By Anthony Cusimano, Technical Director at Object First

US financial institutions processed over a billion dollars in ransomware payments last year, a new record and almost triple the amount compared to the previous year. The threat of these attacks is only going to continue into 2023, so it is more important now than ever for banks to prioritize securing their systems and data to shore up for a potential attack. When determining where to invest that leftover budget before the end of the year, consider prioritizing new methods of storage to protect your organization’s most valuable asset – its data.

Earlier this year, ransomware attacks in Chile and Montenegro caused substantial damage and shut down banks, and research from the Bank of England found that 74% of financial institutions said cyberattacks were among the top risks anticipated to have the greatest impact on the UK financial system. Organizations in the financial sector are closer to money than other businesses, making them an attractive target for threat actors, so it’s extremely important for this industry to ensure they prioritize a robust data protection plan, especially as ransomware gangs adapt to new cyber environments and improve attacks in both scale and sophistication.

Overconfidence leaves gaps in cybersecurity

Although many executives within the financial services industry recognize the level of risk, this does not always translate into action. Recent research from cybersecurity firm Trend Micro found that financial services firms are more confident they’re protected from ransomware than any other sector – with 75% of those surveyed saying they’re adequately protected from ransomware. But it turns out those same firms are often lacking the proper tools to detect ransomware. Trend Micro also found significant third-party cyber risk for financial services organizations, through suppliers or partners who are compromised by ransomware.

As part of an industry that is such a lure to threat actors, it is really a matter of when, not if, banks and other financial organizations will experience an attack. And ever-evolving ransomware strains can find a way to get past even the best detection and prevention tools. The most comprehensive way to protect sensitive data from the threat of ransomware is to ensure that data is recoverable under any circumstance to strip hackers of having the upper hand when trying to force ransom payments.

The 3-2-1 rule for data backup is a great place to start as a best practice to implement within an organization. The strategy calls for an organization to have three copies of data, on two different types of storage media, with one being offsite. To take it one step further, one of these backups should have immutability written into the code. Immutability offers the assurance that the information in your database cannot be modified or encrypted, preventing any instances of digital tampering and essentially making the data ransomware-proof.

Maximize EOY budgets with ransomware-proof data storage

Holiday periods are a popular time for the bad guys to hit companies with ransomware as they are aware that IT and cybersecurity departments are at lower staffing levels. A survey from Cybereason found that organizations take longer to assess the scope, stop, and recover from a holiday or weekend attack compared to a weekday, and that delay is even greater with larger organizations. With the current talent shortage in the industry, IT and cybersecurity departments have limited resources and are leaning more heavily on generalists. This means that many financial institutions may suffer from sacrificing data recoverability and availability to stay within budgets without the necessary team members or knowledge to integrate a new system.

However, the implications of a bad data protection strategy can lead to even greater financial loss through downtime and lost data, which can damage relationships with customers and the reputation of the firm or bank. Don’t fall into a false sense of security; now is the time to take a more critical look at your data backup solutions to see if they can truly ensure that your data is recoverable. Aim for solutions that have built-in immutability without sacrificing simplicity and affordability.

Object-based backup storage can provide this immutability through object lock. Historically used in cloud environments, object storage is a storage solution that manages unstructured data as “objects”, each with attached metadata and a unique identifier. It offers the best business software solution to ensure ransomware cannot affect the data stored within, making it the perfect choice for data backups. In addition, object storage has the necessary performance to instantly recover any data that is no longer accessible on the production servers, meaning that an organization can retrieve data with little to no downtime.

It is essential to be proactive in protecting data so that systems are prepared for when a ransomware attack occurs. If you choose the reactive route, you are left scrambling to decrypt data, communicate a data leak to customers, and/or pay exorbitant ransoms. Organizations should put their end-of-year budgets to good use by ensuring what they’re spending now sets them up for success – and safety – in 2023.