Over the past decade, as organizations worldwide have
increasingly embraced the digitalization of their commercial operations,
cybersecurity has evolved from a specialized technological endeavor into a
standard practice for mitigating risk.
According to ZScaler’s State of
Ransomware Report, in 2023, the frequency of ransomware attacks rose by 73% from
the previous year, where the total payouts surpassed over one billion USD, with
the average attack requesting a payout ranging anywhere from $100,000 to $5 million. This does not reflect the many attempts or
successful attacks that go undetected or unreported.
Financial institutions, including those in the foreign
exchange and cryptocurrency sectors, are targeted by malicious actors due to
their high liquidity and digital dependency. Consequently, establishing robust cyber defenses is critical to protecting important services and maintaining customer trust.
This article covers steps that financial institutions should consider
taking to mitigate the risks of ransomware, considering both the potentially
high costs of attacks and the significant investments required for effective
cybersecurity measures. It is important to note that this type of risk can never be fully mitigated, and any investment will depend on organizational maturity and risk appetite.
Understanding the Threat Landscape
If cybercrime were measured as a country, it would be the
world's third-largest economy after the United States and China. Ransomware
encrypts a computer system and denies user access, holding the decryption key
in exchange
Exchange
An exchange is known as a marketplace that supports the trading of derivatives, commodities, securities, and other financial instruments.Generally, an exchange is accessible through a digital platform or sometimes at a tangible address where investors organize to perform trading. Among the chief responsibilities of an exchange would be to uphold honest and fair-trading practices. These are instrumental in making sure that the distribution of supported security rates on that exchange are effectiv
An exchange is known as a marketplace that supports the trading of derivatives, commodities, securities, and other financial instruments.Generally, an exchange is accessible through a digital platform or sometimes at a tangible address where investors organize to perform trading. Among the chief responsibilities of an exchange would be to uphold honest and fair-trading practices. These are instrumental in making sure that the distribution of supported security rates on that exchange are effectiv
Read this Term for a ransom. Since the infamous WannaCry attack in 2017,
ransomware has shown no respect for geopolitical boundaries, affecting systems
worldwide. However, the nature of cyberattacks and the dynamics of ransomware
have evolved significantly over the past several years.
#CyberChronicles🗞️
7 years ago, at 07:44 UTC on May 12, 2017, the worldwide WannaCry ransomware attack began.
The attack was estimated to have affected more than 300,000 computers across 150 countries, with total damages ranging from hundreds of millions to billions of dollars.… pic.twitter.com/zuyzDLCQxx
— HackManac (@H4ckManac) May 13, 2024
The concept of "big game hunting"—targeting
high-value entities such as banks and financial institutions whose disruption
could harm a nation's economy—is emphasized by the Ransomware-as-a-Service
model. This model enables adversarial nation-states or organized crime groups
to develop sophisticated malware while lowering the barrier to entry for
cybercriminals and threat actors, using these groups as proxies in loosely
coordinated campaigns against economically significant sectors.
For financial
institutions, the fallout from a ransomware attack can be catastrophic,
potentially leading to operational disruption, significant financial loss, and
erosion of customer trust. It is vital for these institutions to stay informed
about the latest ransomware tactics and the vulnerabilities within their
technology stack through advanced threat intelligence and global cybersecurity
networks.
Establishing an Enterprise Security Framework
An information security framework consists of documented
processes that define the structure for developing a corporate policy. This
policy outlines the key elements of the security governance structure, assigns
responsibilities, and aligns security practices with business goals. These
policies are generally divided into three key segments: regulatory, advisory,
and informative.
Ensuring alignment with industry standards such as the U.S. Department of Commerce’s NIST Cybersecurity Framework (CSF), which provides a structured approach to managing cybersecurity
Cybersecurity
Cybersecurity is a blanket term that refers to the protection of computer systems and networks from the theft.More broadly speaking, cybersecurity can also represent countermeasures against damage to hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.It was not long ago that the term cybersecurity not exist as it was first used in 1989. In today’s vernacular cybersecurity, refers to measures taken to protect a computer or computer
Cybersecurity is a blanket term that refers to the protection of computer systems and networks from the theft.More broadly speaking, cybersecurity can also represent countermeasures against damage to hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.It was not long ago that the term cybersecurity not exist as it was first used in 1989. In today’s vernacular cybersecurity, refers to measures taken to protect a computer or computer
Read this Term risks, emphasizing the need to identify, protect, detect, respond, and recover from incidents. It guides institutions in prioritizing cybersecurity
initiatives and effectively allocating resources. By integrating a robust
enterprise security framework through corporate policies and operational
processes, financial institutions can strengthen their overall security
posture.
Managing cybersecurity risks isn't just about protecting your company from attacks, it's about protecting your clients, your reputation, and your bottom line. pic.twitter.com/fM4YiQBBr7
— ASC Networks (@ascnetworks) April 25, 2024
Secure Data Backups
Given that ransomware exploits the critical need for
organizations to access their data, maintaining frequent and secure offsite
data backups can enable institutions to restore operations, provided the
ransomware has not also impacted the backups(s). Many threat actors involved in
ransomware campaigns are often blacklisted by the United States Department of
the Treasury, making ransom payments a potential violation of international
sanctions. Therefore, organizations attempt to recover rather than make
payments.
However, backups themselves are of no use if the backup copy
is compromised. Therefore, organizations must ensure backups are secure and
resilient in their own right.
Employee Training and Awareness
Organizations invest heavily in securing their
infrastructure, applications, and overall network environment. However, the
security of digital networks is only as robust as the people operating them.
It's often easier for hackers to (metaphorically) "knock on the door"
rather than "break it down."
Phishing emails, which initiate about 90% of ransomware
attacks, target employees with access to sensitive networks. This underscores
the importance of training and awareness, positioning these elements at the
forefront of an organization's enterprise security framework. As cyber threats
evolve, training programs must also adapt, fostering a culture where security
awareness is paramount and suspicious activities are promptly reported.
#Phishing attacks have evolved... it’s not just about sketchy attachments anymore! 😬
Need an update on how to effectively combat emerging #phishing trends? Check out our ebook, Phishing for Dummies! https://t.co/55BVNQrLlD#cybersecurity pic.twitter.com/0vGBzcGRCV
— Cisco (@Cisco) August 15, 2023
Incident Response and Recovery Plans
A well-defined, regularly tested incident response plan is
crucial. This plan should outline the steps for isolating affected systems,
communicating with stakeholders, and involving external experts (e.g. legal and
forensics) to limit damage and reduce recovery time and costs, both direct
(such as re-provisioning) and indirect (such as loss of reputation and market
share).
Costs of Cybersecurity: Penetration Testing for
Blockchain Networks
Penetration testing for blockchain, vital for cryptocurrency
exchanges, can be viewed as expensive. However, with cyber incidents on crypto
exchanges or de-fi projects potentially resulting in losses in the hundreds of
millions, the high cost of testing is a justified investment in security and
operational integrity. However, it may pose a barrier to entry for innovative
startups looking to develop their service offerings in this sector.
Bridge hacks have accounted for 2/3 of the $3B that has been stolen from DeFi.@AxieInfinity's @Ronin_Network bridge hack has been the largest to date at $600M lost. pic.twitter.com/5IAuTqShMO
— Messari (@MessariCrypto) August 30, 2022
Partnerships and Collaboration
Building partnerships with other financial entities,
technology providers, and cybersecurity firms enhances security efforts. These
collaborations can lead to the development of new security standards and
protocols that benefit the entire industry.
Navigating the complexities of digital security requires
vigilance and adaptation. By investing in enhanced cybersecurity measures,
financial institutions, particularly those in the foreign exchange and
cryptocurrency sectors, not only defend against immediate threats but also
build a foundation for long-term security and trustworthiness. The significant
costs associated with securing blockchain networks, while substantial, are
essential expenditures that underpin the operational viability and resilience
of these institutions.
Over the past decade, as organizations worldwide have
increasingly embraced the digitalization of their commercial operations,
cybersecurity has evolved from a specialized technological endeavor into a
standard practice for mitigating risk.
According to ZScaler’s State of
Ransomware Report, in 2023, the frequency of ransomware attacks rose by 73% from
the previous year, where the total payouts surpassed over one billion USD, with
the average attack requesting a payout ranging anywhere from $100,000 to $5 million. This does not reflect the many attempts or
successful attacks that go undetected or unreported.
Financial institutions, including those in the foreign
exchange and cryptocurrency sectors, are targeted by malicious actors due to
their high liquidity and digital dependency. Consequently, establishing robust cyber defenses is critical to protecting important services and maintaining customer trust.
This article covers steps that financial institutions should consider
taking to mitigate the risks of ransomware, considering both the potentially
high costs of attacks and the significant investments required for effective
cybersecurity measures. It is important to note that this type of risk can never be fully mitigated, and any investment will depend on organizational maturity and risk appetite.
Understanding the Threat Landscape
If cybercrime were measured as a country, it would be the
world's third-largest economy after the United States and China. Ransomware
encrypts a computer system and denies user access, holding the decryption key
in exchange
Exchange
An exchange is known as a marketplace that supports the trading of derivatives, commodities, securities, and other financial instruments.Generally, an exchange is accessible through a digital platform or sometimes at a tangible address where investors organize to perform trading. Among the chief responsibilities of an exchange would be to uphold honest and fair-trading practices. These are instrumental in making sure that the distribution of supported security rates on that exchange are effectiv
An exchange is known as a marketplace that supports the trading of derivatives, commodities, securities, and other financial instruments.Generally, an exchange is accessible through a digital platform or sometimes at a tangible address where investors organize to perform trading. Among the chief responsibilities of an exchange would be to uphold honest and fair-trading practices. These are instrumental in making sure that the distribution of supported security rates on that exchange are effectiv
Read this Term for a ransom. Since the infamous WannaCry attack in 2017,
ransomware has shown no respect for geopolitical boundaries, affecting systems
worldwide. However, the nature of cyberattacks and the dynamics of ransomware
have evolved significantly over the past several years.
#CyberChronicles🗞️
7 years ago, at 07:44 UTC on May 12, 2017, the worldwide WannaCry ransomware attack began.
The attack was estimated to have affected more than 300,000 computers across 150 countries, with total damages ranging from hundreds of millions to billions of dollars.… pic.twitter.com/zuyzDLCQxx
— HackManac (@H4ckManac) May 13, 2024
The concept of "big game hunting"—targeting
high-value entities such as banks and financial institutions whose disruption
could harm a nation's economy—is emphasized by the Ransomware-as-a-Service
model. This model enables adversarial nation-states or organized crime groups
to develop sophisticated malware while lowering the barrier to entry for
cybercriminals and threat actors, using these groups as proxies in loosely
coordinated campaigns against economically significant sectors.
For financial
institutions, the fallout from a ransomware attack can be catastrophic,
potentially leading to operational disruption, significant financial loss, and
erosion of customer trust. It is vital for these institutions to stay informed
about the latest ransomware tactics and the vulnerabilities within their
technology stack through advanced threat intelligence and global cybersecurity
networks.
Establishing an Enterprise Security Framework
An information security framework consists of documented
processes that define the structure for developing a corporate policy. This
policy outlines the key elements of the security governance structure, assigns
responsibilities, and aligns security practices with business goals. These
policies are generally divided into three key segments: regulatory, advisory,
and informative.
Ensuring alignment with industry standards such as the U.S. Department of Commerce’s NIST Cybersecurity Framework (CSF), which provides a structured approach to managing cybersecurity
Cybersecurity
Cybersecurity is a blanket term that refers to the protection of computer systems and networks from the theft.More broadly speaking, cybersecurity can also represent countermeasures against damage to hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.It was not long ago that the term cybersecurity not exist as it was first used in 1989. In today’s vernacular cybersecurity, refers to measures taken to protect a computer or computer
Cybersecurity is a blanket term that refers to the protection of computer systems and networks from the theft.More broadly speaking, cybersecurity can also represent countermeasures against damage to hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.It was not long ago that the term cybersecurity not exist as it was first used in 1989. In today’s vernacular cybersecurity, refers to measures taken to protect a computer or computer
Read this Term risks, emphasizing the need to identify, protect, detect, respond, and recover from incidents. It guides institutions in prioritizing cybersecurity
initiatives and effectively allocating resources. By integrating a robust
enterprise security framework through corporate policies and operational
processes, financial institutions can strengthen their overall security
posture.
Managing cybersecurity risks isn't just about protecting your company from attacks, it's about protecting your clients, your reputation, and your bottom line. pic.twitter.com/fM4YiQBBr7
— ASC Networks (@ascnetworks) April 25, 2024
Secure Data Backups
Given that ransomware exploits the critical need for
organizations to access their data, maintaining frequent and secure offsite
data backups can enable institutions to restore operations, provided the
ransomware has not also impacted the backups(s). Many threat actors involved in
ransomware campaigns are often blacklisted by the United States Department of
the Treasury, making ransom payments a potential violation of international
sanctions. Therefore, organizations attempt to recover rather than make
payments.
However, backups themselves are of no use if the backup copy
is compromised. Therefore, organizations must ensure backups are secure and
resilient in their own right.
Employee Training and Awareness
Organizations invest heavily in securing their
infrastructure, applications, and overall network environment. However, the
security of digital networks is only as robust as the people operating them.
It's often easier for hackers to (metaphorically) "knock on the door"
rather than "break it down."
Phishing emails, which initiate about 90% of ransomware
attacks, target employees with access to sensitive networks. This underscores
the importance of training and awareness, positioning these elements at the
forefront of an organization's enterprise security framework. As cyber threats
evolve, training programs must also adapt, fostering a culture where security
awareness is paramount and suspicious activities are promptly reported.
#Phishing attacks have evolved... it’s not just about sketchy attachments anymore! 😬
Need an update on how to effectively combat emerging #phishing trends? Check out our ebook, Phishing for Dummies! https://t.co/55BVNQrLlD#cybersecurity pic.twitter.com/0vGBzcGRCV
— Cisco (@Cisco) August 15, 2023
Incident Response and Recovery Plans
A well-defined, regularly tested incident response plan is
crucial. This plan should outline the steps for isolating affected systems,
communicating with stakeholders, and involving external experts (e.g. legal and
forensics) to limit damage and reduce recovery time and costs, both direct
(such as re-provisioning) and indirect (such as loss of reputation and market
share).
Costs of Cybersecurity: Penetration Testing for
Blockchain Networks
Penetration testing for blockchain, vital for cryptocurrency
exchanges, can be viewed as expensive. However, with cyber incidents on crypto
exchanges or de-fi projects potentially resulting in losses in the hundreds of
millions, the high cost of testing is a justified investment in security and
operational integrity. However, it may pose a barrier to entry for innovative
startups looking to develop their service offerings in this sector.
Bridge hacks have accounted for 2/3 of the $3B that has been stolen from DeFi.@AxieInfinity's @Ronin_Network bridge hack has been the largest to date at $600M lost. pic.twitter.com/5IAuTqShMO
— Messari (@MessariCrypto) August 30, 2022
Partnerships and Collaboration
Building partnerships with other financial entities,
technology providers, and cybersecurity firms enhances security efforts. These
collaborations can lead to the development of new security standards and
protocols that benefit the entire industry.
Navigating the complexities of digital security requires
vigilance and adaptation. By investing in enhanced cybersecurity measures,
financial institutions, particularly those in the foreign exchange and
cryptocurrency sectors, not only defend against immediate threats but also
build a foundation for long-term security and trustworthiness. The significant
costs associated with securing blockchain networks, while substantial, are
essential expenditures that underpin the operational viability and resilience
of these institutions.