By Lewis Duke, Sales Engineer at Trend Micro
The global financial industry is heavily regulated. Organizations are generally well insured and relatively profitable. Their services are considered an essential part of the national infrastructure. And among the companies analyzed by the British government this year, it was found to be the industry most likely to hold personal customer data. For ransomware actors looking for potential targets, this ticks just about all the boxes. Yet many business leaders are still unaware of the threat to their organization. A recent Bank of England study only 37% expect the risk of cyberattacks to materialize.
CISOs in the banking sector know better. They understand that the attacking team has the advantage in this high stakes game. And that taking back the initiative will require budget to not only get the basics right, but to go beyond that, with improved visibility to respond quickly to breaching incidents.
The threat of ransomware
This is not security vendor hyperbole. Ransomware has been repeatedly described by UK National Cyber Security Center as the number one threat to SMEs and businesses. Underground cybercrime has evolved over the past decade to provide budding cybercriminals with all the tools and know-how they need to launch sophisticated attacks. Specialized hackers known as initial access brokers do much of the heavy lifting in the first stage, gaining a foothold in the networks and then selling it to ransomware groups. “As a service” bundles advertised on underground sites take on even more pressure, allowing a wide range of criminal groups to participate.
Typically, they steal data before attempting to encrypt it, providing two opportunities for extortion. Many go further, threatening the organization that is the victim of DDoS attacks, calling customers and partners to tell them about the incident, and even deface the victim’s corporate websites with a ransom note. But whatever happens, the end result is usually the same: significant financial and reputational damage to the victimized organization that goes well beyond the cost of the ransom. This could lead to, among other things, regulatory action, class action lawsuits, lost productivity, customer turnover, and significant IT consulting costs. This should put the focus for financial industry executives on incident prevention and containment.
Companies under fire
A recent Trend Micro survey of business executives and IT managers from global financial companies found that at least most understand the magnitude of the problem. Some 79% agree that the sector is a more attractive target than others, and 87% believe they will be a target in the future, which is more than any other sector we studied.
This mood is partly informed by recent history. We found that around three-quarters (72%) of global financial services companies have been compromised by ransomware at least once in the past three years. Most had data encrypted and then leaked. And the vast majority (92%) said operations had been impacted, taking days (53%) or weeks (21%) to resolve. It’s time and money that could otherwise be spent on digital transformation and other high-value growth projects.
Where does the smart money go
Yet despite high levels of awareness and previous experience of being a victim of ransomware, most (75%) financial services firms choose to believe that they are now adequately protected. This figure is higher than in any other sector, in a way. It ignores two key facts about today’s threat landscape: attackers only need to be lucky once to cause significant damage, and what might be “secure enough” today. today may be woefully inadequate tomorrow.
Companies in the financial sector can have larger budgets than most. But it will be for nothing if the money is not directed to the right areas. It’s also worth remembering that ransomware groups themselves often have deep pockets. A data leak at the infamous Conti Group earlier this year revealed that he spent $6 million per year in salaries, tools and services.
So where should security budgets be concentrated? Cyber hygiene is important. We’ve found that most financial services companies have the basics down by improving security to prevent threats from email, remote work infrastructure, and software vulnerabilities. These are the three main ways threat actors begin to gain a foothold in organizations. But many still lack critical detection and response tools that alert teams when hackers have already entered the network. Since it is impossible to 100% prevent an attacker from doing so, these solutions are essential to provide an early warning system so that action can be taken to contain the threat before damage can be done. . Perhaps due to this cybersecurity gap, less than half of respondents say they can detect initial access (44%) to their systems or malicious attempts to traverse their networks (33%).
Building a more resilient sector
Financial services firms are also exposed through their business partnerships. More than half (56%) say a vendor has already been compromised by ransomware, and a similar number believe their vendors make them a more attractive target. They might be right. A majority agrees that a significant number of vendors are SMBs, which often spend less on security and could therefore be compromised on the way to their partners.
An additional concern is that most (52%) of respondents have a “significant” number of suppliers that are SMBs, which often have fewer resources to devote to cybersecurity. Financial services firms could improve the security of this ecosystem by sharing more ransomware intelligence with these third parties, but many do not. They may be worried about divulging trade secrets or the information not being collected in the first place.
The bottom line is this: as long as there are security holes to exploit, victims willing to pay, and hostile states happy to harbor criminals, there is no end in sight for ransomware. It is important to master the basics of security. But this needs to be complemented by real-time insight into threat activity. With the agility and visibility to respond quickly to emerging breaches, financial firms can contain risk before it spreads and help build a more resilient industry.