By Marco Fanizzi, SVP and GM, Commvault International, talks about the heightened threat from cyber-attacks as a result of sanctions for Russia, and how a multi-tiered approach to security is essential to protect data.

Both the US and UK Governments have warned banks and financial institutions to be on high alert for Russian reprisal attacks, as a result of increasingly tight sanctions. Russia’s largest banks have been excluded from Swift as a result of the continued invasion of Ukraine and Hydra, the Russian dark web marketplace for cybercriminals, has had its servers seized by German authorities.

Cyber experts and heads of state are both warning that we are about to see an explosion of financially-motivated cyber-attacks from Russia as the economy increasingly struggles with the impact of sanctions. “The global threat of cybercrime and ransomware that originates in Russia, and the ability of criminal leaders to operate there with impunity, is deeply concerning to the United States,” said Janet Yellen, Treasury Secretary, in the Financial Times.

The risk from ransomware won’t be new to anyone in banking – or many other sectors. Attacks regularly cause denial of service or interrupt critical infrastructure and services like hospitals, energy, and food supply chains. However, a more co-ordinated, state-sponsored approach is now expected. Sophisticated gangs of highly skilled cyber professionals, employed for a state-backed purpose.

So, what should global financial institutions be doing to ensure they have a comprehensive cyber strategy in place?

Tiers provide the strongest defences

Ransomware attacks do not discriminate across borders, size of institution, or by sector. A multi-tiered approach will provide the strongest protection and bolster defences against newly released cyber threats. The National Institute of Standards and Technology’s (NIST) five step approach should be at the core of any cybersecurity policy:

1 – Identify

Identifying data assists in developing an organisational understanding to managing cybersecurity risk to systems, people, assets, data, and capabilities. Understanding exactly what data you hold and where it is stored is key to protecting it.

2 – Protect

Put in place safeguards to ensure delivery of critical infrastructure services. By correctly identifying key data when designing the architecture and cost model, you will put in place stronger protections for it in the long-term. Unfortunately, many organisations use technology from different providers that does not integrate or identify key data. If you use a single, integrated solution, it will enable stronger protection. Then, if a ransomware attack is launched, data shouldn’t slip through the cracks.

3 – Detect

Being able to detect inappropriate activities will increase the chances of identifying a cyber-attack. Detecting a vulnerability early enough limits the havoc it can wreak. Continuous monitoring capabilities will help verify threats and measure the effectiveness of protection.

4 – Respond

Once detected, response planning processes need to be executed both during and after an incident. This is critical to be able to contain the impact of a breach. Managing communications with stakeholders is important, along with forensic analysis to understand what has happened and stop the problem growing. It is only from understanding this that the organisation will eventually be able to learn what went wrong, and avoid a repeat situation in the future.

5 – Recover

Banks and financial institutions that stay calm and have rehearsed plans, recover their systems fastest. Since the start of the pandemic, many institutions have turned to cloud-based solutions to better support hybrid working for their teams. This does give an additional layer of backup for recovering lost data. Datasets can be returned to a safe environment without having to physically check each dataset is clean.

Where is this heading?

Currently, no-one knows truly if, how, or when businesses will start to feel the heat from Russia’s cyber teams. We especially don’t know where the focus would be. What is clear though, is that it hasn’t happened to date. We are seeing moderate attacks, like the Wiper threat against Ukrainian banks, that was designed to destabilise and disrupt, but thankfully, nothing significantly debilitating has been targeted at global banking.