Today, the financial services industry is an appealing target for cyber criminals. Emerging technologies, such as artificial intelligence (AI), is paving the way to drive digital transformation—especially within the financial services industry in Asia Pacific. In a regulatory outlook study done by Deloitte, 56% of respondents agree that AI will transform their business within three years. With such technologies being deployed, it would mean having to store more data on the backend.
Arguably, consumers’ financial, banking, trading and superannuation information is some of the most important data held by organisations today. Earlier this year, 310,000 credit cards from Southeast Asian banks were breached, with data stolen sold on the dark web. According to a recent IBM study, financial services represent the main bulk of breaches in Southeast Asia. The stakes are incredibly high for the financial services industry to properly protect and secure this data. Failure on this front will result in incredible damage to the company’s reputation and huge financial costs.
In fact, the Monetary Authority of Singapore (MAS) has a set of legally binding requirements to improve and strengthen cybersecurity within the financial sector in Singapore. The new set of mandatory measures, which officially came into effect earlier in August this year, includes installing a robust security system and implementing measures to remediate the risk of malware, amongst others. Ransomware is incredibly complex and a huge responsibility for organisations, but there are steps that can be taken to mitigate risk from the get-go.
Understanding the threat
The main points of entry into any business for ransomware is through Remote Desktop Protocol (RDP) or other remote access mechanisms, phishing emails and software vulnerabilities. Knowing that these are the three main mechanisms is a huge help in focusing the scope of where to invest the most effort to be resilient from an attack vector perspective.
Most IT administrators use RDP for their daily work, with many RDP servers directly connected on the Internet. The reality is that Internet-connected RDP needs to stop. IT administrators can get creative on special IP addresses, redirecting RDP ports, complex passwords and more; but the data doesn’t lie that over half of ransomware comes in via RDP. This tells us that exposing RDP servers to the Internet does not align with a forward-thinking ransomware resiliency strategy.
The other frequent mode of entry is via phish mail. We’ve all seen email that doesn’t look right. The right thing to do is delete that item. Combined with training to help employees identify phishing emails or link, self-assessment tools can be an effective mode of first-line defense.
The third area that comes into play is the risk of exploiting vulnerabilities. Keeping systems up to date is an age-old IT responsibility that is more important than ever. Whilst this is not a glamourous task, it can quickly seem a good investment should a ransomware incident exploit a known and patched vulnerability.
Back up data
With so much at stake, organisations in the financial services industry must also prepare for the worst-case scenario and prepare an ultra-resilient backup storage.
The 3-2-1 rule is a good starting point for a general data management strategy. The 3-2-1 rule recommends that there should be at least three copies of important data, on at least two different types of media, with at least one of these copies being off-site. The best part is that this rule does not demand any particular type of hardware and is versatile enough to address nearly any failure scenario.
Do not pay the ransom
In spite of these techniques, businesses must still be prepared to remediate a threat if introduced. Our approach is simple. Do not pay the ransom. The only option is to restore data. Additionally, organisations need to plan their response when a threat is discovered.
In disasters of any type, communication becomes one of the first challenges to overcome. Have a plan for how to communicate to the right individuals out-of-band. This would include group text lists, phone numbers or other mechanisms that are commonly used to align communications across an extended team. In this contact book you also need security, incident response and identity management experts – internal or external.
There are also conversations to have around decision authority. Businesses must decide who makes the call to restore or to fail over before an incident takes place. Once a decision to restore has been made, organisations need to implement additional safety checks before putting systems back online. A decision also has to be made as to whether an entire virtual machine (VM) recovery is the best course of action, or if a file-level recovery makes more sense. Finally, the restoration process itself must be secure, running full anti-virus and anti-malware scans across all systems as well as forcing users to change their passwords post-recovery.
Whils ransomware is becoming an inerasably dominant threat across the financial services’ industry, there are definitely steps that can be taken to mitigate risk and prepare for the worst-case scenario. For all businesses today, having a full proof back up plan in place is incredibly important in ensuring the business survives and thrives through any potential cybercrimes.
The views expressed in this column are the author's own and do not necessarily reflect this publication's view, and this article is not edited by Singapore Business Review. The author was not remunerated for this article.
Do you know more about this story? Contact us anonymously through this link.
Anthony Spiteri is a Senior Global Technologist, vExpert, VCIX-NV and VCAP-DCV working in the Product Strategy group at Veeam. He currently focuses on Veeam’s Service Provider products and partners. He previously held Architectural Lead roles at some of Australia’s leading Cloud Providers. He is responsible for generating content, evangelism, collecting product feedback, and presenting at events. Anthony can be found blogging on anthonyspiteri.net.
Rick Vanover (Cisco Champion, VMware vExpert) is Senior Director of Product Strategy for Veeam Software based in Columbus, Ohio. Rick’s experience includes system administration and IT management; with virtualization, cloud and storage technologies being the central theme of his career recently. As a blogger, podcaster and active member of the IT community, Rick builds relationships and spreads excitement about Veeam solutions. Before becoming the “go-to” guy for Veeam questions, Rick was in system administration and IT management. His community designations include VMware vExpert and Cisco Champion.