By Robert Rutherford, CEO and David Clarke, Head of Security at QuoStar
Cybersecurity attacks strike at the heart of an institution’s reputation. If data is compromised, trust can be shattered. Like all service providers, financial firms depend on their painstakingly-built reputations to stay in business. Consumers must be confident that their financial information – and their money – is safe. Guarding against cybersecurity threats is crucial.
These risks increased in 2021, with ransomware attacks rising by 288% last year. Given the global ransomware industry now generates annual revenues of over $1.5 trillion, this growth is unlikely to slow.
A new critical vulnerability was also recently exposed in Log4j, an open-source logging library that is used by a range of apps and services. This offers criminals with minimal knowledge the chance to infiltrate IT systems in order to steal passwords and data, and compromise networks with malicious software.
Cybersecurity is now being taken seriously at the highest level. In May 2021, President Biden’s Business Office released new advice about ransomware and how firms should guard themselves. This guidance offers financial firms eight main lessons to take into 2022:
- Back up your data
Many firms back up their data only at weekly intervals, or longer. Should a cyberattack occur, they could therefore lose up to seven days’ worth of data. Further, the longer the interval between backups, the longer it takes to restore lost data in the event of an attack. The effect on productivity could be devastating. Firms must equip themselves with technology to backup and restore data quickly and reliably, potentially by working with specialist partners. It’s also important to note that traditional backup systems are often a primary target in a ransomware attack, so firms need to ensure they have specific solution in place to protect backups from being encrypted.
- Implement an efficient patching system
It is not sufficient to patch IT systems on a weekly or monthly basis. Firms should be constantly monitoring their systems and resolving vulnerabilities. But as patching can cause outages, firms should invest to mitigate its impact on productivity. Technology is available that increases the speed of patching, reducing the time systems spend down. Bursting frees up resources for critical IT applications, allowing high-priority work to continue during outages. Hot standby systems also ensure that essential systems continue to function.
- Vet your suppliers
Even if a firm’s systems are sound, there may be a way-in because of vulnerabilities in suppliers’ networks. Undertaking due diligence is therefore crucial. One way of vetting a supplier is to request their Software Bills of Material (SBOM), which lists all open-source components in their software for IT professionals to review. SBOMs also allow firms to see which software versions their suppliers are using. Firms should ensure that versions align throughout the supply chain, and that all suppliers operate within high-standard risk management frameworks. Ideally, all partners should be ISO27001 or SOC2-accredited bodies. Firms should not be shy in asking suppliers for certification or auditing their cybersecurity processes.
- Maintain best practice
Firms should ensure best practice is in place, and that procedures are evaluated continuously. It is best to have evidence of these practices – such as by obtaining an ISO27001 certification, which recognises a high standard and continual management of information security. Systems must be regularly reviewed for any potential vulnerabilities and asset registers should be maintained, to ensure no risk is missed. Asset registers also mean a firm can prioritise by criticality – offering the most protection to its most important assets. Organisations should deploy well-established Governance, Risk and Compliance (GRC) practices. These embed risk management into everyday activity, making it easier to manage – and ensuring decisions are consistent and effective.
- Obtain specialist detection systems
A Security Information and Event Management (SIEM) solution is now essential to continually monitor system logs within an organisation . This allows activity to be monitored comprehensively by professionals, who are also notified of anomalies, and can respond to block and remediate issues. This may require specialist security technologies and skills or working with external partners.
- Segregate your networks
Both the UK and US governments state that network segments should be protected individually. Segmentation helps prevent attacks reaching other parts of the network, containing malicious activities to one part of the system and thus limiting damage. Micro-segmentation is even more effective, by establishing isolated zones within networks, protecting specific workloads individually. This stops lateral movement of malware through an entire system. Segregation is easy to install and manage, offering demonstrable benefits within a short period.
- Consider hardware tokens
Hardware tokens are a physical device that are plugged into USB ports. They generate a random number, which expire after one use and are valid for a limited period. This number is needed to log into the computer along with a username and password. It is a form of two-factor authentication that is effective at preventing account takeovers and ransomware attacks.
- Undertake resilience exercises
Financial firms should undertake resilience exercises to analyse their capacity to withstand cybersecurity attacks. By working through all the components of their technology infrastructure, organisations can analyse their resilience to cyber threats and review how strong the links within networks and systems are. Having identified the weaker links, firms can then ensure that appropriate mitigations are in place, or that the risks are understood. This helps business to respond to a cyberattack, while minimising the risk of any attacks being successful.
A growing threat which is often undertested is Denial of Service, where a bad actor swamps an organisation’s network connections, putting them offline. A financial firm needs to fully understand how they will respond, long before an attack ever happens.
The cybersecurity risks for financial firms are clearly increasing, but they are not unmanageable. By implementing this guidance, organisations can achieve more comprehensive and effective security operations, with systems resilient enough to withstand both emerging and existing threats. In turn, this will reduce the risk of reputation-damaging data breaches and regulatory scrutiny – whilst keeping clients assured they are in safe hands.