Despite South African financial institutions imposing strict security measures, cybercrime in the local financial sector is set to spike with costly ransomware attacks predicted to increase.
Many high-profile financial services organisations have recently experienced ransomware attacks with the trend on a sharply-upward trajectory.
A ransomware attack begins with hackers locking their targets out of their computer systems by encrypting them with malware. The damage can only be reversed if a sizable ransom is paid.
Financial institutions are appealing targets because they offer cybercriminals a broad attack surface to exploit as a result of the institutions’ increasing reliance on cloud platforms and the pandemic-accelerated ‘digital shift’.
Financial institutions are also seen as easy or soft targets because they generally pay a ransom as demanded in order to draw a veil of secrecy over the attack, avoid negative publicity and protect their brand image.
Ransomware attackers use multiple extortions to pressure victims into paying the ransom without delay.
Ominously, the increasing use by cybercriminals of sophisticated artificial intelligence tools to improve cryptocurrency returns on ransomware attacks should represent a wake-up call for all organisations.
Financial institutions without skilled and technologically-conversant security personnel are most at risk. At this moment and without their knowledge, these firms’ defences could be breached and attacks may be imminent.
Financial firms should take immediate steps to increase the effectiveness of security controls, with an emphasis on email protection. Phishing and attacks based on social engineering are often aimed at staff members and other internal actors who have detailed knowledge of their institution’s inner workings. In this way hackers are able to expose the soft underbelly of an organisation and exploit its vulnerabilities.
This strategy also reveals the vulnerabilities of the institution’s partners, associates and clients who become prime targets for double-extortion attacks.
Breaches typically involve a compromised password, so the implementation of a robust password policy together with secure email gateways is crucial. These measures should be complemented by a thorough identity and access management (IAM) strategy.
IAM security is an essential element of an overall IT security plan in that it manages digital identities and user access to an organisation’s data, systems and resources.
The policies, programmes and technologies that are part and parcel of an IAM strategy are able to significantly reduce identity-related access risks.
For smaller financial institutions, the option of an industry-endorsed third-party managed security services provider (MSSP) is recommended.
Today, even experienced professionals require constant up-skilling in order to maintain currency with the latest digital technologies and stay ahead of new and evolving cyberthreats.
A professional MSSP will be geared to support a client’s security personnel, help reduce the vulnerability footprint, simplify management structures and boost the overall effectiveness of existing cybersecurity defences.
Deon Smal is CEO of Cyber Insight.