Redirecting the Focus of Ransomware in Our Credit Unions
With ransomware no longer being a possibility, but a guarantee, CUs must be proactive and keep detection top of mind.
Floppy disks. That’s where ransomware got its start, when the first attack was documented in 1989. It’s been over 30 years since then and a lot has changed. Believe me – I’ve been in the field of security for many years, and I’ve seen the evolution of ransomware from the elementary stages of floppy disk attacks to the sophisticated and complex global attacks of modern day.
Sophos, an IT security company, conducted a study of 550 IT decisionmakers across a variety of business sectors in 2021, including financial services, to see how they’ve dealt with ransomware. Out of all the statistics in their findings, here are some worth noting:
- 34% of financial organizations experienced ransomware attacks within the past year.
- 25% of financial organizations who had their data encrypted paid the ransom.
- The average cost for financial organizations to recover from ransomware attacks was more than $2 million.
So, almost a third of financial services organizations surveyed were targeted in 2021. Sure, only a portion of them paid the ransom to have their encrypted data returned to them but the attacks still came with a hefty multimillion dollar price tag. That’s an especially hard pill to swallow because the actual ransom only accounted for a portion of that, an average of $69,369. Additional costs stemmed from recovery efforts in terms of staff time; software, hardware and network costs; interruption of service; reputational damages and more.
The point is, it’s about time we redirect the way we view cybersecurity and ransomware. Gone are the days of floppy disks and small-scale ransomware attacks. Since the pandemic began, ransomware attacks have increased at an alarming rate of nearly 500%. Financial institutions need to recognize that we are the targets and it’s not a matter of if we’ll experience of an attack, but when. With that new frame of mind, we can proactively prepare for the inevitable instead of waiting to see if we’ll be the next victim.
What I really want to emphasize is the importance of preparedness – because you can never be TOO prepared in the realm of cybersecurity. To do that, credit unions should be looking at ransomware from two different angles – prevention and detection. Prevention is the strategic efforts behind the scenes to make attacks less likely or harder to achieve. Nothing is impenetrable, but a keen focus on prevention will ensure that you have measures put in place to avoid, as well as manage an attack. Detection, on the other hand, is monitoring and identifying potential ransomware threats so they don’t leave your institution unawares and scrambling to mitigate an escalating situation. Here are some of my suggestions for addressing both prevention and detection when it comes to ransomware:
Prevention of Ransomware
- Install patches and minimize vulnerabilities. I can’t stress the importance of patches enough. One of the biggest hazards of cybersecurity is the tiny little gaps in your hardware and software that are left open for hackers because updates weren’t put in place. When patches are missing, these gaps become vulnerabilities, which then create opportunities for attackers to move in. Stay vigilant on patches for all of your systems, networks, software, etc. so that you can perform patch management in a timely manner. This also extends to any third-party vendors you partner with as well – due diligence is always recommended so you aren’t left blindsided by attacks, and therefore suffer service interruptions or data breaches via your vendors.
- Restrict access through the “principle of least privilege.” You may have also heard this referred to as Zero Trust, but the idea behind this principle is to, as much as possible, only give those who need access to certain systems, servers and so on the rights to do so. Know where read-only access and administrator privileges apply versus leaving everything open with full access. This will reduce the risk of attackers gaining full access to restricted areas, leaving them unable to encrypt files with ransomware. At the very least, it will force attackers to work harder to accomplish their devious mission, giving your credit union more time to act.
- Require authentication every step of the way. The more authentication checkpoints you have along the way in your IT infrastructure, the harder it is going to be for ransomware to successfully inhibit your systems. Multifactor authentication, remote work configurations, role-based authentication and updated legacy protocols are just a few of the ways you can ensure that any entryways are secure against unauthorized individuals.
Detection of Ransomware
- Consistently monitor. How can you be most informed about activity within your credit union’s systems and networks? Keep an eye on it at all times. Activity logs can easily be enabled throughout your infrastructure. Use these logs to look for suspicious activity that could lead you to potential ransomware (and other cybersecurity) attacks, such as unusual transaction volumes, unidentified authorizations, requests for access to restricted destinations and more. And to make it even easier, you can employ Security Information and Event Monitoring (SIEM) to automate this process and notify you in real time.
- Have emergency and incident response plans at the ready. Detection is a great tool – if you have a plan for dealing with the situation when it occurs. That’s why monitoring is only one piece of the puzzle. Before an attack becomes reality, it’s best to have your policies, plans and processes all laid out so you’re ready to switch to mitigation mode at the drop of a hat. It’s also advisable to have a ransomware or cybersecurity team on deck. Then, once all your plans and people are in place, perform practice drills to see how they stand up in a potential ransomware situation. Make changes if necessary so you can be sure whatever course of action you decide on will be helpful when a real-world ransomware situation unfolds. The key is to think ahead – identify your teams, determine the appropriate response and get ready to play defense.
Protect and Detect, but Also Be Aware
Ransomware prevention and detection are absolutely necessary, but they don’t mean much without awareness. If your staff is left in the dark about what ransomware might look like or how it can find its way into your credit union, it’s all for naught. The reality is that ransomware most often enters your organization through a social engineering or phishing email. If staff don’t know to be wary of unexpected emails or not to click on links without knowing the source, they could unknowingly grant admittance to attackers and cost your organization $2 million or more in recovery. So, it bears repeating that the better your staff is at identifying social engineering and phishing emails, the less likely it is that your credit union will fall victim to ransomware.
Ransomware may have started in the days of floppy disks, but it is as big a threat now as ever, maybe even more so with current events creating ripples of chaos around the globe. That means we as credit unions need to redirect how we think about this danger because it’s no longer a possibility, it’s a guarantee. By being proactive and keeping detection top of mind, we’ll know where to focus our efforts in the fight against ransomware. And that’s exactly where we want to be!
Mike Bechtel is Information Security Analyst for the $6.2 billion Vizo Financial Corporate Credit Union in Greensboro, N.C.