Skip to main content

7 Proven Resilience Best Practices against Ransomware for Financial Institutions in the Middle East

By:  Gregg Petersen, Regional Vice President, Middle East & Africa at Veeam Software
After becoming one of the main cybersecurity threats in 2016 and causing global chaos in May 2017, ransomware is currently keeping everyone in a state of constant security alert. Financial organizations are particularly at risk, targeted by approximately 13% of total attacks . Ransomware was actually reported as the number one vector of security risk in the financial sector in the 2016 SANS Survey, reported by 55% of the financial services firms surveyed. The outcomes of these attacks can be highly damaging. Hackers successfully extorted a total of up to half a billion dollars from more than 32% of financial institutions in 2016 alone.
How ransomware impacts the financial services industry
Despite the increasing number of attacks on financial institutions, public announcements of ransomware infections are rarely made due to the grave brand integrity and consumer confidence consequences. However, numerous attacks were reported in the last few years. Armada Collective attacked three Greek banks, encrypting valuable data and asking for €7 million (20,000 Bitcoin) from each bank, followed by three other attacks in a span of five days. Fortunately, these attempts failed, as the banks successfully leveraged their defense strategies instead of paying the ransom.
A 2016 report by SentinelOne on ransomware highlighted that the most vulnerable data for ransomware attacks are employee records, financial data, customer information, product & IP, payroll / HR and research.
Ransomware’s notoriety is not a surprise, considering its ability to evolve and surpass traditional data protection solutions. Beyond the use of sophisticated attack techniques, such as social engineering and the development of Ransomware as a Service platforms, ransomware has been driven by certain key factors, such as security holes, lack of IT security knowledge, wrong permissions, lack of patching, and inadequate backup and recovery processes. Finally, the appearance of anonymous e-currency as a payment method as well as the decision to pay the ransom contribute greatly to encouraging cybercriminals’ future attempts.
Keeping up with compliance and Availability challenges
In this threat landscape, stringent regulations, such as PCI, DSS, GLBA or GDPR and data breach notification requirements, legally require financial institutions to properly store and protect customer data along with other highly sensitive data. As they gain more users, adopt new technologies and face data upsurges, modern IT ecosystems must maintain the ability to collect, maintain and store data in changing environments.


7 best practices for ransomware resilience in financial services
  1. Use different credentials for backup storage: Although this is a standard and well-known anti-ransomware best practice, it’s crucial to follow. The username context that is used to access backup storage should be closely guarded and exclusive for that purpose. Additionally, other security contexts shouldn’t be able to access the backup storage other than the account(s) needed for the actual backup operations. Do not use DOMAIN / Administrator for everything.
  2. Start using the 3-2-1 Rule: Veeam promotes the 3-2-1 Rule often and for good reason. It essentially states to have three different copies of your media on two different media sites, one of which is off site. This will help address any failure scenario without requiring specific technology. Moreover, to effectively prepare in the advent of a ransomware attack, you should ensure that one of the copies is air-gapped, i.e., on offline media. The offline storage options listed below highlight many options where you can implement an offline or semi-offline copy of the data.
  3. Have offline storage as part of the Availability strategy: One of the best defenses against propagation of ransomware encryption to the backup storage is to maintain offline storage. There are numerous offline (and semi-offline) storage options. These include:
    1. Tape: Completely offline when not being written or read from
    2. Storage snapshots of primary storage: A semi-offline technique for primary storage, but if the storage device holding backup supports this capability, it is worth leveraging to prevent ransomware attacks. It is important to consider that this strategy is not entirely failsafe and must be taken as only one of the key steps needed in ensuring ransomware preparedness
    3. Cloud: A great additional resource for resiliency against ransomware. For one, it’s a different file system, and secondly, it is authenticated differently.
    4. Rotating hard drives (rotating media): Offline when not being written to or read from
  4. Leverage different file systems for backup storage: Having different protocols involved can be another way to prepare for a ransomware attack. It’s imperative that users add backups on storage that require different authentication.
  5. Achieve complete visibility of your IT infrastructure: One of the biggest fears of ransomware is the possibility that it may propagate to other systems. Gaining visibility into potential activity is a massive value-add. An Availability solution should have a pre-defined alarm that will trigger if there are a lot of writes and high processor utilization, which is a typical ransomware pattern.
  6. Let the Backup Copy Job do the work for you: The Backup Copy Job is a great mechanism to have in order to create restore points on different storage and with different retention rules than the regular backup job. When the previous points are incorporated, the Backup Copy Job can be a valuable mechanism in a ransomware situation because there are different restore points in use with the Backup Copy Job. However, with the Backup Copy Job being a VBK file, it can also get infected with ransomware unless the copy is in a cloud, on tape or air-gapped.
  7. Educate all employees on ransomware not just your IT staff: Social engineering and phishing schemes are effective when companies do not educate employees on the dangers of ransomware nor the specific activities that leave the company vulnerable. Establish a strong source of education, communication and support to ensure the entire company is equipped to avoid propagating a ransomware attack.

Comments

Popular posts from this blog

Cloud Computing powering India’s priority of ‘Digital-first country’

By: Sunil Mahale, India MD and VP, Nutanix
Digital transformation has been recognized as being vital to the growth of our nation. This transformation has enjoyed the unanimous approval and contribution from all stake holders including enterprises, MSMEs, government bodies and citizens. But this level of adoption in a country with a population of over a billion people would need a robust technology base that is capable to collecting and distributing vital data seamlessly.
Digital India envisions creating high speed digital highways, that will impact commerce and create a digital footprint for every individual. Technologies based on mobility, analytics, Internet of things and most importantly, cloud technologies are the building blocks for the digital India missionThere is a growing need to manage huge volumes of data, and making them readily available to public through digital cloud services. Cloud has a pivotal role in enabling this change.
While Data centers have become crucial to th…

RevStart launches its RevItUp Incubation Programme

Underlining its vision of creating a nurturing ecosystem for start-ups to grow in, RevStart, a co-working and incubation centre, has announced the launch of its RevItUp Incubation Programme. The 12-week long programme will be held at RevStart Incubation Centre in Noida from July 1, 2018 onwards. As part of the programme, RevStart will select five high potential start-ups from the ed-tech sector, AI, Consumer Internet, Sustainability, as well as for-profit social impact companies to assist them with developing their business, along with connecting them to global mentors across industries and sectors. In addition, start-ups selected for the programme will receive INR 5 lakh to Rs. 25 lakhs worth of cash and benefits, while RevStart will get an equity stake in the ventures.
The RevItUp Incubation Programme has been created to enhance the founding team’s industry, product, and company building knowledge and capabilities through a world-class curriculum. The programme will focus on tailor…

Insurtech startup Kruzr raises $1.3 Million from Saama Capital and Better Capital

InsurTech startup Kruzr has raised 1.3 Million USD (Rs. 9.5 Cr) for its seed round led by Saama Capital with participation from Better Capital. Kruzr is a preventive motor insurance technology which helps insurance companies personalize policy premiums & improve their risk model by delivering an engaging preventative driving assistant to their customers. Kruzr is founded by Pallav Singh, Ayan, and Jasmeet Singh Sethi.

Kruzr blends the power of voice technology and artificial intelligence in its personal driving assistant that helps drivers minimize mobile distractions, drowsy driving, speeding and external risks like weather and accident-prone zones. In pilots with insurers, Kruzr managed to cut down distracted driving by 80%. Kruzr is working with motor insurance companies in Europe, UK and India to bring its technology to their customers to prevent accidents & improve claims.

“Road accidents cause over 1.3 million deaths globally every year, and motor insurance companies los…