Ransomware: Best Practice for Financial Services

After causing global chaos in 2017, ransomware is currently keeping everyone in a state of constant security alert. Financial organisations are particularly at risk, targeted by approximately 13% of total attacks*. The outcomes of these attacks can be highly damaging to organisations left reeling from data loss and extortion; their brand integrity and consumer confidence compromised.

Ransomware’s notoriety is unsurprising, considering its ability to evolve and surpass traditional data protection solutions. Beyond the use of sophisticated attack techniques, like social engineering, ransomware has been driven by key factors, such as security holes, lack of patching, and inadequate backup and recovery processes. And the appearance of anonymous e-currency as a payment method and the tendency to pay the ransom, has only served to propagate the problem.

In this threat landscape, stringent regulations such as GDPR legally require financial institutions to properly store and protect customer data along with other highly sensitive data. As they gain more users, adopt new technologies and face data upsurges, modern IT ecosystems must maintain the ability to collect, maintain and store data in changing environments. Financial organisations must know how to prepare for and recover from ransomware attacks. If implemented, the following best practices give them a fighting chance:

Use different credentials for backup storage

Standard and well-known anti-ransomware best practice, but crucial to follow. The username context that is used to access backup storage should be closely guarded and exclusive for that purpose. Other security contexts shouldn’t be able to access the backup storage other than the account(s) needed for the actual backup operations.

Start using the 3-2-1 Rule

Have three different copies of your media on two different media sites, one of which is off site. This will help address any failure scenario without requiring specific technology. Moreover, you should ensure that one of the copies is air-gapped, i.e., on offline media.

Have offline storage as part of the strategy

One of the best defences against propagation of ransomware encryption to the backup storage is to maintain offline storage. There are numerous offline (and semi-offline) storage options. These include:

  • Tape – completely offline when not being written or read from
  • Storage snapshots of primary storage – semi-offline technique for primary storage
  • Cloud – a different file system, authenticated differently and off site
  • Rotating hard drives (rotating media) – offline when not being written to or read from

Leverage different file systems for backup storage

Having different protocols involved can be another way to prepare for a ransomware attack. It’s imperative that users add backups on storage that require different authentication. Having a Linux system functioning as a repository is a good example.

Achieve complete visibility of your IT infrastructure

One of the biggest fears of ransomware is the possibility that it may propagate to other systems. Visibility into potential activity is of massive value – for example, a pre-defined alarm which triggers if a typical ransomware pattern is identified.

Use a backup copy mechanism

Backup copy allows you to create several instances of the same backup data in different locations, whether onsite or offsite and with different restore points and retention rules.

Educate all employees on ransomware not just your IT staff

Social engineering and phishing schemes are effective when companies do not educate employees on the dangers of ransomware nor the specific activities that leave the company vulnerable.

Financial organisations and their customers require 24.7.365 access to account information and mission critical data, while highly sensitive financial and PII data must be protected at all costs. We partner with Veeam Software as the innovative provider of solutions that deliver ‘Availability for the Always-On Enterprise’. Customers save time, mitigate risks, and dramatically reduce capital and operational costs.

‘Ransomware: Best Practice for Financial Services’ extracts taken from the Veeam whitepaper entitled ‘7 Proven Resilience Best Practices against Ransomware for Financial Services’.

* SonicWall Annual Threat Report, 2017

Download Whitepaper

After becoming one of the main cybersecurity threats in 2016 and causing global chaos in May 2017, ransomware is currently keeping everyone in a state of constant security alert. Find out more by downloading the whitepaper.

Download Whitepaper