Protecting Financial Services: Cyber Resilience Strategies | GBAF

Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Technology > Protecting the financial services sector, as it becomes increasingly vulnerable to ransomware

Protecting the financial services sector, as it becomes increasingly vulnerable to ransomware

Published by linker 5

Posted on October 14, 2020

4 min read

Last updated: January 10, 2025

Untitled design – 2020-10-14T162325.665

By Rick Vanover, Senior Director of Product Strategy, Veeam.

The financial services industry is an appealing target for cyber criminals today. Arguably, consumers’ financial, banking, trading and superannuation information is some of the most important data held by organisations. The stakes are incredibly high for the financial services industry to properly protect and secure this data. Failure on this front will result in incredible damage to the company’s reputation and likely incur huge financial cost.

This year’s Cyber Readiness Report found that some of the biggest financial losses incurred by cyberattacks during 2020 involved UK-based financial services firms, with one company suffering total annual losses of $87.9m following a series of incidents. The situation has become increasingly complex under the pressure of the global pandemic and a remote workforce, which is why the sector must act with vigor against the growing digital threats being levelled at it.

While ransomware is incredibly complex and a huge responsibility for organisations to manage, there are steps that can be taken to mitigate risk before it can occur.

Understanding the threat

The main points of entry into any business for ransomware is through Remote Desktop Protocol (RDP) or other remote access mechanisms, phishing emails and software vulnerabilities. Knowing that these are the three main mechanisms is a huge help in focusing the scope of where to invest the most effort to be resilient from an attack vector perspective.

Most IT administrators use RDP for their daily work, with many RDP servers directly connected to the Internet. The reality is that Internet-connected RDP needs to stop. IT administrators can get creative on special IP addresses, redirecting RDP ports, complex passwords and more; but the data doesn’t lie, that over half of ransomware comes in via RDP. This tells us that exposing RDP servers to the Internet does not align with a forward-thinking ransomware resiliency strategy.

The other frequent mode of entry is via phish mail. We’ve all seen emails that don’t look right. The correct thing to do is delete those items when they enter your inbox. Combined with training to help employees identify phishing emails or links, self-assessment tools can be an effective mode of first-line defense.

Rick Vanover

Rick Vanover

The third area that comes into play is the risk of exploiting vulnerabilities. Keeping systems up to date is an age-old IT responsibility that is more important than ever. While this is not a glamourous task, it can quickly seem a good investment should a ransomware incident exploit a known and patched vulnerability.

Back up data

With so much at stake, organisations in the financial services industry must also prepare for the worst-case scenario and prepare an ultra-resilient backup storage.

The 3-2-1 rule is a good starting point for a general data management strategy. The 3-2-1 rule recommends that there should be at least three copies of important data, on at least two different types of media, with at least one of these copies being housed off-site. The best part is that this rule does not demand any particular type of hardware and is versatile enough to address nearly any failure scenario.

Do not pay the ransom

In spite of these techniques, businesses must still be prepared to remediate a threat if introduced. Our approach is simple. Do not pay the ransom. The only option is to restore data. Additionally, organisations need to plan their response when a threat is discovered.

In disasters of any type, communication becomes one of the first challenges to overcome. Have a plan for how to communicate to the right individuals out-of-band. This would include group text lists, phone numbers or other mechanisms that are commonly used to align communications across an extended team. In this contact book you also need security, incident response and identity management experts – internal or external.

There are also conversations to have around decision authority. Businesses must decide who makes the call to restore or to fail over before an incident takes place. Once a decision to restore has been made, organisations need to implement additional safety checks before putting systems back online. A decision also has to be made as to whether an entire virtual machine (VM) recovery is the best course of action, or if a file-level recovery makes more sense. Finally, the restoration process itself must be secure, running full anti-virus and anti-malware scans across all systems as well as forcing users to change their passwords post-recovery.

While ransomware is becoming an inerasably dominant threat across the financial services industry, there are valuable steps that can be taken to mitigate risk and prepare for the worst-case scenario. Put simply, for all organisations today, having a full proof back up plan in place is crucial to ensure survival against any potential act of cybercrime.

Protecting Financial Services: Cyber Resilience Strategies | GBAF