Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Top Stories

7 PROVEN RESILIENCE BEST PRACTICES AGAINST RANSOMWARE FOR FINANCIAL INSTITUTIONS IN THE MIDDLE EAST
7 PROVEN RESILIENCE BEST PRACTICES AGAINST RANSOMWARE FOR FINANCIAL INSTITUTIONS IN THE MIDDLE EAST

Published : , on

By: Gregg Petersen, Regional Vice President, Middle East & Africa at Veeam Software

Gregg Petersen, Regional Vice President, Middle East & Africa at Veeam Software

Gregg Petersen, Regional Vice President, Middle East & Africa at Veeam Software

After becoming one of the main cybersecurity threats in 2016 and causing global chaos in May 2017, ransomware is currently keeping everyone in a state of constant security alert. Financial organizations are particularly at risk, targeted by approximately 13% of total attacks[1] . Ransomware was actually reported as the number one vector of security risk in the financial sector in the 2016 SANS Survey, reported by 55% of the financial services firms surveyed. The outcomes of these attacks can be highly damaging. Hackers successfully extorted a total of up to half a billion dollars from more than 32% of financial institutions in 2016 alone.

How ransomware impacts the financial services industry

Despite the increasing number of attacks on financial institutions, public announcements of ransomware infections are rarely made due to the grave brand integrity and consumer confidence consequences. However, numerous attacks were reported in the last few years. Armada Collective attacked three Greek banks, encrypting valuable data and asking for €7 million (20,000 Bitcoin) from each bank, followed by three other attacks in a span of five days. Fortunately, these attempts failed, as the banks successfully leveraged their defense strategies instead of paying the ransom[2].

A 2016 report by SentinelOne on ransomware highlighted that the most vulnerable data for ransomware attacks are employee records, financial data, customer information, product & IP, payroll / HR and research.

Ransomware’s notoriety is not a surprise, considering its ability to evolve and surpass traditional data protection solutions. Beyond the use of sophisticated attack techniques, such as social engineering and the development of Ransomware as a Service platforms, ransomware has been driven by certain key factors, such as security holes, lack of IT security knowledge, wrong permissions, lack of patching, and inadequate backup and recovery processes. Finally, the appearance of anonymous e-currency as a payment method as well as the decision to pay the ransom contribute greatly to encouraging cybercriminals’ future attempts.

Keeping up with compliance and Availability challenges

In this threat landscape, stringent regulations, such as PCI, DSS, GLBA or GDPR and data breach notification requirements, legally require financial institutions to properly store and protect customer data along with other highly sensitive data. As they gain more users, adopt new technologies and face data upsurges, modern IT ecosystems must maintain the ability to collect, maintain and store data in changing environments.

7 best practices for ransomware resilience in financial services

  1. Use different credentials for backup storage: Although this is a standard and well-known anti-ransomware best practice, it’s crucial to follow. The username context that is used to access backup storage should be closely guarded and exclusive for that purpose. Additionally, other security contexts shouldn’t be able to access the backup storage other than the account(s) needed for the actual backup operations. Do not use DOMAIN / Administrator for everything.
  2. Start using the 3-2-1 Rule:Veeam promotes the 3-2-1 Rule often and for good reason. It essentially states to have three different copies of your media on two different media sites, one of which is off site. This will help address any failure scenario without requiring specific technology. Moreover, to effectively prepare in the advent of a ransomware attack, you should ensure that one of the copies is air-gapped, i.e., on offline media. The offline storage options listed below highlight many options where you can implement an offline or semi-offline copy of the data.
  3. Have offline storage as part of the Availability strategy: One of the best defenses against propagation of ransomware encryption to the backup storage is to maintain offline storage. There are numerous offline (and semi-offline) storage options. These include:
    1. Tape: Completely offline when not being written or read from
    2. Storage snapshots of primary storage: A semi-offline technique for primary storage, but if the storage device holding backup supports this capability, it is worth leveraging to prevent ransomware attacks. It is important to consider that this strategy is not entirely failsafe and must be taken as only one of the key steps needed in ensuring ransomware preparedness
    3. Cloud: A great additional resource for resiliency against ransomware. For one, it’s a different file system, and secondly, it is authenticated differently.
    4. Rotating hard drives (rotating media): Offline when not being written to or read from
  4. Leverage different file systems for backup storage: Having different protocols involved can be another way to prepare for a ransomware attack. It’s imperative that users add backups on storage that require different authentication.
  5. Achieve complete visibility of your IT infrastructure: One of the biggest fears of ransomware is the possibility that it may propagate to other systems. Gaining visibility into potential activity is a massive value-add. An Availability solution should have a pre-defined alarm that will trigger if there are a lot of writes and high processor utilization, which is a typical ransomware pattern.
  6. Let the Backup Copy Job do the work for you: The Backup Copy Job is a great mechanism to have in order to create restore points on different storage and with different retention rules than the regular backup job. When the previous points are incorporated, the Backup Copy Job can be a valuable mechanism in a ransomware situation because there are different restore points in use with the Backup Copy Job. However, with the Backup Copy Job being a VBK file, it can also get infected with ransomware unless the copy is in a cloud, on tape or air-gapped.
  7. Educate all employees on ransomware not just your IT staff: Social engineering and phishing schemes are effective when companies do not educate employees on the dangers of ransomware nor the specific activities that leave the company vulnerable. Establish a strong source of education, communication and support to ensure the entire company is equipped to avoid propagating a ransomware attack.

[1] SonicWall Annual Threat Report, 2017

[2]Digital Guardian: Biggest ransomware attacks

Uma Rajagopal has been managing the posting of content for multiple platforms since 2021, including Global Banking & Finance Review, Asset Digest, Biz Dispatch, Blockchain Tribune, Business Express, Brands Journal, Companies Digest, Economy Standard, Entrepreneur Tribune, Finance Digest, Fintech Herald, Global Islamic Finance Magazine, International Releases, Online World News, Luxury Adviser, Palmbay Herald, Startup Observer, Technology Dispatch, Trading Herald, and Wealth Tribune. Her role ensures that content is published accurately and efficiently across these diverse publications.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post