undefined

 

 

By Raghu Nandakumara, Head of Industry Solutions at Illumio

Ransomware is now one of the most prominent cyber threats, and the financial sector is a primary target. Ransomware attacks targeting financial organisations tripled from 2021 to 2022, so we asked Raghu Nandakumara, Head of Industry Solutions at Illumio, why ransomware is so prevalent within the financial sector? More importantly, what can you do to protect your business?

Why are there so many ransomware attacks today?

Ransomware is nothing new – it’s been around since the first virus was delivered by floppy disk. But in the last few years, ransomware has evolved into a ubiquitous cyber threat. Research commissioned by Illumio and conducted by ESG found that in the last two years alone, 76 per cent of organisations have fallen victim to ransomware. Yet, most companies have still not adopted an assume breach mindset and proactive approach to breach containment.

Ransomware is the weapon of choice for cybercriminals for a number of reasons. More advanced ransomware has spread through dark web marketplaces, often packaged in accessible “ransomware as a service” offerings. This means even unskilled criminals can now launch effective attacks. 

The attack surface has also dramatically expanded in the last few years. Your organisation is probably using multiple cloud services, devices, and endpoints – not to mention countless apps. Each new technology and entry point provides attackers with more security gaps and vulnerabilities to exploit. Together, these factors make ransomware a lucrative attack method that can net cybercriminals a huge payday. 

How do these attacks typically unfold, and what impact could they have on your business?

Most ransomware attacks follow a similar pattern. Ransomware actors hide inside networks for months before striking. They exploit common pathways for initial network access and ongoing movement throughout the organisation and perform actions across multiple stages to achieve their goals. 

For business leaders, the most worrying thing about ransomware is the fact that it has changed from just stealing data, to impacting availability. It is no longer just a security issue; it is an operational issue too with impacts including extended operational downtime, as well as huge financial and reputational damages.

Attackers are increasingly adopting a ‘double extortion’ approach, combining data encryption with exfiltration. In this case, attackers will use your organisation’s sensitive business and customer data as a bargaining chip, and most likely will sell it on the dark web even if their ransom demands are met.

Why is the financial sector so heavily targeted by ransomware? 

Most cyberattacks are financially motivated, so financial services will always be a prime target because of the “reward” on offer. The opportunity to empty customer bank accounts, or even access financial systems such as SWIFT, is an extremely lucrative proposition for organised cybercriminal groups. The vast caches of personal and financial data financial firms are trusted with safeguarding provides attackers with strong leverage for extortion demands and serves as a valuable commodity to sell on the dark web.

There’s also the fact that a severe incident could impact the wider economy, potentially disrupting trade and commerce. This gives attackers even more leverage and increases the likelihood of ransomware being paid.

Cybercriminals also know that the sector is undergoing massive digital transformation. We have seen a huge push to digitalise operations in response to changing customer behaviour, yet in the race to transform it’s easy for security to take a back seat. And many companies have not been able to fully move away from legacy infrastructure which is not equipped to cope with current digital threats. 

How can the finance sector improve its resilience against ransomware? 

The first step in improving resilience is adopting an “assume breach” mentality. This means accepting that breaches will happen and adjusting your security strategies to minimise risk. Not every breach needs to be catastrophic. The goal should be to mitigate and minimise the impact of an incident.

Ransomware’s success depends on maximising the reach and impact of an attack as quickly as possible, so you need to make breach containment a priority. Prevention and detection technology will help to stop attacks, but some will inevitably get through and you need to be prepared to limit the damage. 

One of the best ways to boost resilience against ransomware is to implement a Zero Trust approach. The “never trust, always verify” mantra of this model makes it harder for attackers to access critical systems using assets like stolen credentials. Typically, this consists of Zero Trust Network Access, identity, and Zero Trust Segmentation, the latter of which isolates intruders, making it far harder for them to move through networks, applications, or workloads undetected. Should a breach occur, it is contained to a limited area and unlikely to impact your customers or wider operations. 

 

Think of Zero Trust Segmentation like a hotel where each guest has their own key card. An intruder might be able to gain access to the lobby (an acceptable risk), but they can’t access other floors or rooms. Zero Trust Segmentation functions in the same way, ensuring the division of endpoints, clouds and data centres into segments to protect them from potential threats. Our research also found that organisations with mature Zero Trust Segmentation strategies are twice as likely to avoid a critical service outage and save $2.1 million on annual downtime costs. 

What else should firms be doing to protect against these threats?

Implementing a Zero Trust strategy and technologies like Zero Trust Segmentation should be part of an ongoing security transformation. It won’t happen overnight but can be implemented successfully in phases, with immediate benefits like full visibility of your IT estate realised almost immediately.  

At the same time, it’s important not to neglect basic cyber hygiene. Make sure you implement best practices like least privilege, multifactor authentication (MFA) and Single Sign On (SSO) to strengthen security and couple those with keeping up to date with security patches to close off the common attack paths adversaries rely on. This is critical given that staff and customers are increasingly accessing financial services remotely and across multiple devices. Strong access policies can help ensure this flexibility doesn’t come at the cost of increased risk exposure.

Ultimately, if you can get the basics right, coupled with a transformation plan to achieve Zero Trust security, you should be confident that your security can stand up to even the most sophisticated and tenacious threat actors.