The days of Bonnie and Clyde-style bank robberies are over. No need to go to the bank when cybercriminals can rob it from the comfort of their own home. That’s essentially what cybercriminals do via ransomware attacks.
When bad actors think of organizations with the most amount of highly sensitive information, as well as the most “wealthy” and willing to shell out for a ransom payment, it’s no surprise that financial institutions are a primary target. Cybercriminals narrowed their focus, and found success, deploying ransomware attacks against financial institutions. Victims range from small, regional banks to national financial agencies such as Brazil’s National Treasury.
What started a couple decades ago has transformed into a successful, lucrative operation for cybercriminal groups. Major ransomware players—Conti, REvil, Darkside, Clop, and Ragnar have become household names and new players—Hive, BlackMatter, AvosLocker and others—have entered the market. Bad actors have curated advanced techniques, adopted ransomware-as-a-service models, exploited new vectors and demanded outrageous payments—a $40 million ransom payment made by CNA Financial in March 2021 has been the largest payout to date. So, where does that leave us? What’s in store for ransomware in the financial sector this year and beyond?
New ransomware use cases on the rise
The way organizations operate now has drastically changed from when ransomware first emerged on the scene. Ransomware actually started back in the 1980s—yes, back in the floppy disk days. Think of how far technology has come since then and how much of our world has been digitized. Companies depend on these new digitized systems, and in the past couple of years we’ve truly immersed ourselves in digital transformation. These trends created new use cases and attack vectors for ransomware.
Threat actors usually disseminate ransomware through malicious documents downloaded via email. This has been a tried-and-true tactic for cybercriminals for years, but with digital transformations and increased teleworking policies, two new use cases have emerged: third-party ecosystems and the cloud.
The use of third parties
Third-party ecosystems for financial services companies consist of the digital products and service providers that these organizations integrate to conduct operations virtually or in digital environments. Think of Zelle. It’s a digital payments network that partners with most of the major banks as well as many smaller regional and local banks. Banks leverage Zelle to let consumers transfer money from one bank account to another, traditionally through their online banking platforms.
Zelle has become widely used, but there are many other products, service providers, APIs, and digital software that financial institutions rely on every day. While these companies help financial organizations create user friendly, accessible platforms and streamline internal processes, they also open up institutions to increased risk. Consider the cyberattack on Morgan Stanley last year. In the summer of 2021, Morgan Stanley announced that customer social security numbers were breached after the company was involved in a security incident because of a cyberattack impacting Accellion, one of Morgan Stanley’s vendors. Financial institutions traditionally have strong cyber defenses, but organizations are only as strong as their weakest third party. Bad actors always choose the path of least resistance, and often, they easily use third parties as avenues to larger targets.
Moving to the cloud
Financial institutions traditionally are slow to adopt the cloud, but that will change. Many financial institutions have prioritized public cloud adoption over the next few years. In fact, a recent Google Cloud survey reports 83% of surveyed financial services companies are deploying cloud technology as part of primary computing infrastructures. Increased usage of the cloud means migrating content-rich applications to the cloud, such as credit card, mortgage applications and storing customer and partner content in cloud data platforms.
And here’s where organizations make missteps. Many do not realize that they cannot use the same cybersecurity policies and processes in public cloud infrastructure as they did in self-hosted data-center infrastructure. For example, many organizations leveraged layers of firewalls to protect malicious activity on the servers that they knew the application was running on. Now, this approach isn’t as effective given that content runs on cloud servers outside of the enterprise. Bad actors continue to exploit the reality that organizations are not adapting their security policies and strategies to accommodate the shift to the cloud. Because of this, they can easily find loopholes in security coverage to access sensitive content hosted within cloud environments. Today’s user-friendly business processes require a new, modern approach to security – one that’s usable and enables secure business continuity.
A content-focused, approach to cybersecurity
Everything around us constantly gets upgraded to new and improved technologies. To put it in perspective, Apple has introduced 34 versions of the iPhone since 2007, each one with new capabilities. It’s also true with the business technologies that organizations rely on every day. And, just like how people upgrade their phone every couple of years, they need to do the same with security technology.
Organizations often fall down when they do upgrade the legacy security systems they have in place. They often try to plug the gaps by bringing on new security solutions in addition to the legacy systems they have in place, but that can quickly become very complex and expensive.
Companies really need to make a complete overhaul of the security stack and upgrade the entire system, but organizations often don’t have the resources to do so. There’s no shortage of solutions in the cybersecurity market that can offer the necessary protection that financial institutions need. Modern approaches to cybersecurity can start with focusing on how businesses use content. And, unlike traditional security technologies, many of these solutions are built with the end user in mind and enhance productivity among the workforce. Doing so may protect the company from a destructive and costly digital heist.
Ravi Srinivasan, chief executive officer, Votiro