industry unlocked
Gregg Petersen from Veeam Software
After becoming one of the main cybersecurity threats in 2016 and causing global chaos in May 2017 , ransomware is currently keeping everyone in a state of constant security alert . Gregg Petersen , Regional Vice President ,
Middle East & Africa at Veeam Software , says there are seven proven best practices that financial Finstitutions should adopt .
BEST PRACTICES AGAINST RANSOMWARE
Financial organisations are particularly at risk , targeted by approximately 13 % of total attacks . Ransomware was reported as the number one vector of security risk in the financial sector in the 2016 SANS Survey , reported by 55 % of the financial services firms surveyed . The outcomes of these attacks can be highly damaging . Hackers successfully extorted a total of up to half a billion dollars from more than 32 % of financial institutions in 2016 alone .
How ransomware impacts the financial services industry
Despite the increasing number of attacks on financial institutions , public announcements of ransomware infections are rarely made due to the grave brand integrity and consumer confidence consequences . However , numerous attacks were reported in the last few years . Armada Collective attacked three Greek banks , encrypting valuable data and asking for € 7 million ( 20,000 Bitcoin ) from each bank , followed by three other attacks in a span of five days . Fortunately , these attempts failed , as the banks successfully leveraged their defence strategies instead of paying the ransom .
A 2016 report by SentinelOne on ransomware highlighted that the most vulnerable data for ransomware attacks are employee records , financial data , customer information , product and IP , payroll / HR and research .
Ransomware ’ s notoriety is not a surprise , considering its ability to evolve and surpass traditional data protection solutions . Beyond the use of sophisticated attack techniques , such as social engineering and the development of Ransomware-as-a-Service platforms , ransomware has been driven by certain key factors , such as security holes , lack of IT security knowledge , wrong permissions , lack of patching , and inadequate backup and recovery processes . Finally , the appearance of anonymous e-currency as a payment method as well as the decision to pay the ransom contribute greatly to encouraging cybercriminals ’ future attempts .
Keeping up with compliance and Availability challenges
In this threat landscape , stringent regulations , such as PCI , DSS , GLBA or GDPR and data breach notification requirements , legally require financial institutions to properly store and protect customer data along with other highly sensitive data . As they gain more users , adopt new technologies and face data upsurges , modern IT ecosystems must maintain the ability to collect , maintain and store data in changing environments .
Seven best practices for ransomware resilience in financial services
1 . Use different credentials for backup storage : Although this is a standard and well-known antiransomware best practice , it ’ s crucial
44 Issue 01 | www . intelligentciso . com