Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .


Ransomware Attackers: How can the finance sector mitigate the risks ransomware poses?

iStock 1386184656 - Global Banking | Finance

383 - Global Banking | FinanceBy Paul Prudhomme, Head of Threat Intelligence Advisory at Rapid7

Ransomware poses a significant challenge for security teams in the financial sector. Rapid7 has been keeping a close eye on the trending escalation in this threat.

It is well-known that ransomware gangs do not target sectors on a whim, but that their attacks are highly targeted. These adversaries gravitate towards the sectors they think are most likely to meet their demands in order to avoid immense damage.

The finance sector is an attractive target for ransomware attacks because of the sheer volume of data and critical services managed by financial institutions. Any downtime or leaked data in this industry can affect thousands, if not millions of customers. Therefore, the prospect of threat actors stealing and ultimately leaking sensitive data to extort more money in the second layer of a  “double extortion” ransomware attack has security teams rightfully concerned.

Rapid7’s investigations found that financial data was the most likely to appear in a ransomware data disclosure, accounting for 63% of all leaked data between April 2020 and February 2022. So, as ransomware threats continue to dominate this sector, it’s important that organisations identify the vulnerable assets on their networks and how threat actors are exploiting them.

Most targeted categories in financial services data

Threat actors have been upgrading their tactics with the changing times. They have come to realise that focusing on monetary information from the sector will not give them the economic benefit that they desire. It would seem obvious that if they are hacking the financial sector, the monetary data would be the focus. Instead, the ransomware gangs are targeting customer data, and at the same time, they are aiming to leak employees’ personally identifiable information (PII) and HR data.

According to our research, since April 2020, 82% of disclosures from financial services organisations included customer data, and employee PII and HR data was found in 59% of disclosures. Furthermore, in 29% of cases, data disclosures included reconnaissance details that other adversaries could use to further victimise the targeted institution in the future.

Point of focus within financial services

By understanding the patterns that the ransomware groups follow, it is clear that rather than focusing on the industry or the firms, these attackers target individual people and threaten to leak personal information. Could this be because the gangs are aware that the weakest link of any organisation is its people? Targeting client information and threatening to leak it not only jeopardises the values and the reputation of the firm, but it also exerts pressure on financial institutions by hitting them where it hurts – the trust of their customers and employees.

Financial as well as personal information of the individual is at utmost risk from these gangs. Not only do they have access to the employees’ and the customers’ private information, but they also make customers and employees vulnerable to identity theft. The priority, then, should be to reduce the risk of falling victim to a ransomware attack in the first place.

Protection against ransomware gangs

While there isn’t a definitive way to ensure that every bit of data within a corporate network is protected, there are certain practices that an organisation can implement to improve their chances against ransomware attacks. One of the easiest ways to ensure protection from data leakage is to recognise and prioritise the types of data that need extra protection. This includes the kinds of data that adversaries target most frequently, or the types of data that provide bad actors with the most profit.

To ensure that cyber criminals do not get their hands on crucial information, it is of paramount importance that firms go beyond just backing up their data. There is no guarantee that an attacker will completely give up control of compromised information even after the ransom is paid. Therefore, organisations should encrypt their most sensitive data sets and segment key assets to reduce the likelihood that attacks will gain access to them. These practices ensure that if a ransomware attack takes place, the threat actors will not be able to access the data at all, or if they do access it, it will be useless in encrypted form.

With the ransomware threat showing no sign of slowing down, it’s vital that every organisation across the financial sector remain aware of the risks posed to their own business as well as to their customers. Taking action to implement the appropriate measures outlined here should be a top priority for any financial firm looking to maintain cyber resilience, ensure the protection of employee and customer data, and uphold their reputation.

Global Banking & Finance Review


Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!

By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post