Cybersecurity is a critical fact of life in any organization — and defending against ransomware threats has rapidly become the number one priority for information governance teams. This is particularly true with financial services organizations because, well, that’s where the money is. According to a 2018 IDG/Iron Mountain survey, nearly two-thirds (65%) of financial services organizations admit to experiencing one or more cybersecurity events, including malware attacks, fraud, and/or accidental data loss. One in five financial services organizations (22%) that have experienced a ransomware attack did not successfully block the attack. More than one-third (36%) report it took days or longer to get affected data back to a known good state after their most serious security event. And finally, four in 10 organizations (41%) had to revert to data versions that were days or weeks old.
Ransomware threats are a form of hacking that usually occurs through a phishing attack. The attack introduces malware that infects a computer and locks out the user from their data before moving throughout the network to take over the entire system. The malware requires a code to turn it off and allow the user access to their data again, hence the name “ransomware” threats. Ransomware threats are so prevalent today because they are cheap to produce, easy to disseminate with email and, with today’s cryptocurrency infrastructure and the dark web, they make it easy to remain anonymous.
Defending an organization from ransomware takes a multifaceted approach across several departments within the information governance committee. It is imperative to develop a holistic approach that addresses the issue from all angles, beginning with the weakest link in the chain — the people. The easiest and cheapest way to defend against ransomware threats is to stop them at the source. Most ransomware attacks are delivered via email, as are most malware attacks. Educating your people to recognize fraudulent email messages is a critical component of any cybersecurity strategy.
This means that the training and IT security teams within the information governance committee must work together to develop a comprehensive training program that teaches each member of the staff what to look for in fraudulent email messages. The word “comprehensive” in this case means not only the educational piece but also a verification component.
The members of the IT security team are the unsung heroes doing the heavy lifting in defense of the organization against these attacks. This department maintains the firewall, which serves as the first line of defense against malware email; it’s this department that maintains the virus protection and sees that all software is current with the latest updates. This is also the department that has the ultimate responsibility to pick up the pieces when an attack sees its way through and is successful.
The automated nature of ransomware allows a hacker to hammer away at a given target thousands of times a day with only a few strokes of a keyboard. Regardless of how effective an organization’s cybersecurity program is, there will always be malware that makes it through, and it only takes one to shut an entire organization down. This is not to say that the situation is hopeless, but the focus should be just as strong on the recovery side of the issue to be truly holistic.
Every organization should have a disaster recovery program. I believe that ransomware should be treated as any other disaster. The good news is that technology has reached the point where there are new tools the IT department can use to protect the organization’s information assets in any situation.
An essential part of any disaster recovery program is the backup plan. In the old days, this was a cumbersome regimen. In today’s world of the cloud, the process is much more efficient and can be more cost-effective. The issue with backing up data was always the lag time between the time the system went down and the last backup. In a financial services organization, even a few minutes equates to a lot of money.
Reconfiguring the organization’s infrastructure to a combination of on-premise servers and cloud servers allows the disaster recovery team to continually back up the organization’s data while protecting the backups from attacks through encryption and limited access from the network. These cloud-based backups can then be scanned offline for malware to ensure the data is kept clean. In the event that a ransomware attack is identified, the disaster recovery team can roll back to a clean backup within minutes.
This is an approach that hasn’t been possible until now due to technological advances. Granted, this is an entirely different way to think of disaster recovery programs and managing backups, but it is a necessary one when faced with the potential loss of an organization’s information assets. This hybrid approach is certainly more expensive than the old system of tapes, but financial services organizations, and really any organization, should seriously consider this option from a risk mitigation standpoint.