult to maintain because of just how many more devices are on your business’s network at any given time, which makes it even more difficult to keep up with the latest security updates for everything and make sure you’re protected.
Once an attacker has access to your network, they’ll try to encrypt as much of your data as they can and download it in order to assess what they’ve got their hands on. Hackers are often even able to target your backups, making data recovery much harder or even impossible. At this point, they’ll contact you with the terms of their ransom, forcing you to choose between paying for the decryption key or seeing the price go up the longer you delay.
One of the most important things to understand off the bat is that nothing can keep you 100% percent safe. Attackers are always looking for new ways into your network and, as a financial institution, you represent a particularly juicy target:
The services you provide are time-sensitive and an interruption of service is unacceptable.
It only takes one person to give a ransomware attacker the foothold they need into your network. As attacks become more and more targeted at specific institutions, it’s vital that everyone on your team knows how to recognize a phishing email and has a place to go when they suspect something may be amiss. Again, a chain is only as strong as its weakest link, so you need to take an active role in making sure everyone has a good grasp on the key information, why it matters, and where to go if they have questions.
Training needs to be implemented for new hires as a part of onboarding and needs to be continuously refreshed for employees as the cybersecurity environment evolves. It can be very helpful to share examples of suspicious emails your organization has received and why they were caught, as well as any news articles about ransomware attacks or data breaches that drive the point home that the stakes are high.
Intertia is powerful in any organization, and taking time out of your busy schedule to update a piece of software or patch a device is going to wind up on the back burner more often than not. Unfortunately, that creates vulnerabilities that a cyberattacker is more than happy to exploit.
Keeping on top of all of the updates that come out for the software and devices connected to your network can be tricky, but your organization needs to commit to a regular schedule for making sure everything is up to date. TFA can slow things down, but is absolutely vital in today’s security environment—even with a leaked password, the Colonial Pipeline hackers wouldn’t have been able to do nearly as much damage if it had been enabled on that account.
While updates and TFA will occasionally slow things down in the short term, avoiding the risks of a data breach or ransomware attack is well worth the lost time.
Back-Up Your Finance Data in a Safe Location
Many organizations think they’re protected from a ransomware attack simply because they regularly back up their data. Unfortunately, if it’s on your network, then an attacker can simply encrypt the back-ups along with the rest of your data and hold that hostage, too. Even if it happens less frequently, it’s a good idea to make sure you’re backing up your data in a safe location that will be insulated in the case of a breach, off-site and off your network.
Make Sure Vendors Are Serious About Cybersecurity in Finance
Your vendors represent another potential threat vector for your network and, potentially, a foot in the door for a would-be attacker. You need to be sure that they’re following cybersecurity best practices and keeping your network safe. On your end, you can limit access on your network to only what’s essential, and make sure you’re prompt about removing old accounts when a contract ends.
Working with the right vendors is key to make sure that you’re protected from any threat that comes your way. With our in-depth experience, Equips can help you screen potential vendors to help keep you and your data safe. If you have questions about vendor relationships and cybersecurity, be sure to drop us a line here. We look forward to assisting you!
Equips is revolutionizing how Banks and Credit Unions manage, maintain, and protect critical branch equipment. Equips can leverage a network of 500+ vendors, experts at Equips help Financial Institutions respond to equipment problems quickly in one place: Equips. Active management allows Financial Institutions of all sizes to improve operational efficiency, cut costs, and streamline equipment inventory and vendor management. Our groundbreaking solution provides clients across 45 states with better insight and transparency into their critical equipment and enables employees to do their best work. To learn more visit equips.com.