In today’s uncertain workplace reality, C-suite executives at financial institutions seem to have an endless list of urgent priorities requiring their attention. From the healthcare and safety concerns of their employees posed by COVID-19, to the economic impact of the virus on their businesses, finance professionals have much to consider. And amid the global pandemic, recent reports have shown that there is another urgent, evolving worry that financial institutions must confront: Cybersecurity, and specifically, the threat of ransomware.
This is not to say that ransomware is a new threat, or that financial institutions have ignored cybersecurity in the past. Research has actually shown that the financial services industry allocates massive funds toward thwarting cyberattacks, with some organizations spending upward of $3,000 per full-time employee on cybersecurity. But no matter how much businesses spend to stay safe, motivated hackers always seem to find a way to exploit weaknesses. In fact despite the massive spending on security, in 2019, the financial services industry suffered 25 percent of all ransomware attacks and 70 percent of financial services businesses surveyed reported having experienced security incidents in the last 12 months. And while hackers are constantly developing and deploying new harmful threats, ransomware, which has been around for years, may pose today’s greatest risk.
As a result of the global COVID-19 pandemic, ransomware is arguably more prevalent and more dangerous than ever. This is largely in part due to the fact that COVID-19 has forced businesses of all shapes and sizes to institute mandatory work from home policies on the fly. Many of these remote work policies have unearthed glaring organizational security vulnerabilities which is particularly dangerous as more employees work outside of their offices’ hardware-based office security networks, away from IT support staff, using personal devices and through unsecured internet channels. Recent surveys found that two of the leading causes of past financial institution attacks were employees’ failure to follow security protocols and the employees using their personal devices for work-related tasks, both of which are far more likely to occur in work from home settings.
And hackers are not just acutely aware of these vulnerabilities, but eager to capitalize on these uncertainties caused by COVID-19. Hackers love ransomware specifically because it’s cheap and easy to deploy and targets a weakness that outdated security systems simply cannot protect against: the user. Ransomware works by disguising itself as a harmless email or link and once clicked by an unsuspecting employee, ransomware has the ability to shut down entire operating systems until a ransom is paid by the affected party. Already since the beginning of the outbreak, many industries have experienced an increase in coronavirus-related attacks and the finance sector has been particularly targeted during the outbreak. Between February and March, threat researchers recorded a 38 percent increase in cyberattacks against financial institutions.
It seems obvious why financial institutions make appealing targets too. The potential for a big payoff is simply too hard for bad actors to ignore. This simple fact may encourage hackers to demand alarming sums which is particularly disturbing given recent relaxation of finance reserve rules, meaning that financial institutions may have less liquid cash to pay a ransom should they be hit. But beyond the opportunity for a lucrative payday, financial institutions are also appealing targets as previous reporting has revealed successful infiltrations to be surprisingly easy. This is in part due to the fact that financial institutions and services regularly invest in innovation, make attempts to modernize their business and infrastructure and engage with third-party vendors and partners, all of which may expose them to increasing cybersecurity risks.
In order to prevent these attacks and breaches, financial institutions must deploy comprehensive cybersecurity strategies. And as work from home policies continue to expand as a result of COVID-19, these institutions must evolve to protect their data wherever their employees are located. Fortunately, there’s a way for organizations to stop and prevent hackers from trying to infiltrate their systems.
Financial institutions of all sizes should consider transitioning away from outdated, hardware-based security systems and implement solutions that follow users and devices no matter where they are. These modern, cloud-based cyber defenses monitor all internet traffic and prevent users from accidentally infecting systems regardless of whether employees are at the office or at home. By modernizing their security systems, to keep up with their increasing digital offerings, these institutions will take a very important step toward mitigating the risk of ransomware attacks and avoiding making headlines in the future for being forced to pay outrageous ransoms.
Paul Martini is CEO and founder of iboss, a cloud security company that provides network security as a service, delivered in the cloud, as a complete SaaS offering.