How can the financial industry mitigate the risks posed by ransomware?

By Paul Prudhomme, Head of Threat Intelligence Consulting at Quick7

Ransomware is a significant challenge for security teams in the financial industry. Rapid7 is closely monitoring the trend escalation of this threat.

It is well known that ransomware gangs do not target sectors on a whim, but their attacks are highly targeted. These adversaries gravitate toward the sectors they believe are most likely to meet their demands in order to avoid immense damage.

The financial sector is an attractive target for ransomware attacks due to the sheer volume of critical data and services managed by financial institutions. Any downtime or data leak in this industry can affect thousands or even millions of customers. Therefore, the prospect of threat actors stealing and ultimately leaking sensitive data to extort more money in the second layer of a “double extortion“The ransomware attack rightly worries security teams.

Rapid7 Surveys found that financial data was the most likely to appear in a ransomware data disclosure, accounting for 63% of all leaked data between April 2020 and February 2022. So, as ransomware threats continue to dominate this sector, it important for organizations to identify vulnerable assets on their networks and how hackers are exploiting them.

Most Targeted Categories in Financial Services Data

Threat actors have improved their tactics with the changing times. They realized that focusing on industry monetary information would not bring them the economic benefit they desired. It would seem obvious that if they hack the financial sector, monetary data would be the focus. Instead, ransomware gangs target customer data, and at the same time, they aim to leak personally identifiable information (PII) and employee HR data.

According to our research, since April 2020, 82% of disclosures from financial services organizations included customer data, and employee PII and HR data was found in 59% of disclosures. Additionally, in 29% of cases, the data disclosures included reconnaissance details that other adversaries could use to further victimize the targeted institution in the future.

Focus in financial services

Understanding the patterns followed by ransomware groups, it is clear that instead of focusing on industry or businesses, these attackers are targeting individuals and threatening to leak personal information. Could it be because gangs are aware that the weakest link in any organization is its personnel? Targeting customer information and threatening to release it not only jeopardizes company values ​​and reputation, but also puts pressure on financial institutions by hitting them where it hurts: the trust of their customers and their employees.

An individual’s financial and personal information is most at risk from these gangs. Not only do they gain access to employees’ and customers’ private information, but they also make customers and employees vulnerable to identity theft. The priority should therefore be to reduce the risk of falling victim to a ransomware attack in the first place.

Protection against ransomware gangs

While there is no definitive way to ensure that every bit of data on a corporate network is protected, there are certain practices an organization can implement to improve its chances against hacker attacks. ransomware. One of the easiest ways to protect against data leaks is to recognize and prioritize the types of data that require additional protection. This includes the types of data that adversaries target most frequently, or the types of data that provide the most profit to malicious actors.

To ensure that cybercriminals do not get their hands on crucial information, it is essential that companies go beyond simply backing up their data. There is no guarantee that an attacker will completely relinquish control of the compromised information even after the ransom is paid. Therefore, companies need to encrypt their most sensitive data sets and segment key assets to reduce the likelihood of attacks gaining access to them. These practices ensure that if a ransomware attack takes place, threat actors will not be able to access the data at all, or if they do, it will be useless in encrypted form.

With the threat of ransomware showing no signs of abating, it is essential that every organization in the financial industry remains aware of the risks posed to their own business as well as their customers. Taking steps to implement the appropriate measures outlined here should be a top priority for any financial business looking to maintain cyber resilience, protect employee and customer data, and preserve its reputation.

Comments are closed.