|  Updated: 

Over-confidence and under-investment: why banks are on the back foot against ransomware

For unlucky financial institutions, a ransomware attack can seem like a high stakes game of poker. They’re faced with an opponent who claims a winning hand – having potentially encrypted and stolen large volumes of data. But how strong is their hand really? Are they bluffing? Did the IT team manage to pull the plug before serious damage was done? And can data be restored from backup?

For those able to hold their nerve and gain rapid insight into the “blast radius” of an attack, it may be possible to manage the fallout without losing too much sleep. But that requires the kind of mature cybersecurity posture that many organisations lack. Unfortunately, businesses are often over-confident and under-invested in the kind of tools that can help to mitigate ransomware risk. And those risks are growing all the time.

An attractive target

UK lenders may thus far have been spared a devastating headline-grabbing ransomware breach. But their counterparts in the US have been hit time and again in recent years, both directly and via their suppliers. That’s led UK Finance to describe ransomware as one of the most “significant” cyber-threats around, with “serious economic, security and public safety consequences for the financial sector and the UK economy at large.”

Attacks combine the prospect of large-scale data theft and service outages, both of which could cause major financial and reputational damage to a victim organisation. The average global cost of a data breach in financial services now stands at nearly $6m (£5.2m), the second highest sector after healthcare. That, and the highly monetisable nature of the customer data that banks store, makes the industry an attractive target for ransomware actors.

Respondents to a recent global Trend Micro study seem to agree. Over three-quarters (79%) argue that financial services is a more popular target than other verticals, and 87% think they’ll be a target going forward. And they’re right. Some 72% of responding banks say they’ve already been compromised by ransomware over the past three years, with most experiencing data encryption and leaks, and operational outages. The latter took days or weeks to resolve, in most cases.

Case Study & Research

Confidence but no insight

Unfortunately, awareness of the high-level threat is not translating into effective action to mitigate it. Why? Because most (75%) of the financial services IT and business leaders we spoke to believe their organisation is already adequately protected. That kind of confidence is not replicated in any of the other sectors we studied.

On the one hand, it’s somewhat justified. After all, financial services firms spend a lot on cyber security. And they’re getting the basics right: adding controls to tackle phishing, vulnerability exploitation and compromise of remote working infrastructure – the top attack vectors for ransomware.

Yet on the other hand, they’re not focused on what matters. Determined ransomware actors will always find a way into corporate networks. The key is discovering them before they’ve had time to fully map the network, steal the data and encrypt it. This is the job of detection and response tools with a network (NDR), endpoint (EDR) and multi-layered (XDR) focus. Unfortunately, adoption of these tools stands at less than 50% of the financial services firms we polled. Perhaps as a result, few are able to detect hackers as they gain initial access to networks, or when they begin to wander laterally from IT asset to asset.

It’s not me it’s you

This kind of visibility is critical not only in the context of protecting the organisation itself, but also its extended supply chain. Over half (56%) of financial services firms say a supplier has been compromised by ransomware in the past, most of which were partners and subsidiaries. A similar number argue that their suppliers actually make them a more attractive target. Increasingly digital partners including managed service providers (MSPs) are being targeted as a means to infect downstream customers.

More concerning still, most of the banks we polled admit they have a “significant” number of suppliers that are SMBs, which typically have fewer resources to spend on cyber. Sharing threat intelligence with them could help to improve the security posture of the entire ecosystem, and yet many don’t. Could it be that they don’t have the information to share in the first place?

The bottom line is that ransomware is here to stay. To give themselves the best chance of avoiding a serious breach, financial services firms need to see more clearly inside their own networks. That will help them to contain risk before it spreads, and give business leaders the confidence to call their opponents’ bluff.

To find out more: https://www.trendmicro.com/en_gb/about/financial-services.html

Subscribe

Subscribe to the City AM newsletter to have our top stories delivered directly to your inbox.

Subscribe
By signing up to our newsletters you agree to the Terms and Conditions and Privacy Policy.