The average ransomware attack costs financial institutions $5 million. Are your defenses prepared?
- Financial institutions are often targeted in a type of cyberattack called a ransomware attack, which can result in your institution not just making a multimillion-dollar ransom payment, but experiencing operational, reputational and regulatory consequences.
- You can mitigate your risk of a ransomware attack by conducting ongoing cybersecurity training for your team, developing a cyber incident response plan, engaging in regular attack simulations and deploying 24/7 active threat monitoring.
- Lean on a third-party cybersecurity advisor to help identify gaps in your defenses and supplement your in-house cybersecurity capabilities.
Ransomware attacks on financial institutions are increasing. These attacks are not only costly, but can also create operational and reputational harms that go beyond the financial hit of paying a ransom.
However, there are specific steps your team can follow to enhance your defenses and help your institution respond more quickly to a ransomware attack. This doesn’t mean a cyberattack won’t ever occur, but it can significantly reduce the repercussions.
Keep reading to learn more.
For financial institutions, cybersecurity risks continue to grow
For financial institutions, cybersecurity threats are nothing new. But as more institutions expand their digital footprint via new digital service offerings, cloud-based operational platforms, partnerships with third-party fintech vendors and AI implementations, their risk levels also grow. The larger your digital footprint, the more vulnerabilities you have that a determined attacker could exploit.
Unfortunately, financial institutions are becoming ever more digital even as the barriers to committing cybercrime continue to shrink. AI and other new digital tools have allowed individuals or small groups with limited technical skills to pull off attacks that would previously have been the exclusive purview of organized crime or even nation-states.
This is showing up in the data. One recent analysis confirms that in the financial services industry, cyber incidents have increased 72% year over year.
Ransomware attacks pose a particular threat to financial institutions
Financial institutions are vulnerable to a range of cyberattacks, including email phishing scams, ransomware, and denial-of-service (DOS) attacks. However, ransomware — in the form of a double extortion attack — may pose a particularly significant risk.
During a double extortion ransomware attack, an attacker will access sensitive data from inside your institution. The attacker will encrypt the data to block you from accessing it, but not before making a copy that they then to sell unless you pay a ransom.
While organizations in any industry can be targeted in a double extortion ransomware attack, financial institutions are particularly vulnerable. Because financial services is a regulated industry, institutions face higher consequences for exposed customer data than businesses in other sectors.
The cost of a ransomware attack goes beyond the ransom payment
If your financial institution is targeted in a ransomware attack, you may be forced to make a ransom payment to regain access to critical systems and protect sensitive data. However, this may not be the only expense you face. The full range of costs that you may incur after a ransomware attack can include:
- Financial: The average ransomware attack costs approximately $5 million, which covers both the ransom itself as well as ancillary effects. However, this number can escalate significantly, with larger organizations reporting ransom demands in the $25 million range.
- Operational: Ransomware attacks are meant to cripple essential operational systems, leaving you unable to conduct normal business operations for hours or even days.
- Reputational: Financial institutions of any size can take a reputational hit as a result of a successful attack, especially in the event that any customer data is exposed.
- Regulatory: In the aftermath of an attack, you could face additional penalties from federal regulators who feel you failed to meet compliance standards.
- Legal: You may also face lawsuits from individuals whose data was compromised as a result of the attack.
Does your financial institution have an effective cybersecurity strategy in place?
Every financial institution has already invested in cybersecurity. But do your defenses actually work?
Here are five steps you can take to test what you have in place, plug gaps and improve your ability to respond to an incident:
1. Train continuously
Cybersecurity training should be an ongoing effort, not a once-a-year video. Employees inside your organization will almost certainly be targeted in phishing scams or other maneuvers designed to give attackers the system access they need to pull off a ransomware attack.
Your team needs to stay vigilant here, which means undergoing regular training on the importance of following your established security protocols. This includes actions like promptly reporting suspected phishing attacks and not engaging in other behaviors that could expose your systems.
2. Develop and update a cybersecurity incident response plan
Having a clear incident response plan in place can significantly speed up your ability to respond to an attack when it happens. Gather a cross-departmental team to develop your plan to make sure, for example, that the right people get called and understand what they need to do.
However, your incident response plan should evolve alongside the threat environment. Here, it can be helpful to conduct regular cybersecurity tabletop exercises to run through your plan and identify if you need to make updates.
3. Do regular cyberattack simulations
From time to time, you should test your cyber defenses against a simulated attack. This can help you understand your current capabilities and find gaps or vulnerabilities that need to be addressed.
During an attack simulation, your team or a third-party cybersecurity partner will run a simulated cyberattack against your institution to assess your monitoring capabilities, team alert system and response time, among other key factors. To avoid being caught unaware by new threats, perform an attack simulation every 1-2 years.
4. Engage in 24/7 active monitoring
Active monitoring for signs of an attack can significantly speed up your response time and help you mitigate damage. This should be 24/7 and can be done internally or through a third-party cybersecurity vendor.
5. Use least privilege principles
Don’t give anyone in your organization more systems access than they absolutely need. Formally called least privilege principles, this approach helps keep your data safe by limiting the number of people who are at risk of being hacked or exposing credentials via a phishing scam.
Work with a cybersecurity advisor to bolster your financial institution’s defenses
Your financial institution doesn’t have to tackle cybersecurity entirely in-house. Collaborating with a third-party advisory firm can help you find gaps in your current systems, strengthen your defenses and improve your response capabilities.
Look for an advisory firm that understands not just cybersecurity, but also the specific nuances of the financial services industry, which differ significantly from other sectors.
How Wipfli can help
We advise financial institutions on cybersecurity, enterprise applications and digital strategy. Let’s talk about how we can help make your institution more prosperous and secure. Start a conversation.
Let’s strengthen your financial institution
