Nearly every organization in the financial sector is confronting ransomware threats. In fact, over the past few months, new attacks including WannaCry to Petya have quickly come onto the scene and while the financial firms were not specifically targeted, there are lessons to be learned on proactively protecting data.
Ransomware is not a new type of attack and, in most cases, this type of attack is not very sophisticated. Essentially, ransomware is a type of malware that encrypts data and blocks any access from the owner or users. The only way to gain access to the locked data is by using a decryption key. The attacker will then ask for money in return for the decryption key. While the payout for the attacker very significant, the sheer number of these attacks are on the rise.
Recently, the Financial Services Information Sharing and Analysis Center (FS-ISAC) offered its members some concrete steps on improving readiness and response while managing data, and protecting against potential ransomware threats. Proper cyber hygiene, FS-ISAC stresses, is critical. It is often easier to prevent an attack than it is to clean up after one occurs. FS_ISAC recommends the following steps to stay vigilant, with a focus on defense and multiple layers of security.
1. Employee Education – when an incident occurs or your organization is made aware of a potential attack, let employees know what they are expected to do during an incident. Security operations staff should be prepared and rehearse ransomware scenarios as part of their training exercises.
2. Updating Systems – Operating systems and antivirus software should be kept up to date. Files should be backed up and available to reload, as needed. Backups should be tested in a real-world environment to ensure they can be restored in a rapid fashion.
3. Managing Users – Manage the use of privileged accounts and minimize administrator level access.
For a full list of recommendations, view the FS-ISAC whitepaper here.