Over the past decade, as organizations worldwide have increasingly embraced the digitalization of their commercial operations, cybersecurity has evolved from a specialized technological endeavor into a standard practice for mitigating risk.
According to ZScaler’s State of Ransomware Report, in 2023, the frequency of ransomware attacks rose by 73% from the previous year, where the total payouts surpassed over one billion USD, with the average attack requesting a payout ranging anywhere from $100,000 to $5 million. This does not reflect the many attempts or successful attacks that go undetected or unreported.
Financial institutions, including those in the foreign exchange and cryptocurrency sectors, are targeted by malicious actors due to their high liquidity and digital dependency. Consequently, establishing robust cyber defenses is critical to protecting important services and maintaining customer trust.
This article covers steps that financial institutions should consider taking to mitigate the risks of ransomware, considering both the potentially high costs of attacks and the significant investments required for effective cybersecurity measures. It is important to note that this type of risk can never be fully mitigated, and any investment will depend on organizational maturity and risk appetite.
Understanding the Threat Landscape
If cybercrime were measured as a country, it would be the world’s third-largest economy after the United States and China. Ransomware encrypts a computer system and denies user access, holding the decryption key in exchange for a ransom. Since the infamous WannaCry attack in 2017, ransomware has shown no respect for geopolitical boundaries, affecting systems worldwide. However, the nature of cyberattacks and the dynamics of ransomware have evolved significantly over the past several years.
7 years ago, at 07:44 UTC on May 12, 2017, the worldwide WannaCry ransomware attack began.
The attack was estimated to have affected more than 300,000 computers across 150 countries, with total damages ranging from hundreds of millions to billions of dollars.… pic.twitter.com/zuyzDLCQxx
— HackManac (@H4ckManac) May 13, 2024
The concept of “big game hunting”—targeting high-value entities such as banks and financial institutions whose disruption could harm a nation’s economy—is emphasized by the Ransomware-as-a-Service model. This model enables adversarial nation-states or organized crime groups to develop sophisticated malware while lowering the barrier to entry for cybercriminals and threat actors, using these groups as proxies in loosely coordinated campaigns against economically significant sectors.
For financial institutions, the fallout from a ransomware attack can be catastrophic, potentially leading to operational disruption, significant financial loss, and erosion of customer trust. It is vital for these institutions to stay informed about the latest ransomware tactics and the vulnerabilities within their technology stack through advanced threat intelligence and global cybersecurity networks.
Establishing an Enterprise Security Framework
An information security framework consists of documented processes that define the structure for developing a corporate policy. This policy outlines the key elements of the security governance structure, assigns responsibilities, and aligns security practices with business goals. These policies are generally divided into three key segments: regulatory, advisory, and informative.
Ensuring alignment with industry standards such as the U.S. Department of Commerce’s NIST Cybersecurity Framework (CSF), which provides a structured approach to managing cybersecurity risks, emphasizing the need to identify, protect, detect, respond, and recover from incidents. It guides institutions in prioritizing cybersecurity initiatives and effectively allocating resources. By integrating a robust enterprise security framework through corporate policies and operational processes, financial institutions can strengthen their overall security posture.
Managing cybersecurity risks isn’t just about protecting your company from attacks, it’s about protecting your clients, your reputation, and your bottom line. pic.twitter.com/fM4YiQBBr7
— ASC Networks (@ascnetworks) April 25, 2024
Secure Data Backups
Given that ransomware exploits the critical need for organizations to access their data, maintaining frequent and secure offsite data backups can enable institutions to restore operations, provided the ransomware has not also impacted the backups(s). Many threat actors involved in ransomware campaigns are often blacklisted by the United States Department of the Treasury, making ransom payments a potential violation of international sanctions. Therefore, organizations attempt to recover rather than make payments.
However, backups themselves are of no use if the backup copy is compromised. Therefore, organizations must ensure backups are secure and resilient in their own right.
Employee Training and Awareness
Organizations invest heavily in securing their infrastructure, applications, and overall network environment. However, the security of digital networks is only as robust as the people operating them. It’s often easier for hackers to (metaphorically) “knock on the door” rather than “break it down.”
Phishing emails, which initiate about 90% of ransomware attacks, target employees with access to sensitive networks. This underscores the importance of training and awareness, positioning these elements at the forefront of an organization’s enterprise security framework. As cyber threats evolve, training programs must also adapt, fostering a culture where security awareness is paramount and suspicious activities are promptly reported.
— Cisco (@Cisco) August 15, 2023
Incident Response and Recovery Plans
A well-defined, regularly tested incident response plan is crucial. This plan should outline the steps for isolating affected systems, communicating with stakeholders, and involving external experts (e.g. legal and forensics) to limit damage and reduce recovery time and costs, both direct (such as re-provisioning) and indirect (such as loss of reputation and market share).
Costs of Cybersecurity: Penetration Testing for Blockchain Networks
Penetration testing for blockchain, vital for cryptocurrency exchanges, can be viewed as expensive. However, with cyber incidents on crypto exchanges or de-fi projects potentially resulting in losses in the hundreds of millions, the high cost of testing is a justified investment in security and operational integrity. However, it may pose a barrier to entry for innovative startups looking to develop their service offerings in this sector.
Bridge hacks have accounted for 2/3 of the $3B that has been stolen from DeFi.@AxieInfinity‘s @Ronin_Network bridge hack has been the largest to date at $600M lost. pic.twitter.com/5IAuTqShMO
— Messari (@MessariCrypto) August 30, 2022
Partnerships and Collaboration
Building partnerships with other financial entities, technology providers, and cybersecurity firms enhances security efforts. These collaborations can lead to the development of new security standards and protocols that benefit the entire industry.
Navigating the complexities of digital security requires vigilance and adaptation. By investing in enhanced cybersecurity measures, financial institutions, particularly those in the foreign exchange and cryptocurrency sectors, not only defend against immediate threats but also build a foundation for long-term security and trustworthiness. The significant costs associated with securing blockchain networks, while substantial, are essential expenditures that underpin the operational viability and resilience of these institutions.
Over the past decade, as organizations worldwide have increasingly embraced the digitalization of their commercial operations, cybersecurity has evolved from a specialized technological endeavor into a standard practice for mitigating risk.
According to ZScaler’s State of Ransomware Report, in 2023, the frequency of ransomware attacks rose by 73% from the previous year, where the total payouts surpassed over one billion USD, with the average attack requesting a payout ranging anywhere from $100,000 to $5 million. This does not reflect the many attempts or successful attacks that go undetected or unreported.
Financial institutions, including those in the foreign exchange and cryptocurrency sectors, are targeted by malicious actors due to their high liquidity and digital dependency. Consequently, establishing robust cyber defenses is critical to protecting important services and maintaining customer trust.
This article covers steps that financial institutions should consider taking to mitigate the risks of ransomware, considering both the potentially high costs of attacks and the significant investments required for effective cybersecurity measures. It is important to note that this type of risk can never be fully mitigated, and any investment will depend on organizational maturity and risk appetite.
Understanding the Threat Landscape
If cybercrime were measured as a country, it would be the world’s third-largest economy after the United States and China. Ransomware encrypts a computer system and denies user access, holding the decryption key in exchange for a ransom. Since the infamous WannaCry attack in 2017, ransomware has shown no respect for geopolitical boundaries, affecting systems worldwide. However, the nature of cyberattacks and the dynamics of ransomware have evolved significantly over the past several years.
7 years ago, at 07:44 UTC on May 12, 2017, the worldwide WannaCry ransomware attack began.
The attack was estimated to have affected more than 300,000 computers across 150 countries, with total damages ranging from hundreds of millions to billions of dollars.… pic.twitter.com/zuyzDLCQxx
— HackManac (@H4ckManac) May 13, 2024
The concept of “big game hunting”—targeting high-value entities such as banks and financial institutions whose disruption could harm a nation’s economy—is emphasized by the Ransomware-as-a-Service model. This model enables adversarial nation-states or organized crime groups to develop sophisticated malware while lowering the barrier to entry for cybercriminals and threat actors, using these groups as proxies in loosely coordinated campaigns against economically significant sectors.
For financial institutions, the fallout from a ransomware attack can be catastrophic, potentially leading to operational disruption, significant financial loss, and erosion of customer trust. It is vital for these institutions to stay informed about the latest ransomware tactics and the vulnerabilities within their technology stack through advanced threat intelligence and global cybersecurity networks.
Establishing an Enterprise Security Framework
An information security framework consists of documented processes that define the structure for developing a corporate policy. This policy outlines the key elements of the security governance structure, assigns responsibilities, and aligns security practices with business goals. These policies are generally divided into three key segments: regulatory, advisory, and informative.
Ensuring alignment with industry standards such as the U.S. Department of Commerce’s NIST Cybersecurity Framework (CSF), which provides a structured approach to managing cybersecurity risks, emphasizing the need to identify, protect, detect, respond, and recover from incidents. It guides institutions in prioritizing cybersecurity initiatives and effectively allocating resources. By integrating a robust enterprise security framework through corporate policies and operational processes, financial institutions can strengthen their overall security posture.
Managing cybersecurity risks isn’t just about protecting your company from attacks, it’s about protecting your clients, your reputation, and your bottom line. pic.twitter.com/fM4YiQBBr7
— ASC Networks (@ascnetworks) April 25, 2024
Secure Data Backups
Given that ransomware exploits the critical need for organizations to access their data, maintaining frequent and secure offsite data backups can enable institutions to restore operations, provided the ransomware has not also impacted the backups(s). Many threat actors involved in ransomware campaigns are often blacklisted by the United States Department of the Treasury, making ransom payments a potential violation of international sanctions. Therefore, organizations attempt to recover rather than make payments.
However, backups themselves are of no use if the backup copy is compromised. Therefore, organizations must ensure backups are secure and resilient in their own right.
Employee Training and Awareness
Organizations invest heavily in securing their infrastructure, applications, and overall network environment. However, the security of digital networks is only as robust as the people operating them. It’s often easier for hackers to (metaphorically) “knock on the door” rather than “break it down.”
Phishing emails, which initiate about 90% of ransomware attacks, target employees with access to sensitive networks. This underscores the importance of training and awareness, positioning these elements at the forefront of an organization’s enterprise security framework. As cyber threats evolve, training programs must also adapt, fostering a culture where security awareness is paramount and suspicious activities are promptly reported.
— Cisco (@Cisco) August 15, 2023
Incident Response and Recovery Plans
A well-defined, regularly tested incident response plan is crucial. This plan should outline the steps for isolating affected systems, communicating with stakeholders, and involving external experts (e.g. legal and forensics) to limit damage and reduce recovery time and costs, both direct (such as re-provisioning) and indirect (such as loss of reputation and market share).
Costs of Cybersecurity: Penetration Testing for Blockchain Networks
Penetration testing for blockchain, vital for cryptocurrency exchanges, can be viewed as expensive. However, with cyber incidents on crypto exchanges or de-fi projects potentially resulting in losses in the hundreds of millions, the high cost of testing is a justified investment in security and operational integrity. However, it may pose a barrier to entry for innovative startups looking to develop their service offerings in this sector.
Bridge hacks have accounted for 2/3 of the $3B that has been stolen from DeFi.@AxieInfinity‘s @Ronin_Network bridge hack has been the largest to date at $600M lost. pic.twitter.com/5IAuTqShMO
— Messari (@MessariCrypto) August 30, 2022
Partnerships and Collaboration
Building partnerships with other financial entities, technology providers, and cybersecurity firms enhances security efforts. These collaborations can lead to the development of new security standards and protocols that benefit the entire industry.
Navigating the complexities of digital security requires vigilance and adaptation. By investing in enhanced cybersecurity measures, financial institutions, particularly those in the foreign exchange and cryptocurrency sectors, not only defend against immediate threats but also build a foundation for long-term security and trustworthiness. The significant costs associated with securing blockchain networks, while substantial, are essential expenditures that underpin the operational viability and resilience of these institutions.
