It should come as no surprise that data breach attacks against financial institutions are at an all-time high according to the Verizon 2018 Data Breach Report. After all, cyber attackers – whether they are cybercriminals, nation state actors, or even malicious actors – are motivated by financial gain and nowhere are the gains greater than in the financial services sector.
While traditional cyberattacks against banks have focused on stealing personally identifiable information (PII) to either use or sell on the black market for gain, the newest cyberattacks focus on holding critical information for ransom.
Despite the awareness of these attacks, successful ransomware attacks are proliferating and traditional cyber defenses demonstrate no meaningful capability to avert these attacks. Before being the victim of a successful attack and facing the possibility of paying out thousands, if not tens of thousands, or dollars to unencrypt data, organizations at risk should review their cyber defenses.
Maureen Gray, COO of Blue Ridge Networks, a cybersecurity firm in Virginia, explains the steps to follow.
“Typically, the first step in cyber best practices is to seriously examine your network for obvious vulnerabilities. Are you running the latest operating systems everywhere, and have all security patches been applied? Are your users’ passwords strong? Is your data regularly backed up? And are you engaging your users to help maintain security?” she said.
Weak passwords, corrupted content, and mobile devices roaming from network to network are often to blame. “Smartphones, tablets and laptops come in and out of the network from both employees and third-party vendors or contractors,” Gray said, “and that means more opportunities for phishing attacks, social engineering, and watering hole attacks that all enable malicious actors and code to slip past the network’s protections.”
While many companies invest in extensive training that places a burden on their employees to catch the hack, Gray encourages companies to invest in next-generation breach prevention tools to protect themselves against cyberattacks like ransomware. “Hackers have proven time and again that traditional methods of defense don’t work and that anyone with enough time and resources can find their way around security protocols. Organizations need to invest in a solution that blocks both known and unknown malware strains before it executes as opposed to after it has been detected once on a system,” she concluded.
Learn more about how the organizational and technical challenges faced by financial services institutions as they attempt to protect data from cyber threats,here.