Financial businesses should be planning for after ransomware attacks

Johannesburg, 19 Jan 2022
Read time 5min 00sec
Wayne Olsen, Managing Executive: Cyber Security, BCX.
Wayne Olsen, Managing Executive: Cyber Security, BCX.

The chances of falling victim to a ransomware attack are virtually 100%, but few organisations have planned adequately for what to do after an attack.

This is according to Wayne Olsen, Managing Executive Cyber Security at BCX, who says with risk on the rise and a successful attack a given, what to do after the ransomware attack should be a top priority. “This is particularly true for the financial services sector, which is among the top targets of cyber criminals,” he says.

The guidelines that manage the financial service sector are strict, for good reason, Olsen says. “Companies within this sector are under immense pressure to remain secure against constant attacks. One unexpected vulnerability or user error can reduce an organisation to data rubble, or permanently ruin its reputation. The financial services sector suffers the most expensive breaches because it is the most lucrative and juiciest of targets. For example, a global financial corporation in the insurance industry paid hackers $40 million in March this year – described as perhaps the biggest ransom payment ever. This makes collaborating with a trusted partner that specialises in security a smart move for a sector that needs absolute vigilance and compliance.”

Olsen adds: “In all the breaches we have assisted clients with this year, bad basic cyber hygiene has been the root cause of every attack. The attackers were able to elevate privileges across each organisation with ease once they had established a beachhead. We need to remember, the device that was patient zero is never the intended target and, in fact, in many of the cases, the attacker doesn’t know what the target is. Being able to move freely across the network undetected allows them to identify critical targets and this takes months of reconnaissance. In one instance we noticed an attacker had been inside the network since as far back as 2017.

“Every financial sector institution knows about training, passwords, security hygiene, patching and the importance of ticking every box to remain compliant and within increasingly tight regulatory restrictions, but very few conversations are being had about what financial organisations should do after a successful ransomware attack. And this is a critical conversation. Companies in this sector can’t afford to be frozen in place while they try to figure out what happens next,” Olsen says.

He notes that the costs associated with cyber crime are crippling, extending beyond the actual ransom to the cost of downtime, remediation and reputation management.

In 2020, a report by Cybersecurity Ventures and Intrusion predicted that the global cost of cyber crime will exceed $6 trillion by the end of 2021 and top $10.5 billion by 2025, making the cyber crime economy the third-largest economy in the world. The average data breach now costs an organisation $3.86 million, according to the Ponemon Institute's latest Cost of a Data Breach Report.

“The statistics point to the fact that most companies will experience at least one a year – and some will experience several in a month,” Olsen says. “It’s become increasingly important for organisations to invest in clear policies and strategies that allow them to flex and adapt appropriately in a cyber attack. These policies should include everything from how to handle ransomware, through to employee awareness training, security service provider engagements and the multiple touch points in between.”

A robust security strategy will outline precisely what needs to be done in the event of a specific type of attack, including which systems to shut down, which security teams to activate and how to incorporate the impact of the compliance mandates that regulate this sector, he says.

“It’s worth having very clear mandates in place from the outset as they will help you plan for every eventuality. This means your first step should be to put these frameworks in place,” says Olsen. “The next step should be to determine exactly how the attack should be reported and what professional help will be needed to mitigate the damage.

A trusted security service provider is an asset, particularly in the event of a successful ransomware attack. Expert incident response capabilities are critical and can make the difference between a few days of downtime and a few weeks. They will collaborate with you to develop a strategy that outlines the precise touch points and processes that need to be put in place to protect you going forward. If you notify the right people at the right time, you can potentially save more of your data and prevent other companies from experiencing the same attack.”

Olsen says an experienced cyber security service provider is invaluable in ensuring that organisations are able to restore their business and systems to the right state and identifying vulnerabilities and issues that can be resolved to minimise the risk of an attack happening again. He notes: “They will also have access to a forensic team that can step in to potentially rescue your data and incorporate the expertise of an incident response team that can tackle the problem methodically.

“Organisations cannot let the risks control their business and future. With a trusted security partner like BCX on your side, you can handle the complexities of a successful attack intelligently and with a measurably reduced impact on the bottom line and business. We ensure that you are prepared, for everything, because we have the security operations centre (SOC), incident response teams, alliances, technology and platforms that have been designed to make your security our priority.” 

See also