If you think financial institutions are the most attractive of all targets for hackers, you’re right. While cyberattacks are increasing in all industries, they are particularly vexing for banks and credit unions of all sizes. Consider these recent statistics:
- Banks average around 703 cyberattack attempts per week
- When a data breach occurs at a financial institution, they take 233 days to detect
- 63 percent of financial institutions report that they are getting more, and more destructive cyberattacks
- 55 percent of financial institutions report that they were hit by a serious ransomware attack in 2022—a 66 percent increase from the year before
- 43 percent of senior bank executives report that they don’t think they’re adequately protected with their current cybersecurity programs
Are these statistics scary? You bet. But the good news is, cybersecurity tools are more sophisticated and scalable than ever. MSPs like Integris can help you navigate this new cybersecurity landscape. But first, let’s talk about the biggest threat community banks and credit unions are facing now: ransomware.
What Does Ransomware Look Like at Financial Institutions?
Ransomware is a type of malicious software (malware) designed to block access to a computer system or data. It often encrypts the data and locks the system’s screen or user’s files, then spreads to shared storage drives and other accessible systems.
Cyber attackers hold the system or data “hostage” until a ransom is paid. Usually, the ransom is a substantial amount of money or cryptocurrency.
If the demands are not met, the system or encrypted data remains unavailable, or data may be deleted. It doesn’t take too much imagination to understand the implications of this kind of security breach. Social security numbers, Account numbers. Sensitive financial data. Each one provides an opportunity for ruinous damages for all parties involved. An emerging tactic is for the cybercriminals to steal sensitive data and threaten to publicly disclose it or sell it if the ransom isn’t paid, creating a double extortion scheme.
All it takes is one bad click by an employee or customer to unleash the programs onto your network that can get through the cracks of your security. If you don’t have the right cybersecurity tools on board, you’re widening those cracks.
What Can My Organization Do to Mitigate Financial Ransomware Attacks?
Early detection of a cyberattack is always important, but it is even more crucial with ransomware. Recognizing and eliminating the attack before the data is encrypted is vital, because once you see the ransom demand message, the damage has already been done.
Whatever the size of your business, it’s critical to invest in anti-malware solutions that monitor your network for any malicious activity. These techniques include signature-based detection, behavior-based detection, and detection through abnormal traffic.
Also, educate employees on how to detect ransomware and the action to take if they notice a suspicious email or link. Most ransomware attackers leverage human error to compromise systems.
While early detection is crucial, organizations must also implement effective ransomware recovery measures in case of an attack. So, it’s important to have a comprehensive data backup strategy. Data backups can restore the data to normal, as well as remove the infection, which eliminates the question of having to pay the ransom.
How Should We React if We Are Faced with A Successful Ransom Attempt?
FBI and Department of Homeland Security recommend that companies avoid paying ransoms, because doing so encourages more attacks.
The decision of whether to pay the ransom should be made carefully at the organization’s highest level. And understanding what happens if you pay is key to making that decision.
Theoretically, if you pay the ransom, the attackers will provide a decryption tool and withdraw the threat to publish stolen data. But payment is no guarantee that all data will be restored. Gartner, Inc. notes the following realities of ransomware that must be considered:
-
On average only 65 percent of the data is recovered, and only 8 percent of organizations recover all their data.**
-
Encrypted files are often unrecoverable. Attacker-provided decrypters may crash or fail. You may need to build a new decryption tool by extracting keys from the tool the attacker provides.
-
Recovering data can take several weeks, particularly if a large amount of it has been encrypted.
-
There is no guarantee that the hackers will delete the stolen data. They could sell or disclose the information later if it has value.
Before negotiating with attackers, it’s important to engage a professional incident response team and consult law enforcement and regulatory bodies.
However, the best alternative to the pay-or-don’t-pay dilemma is to have a business continuity plan in place and to proactively defend your financial institution against ransomware attacks.
Are you interested in increasing cybersecurity protections at your organization? We’d love to help. Contact us today for a free consultation.