Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.
INVESTING

PREVENTING AN OPERATIONALLY CRIPPLING RANSOMWARE ATTACK – DO YOU KNOW WHERE YOUR RISK EXPOSURE LIES?

Published On :

By Jim Culverwell, Vice President, Research & Development, ClusterSeven

Given the fast pace of technological advancement and the growing sophistication of hackers, when it comes to security, organisations across industries widely admit that a breach is a matter of ‘when’ not ‘if’. Unsurprisingly, the financial sector is a prime target and faces 300 per cent more cyber-attacks than any other industry.

This year, ransomware is on the rise and banks have already been warned to protect themselves or else face excruciating sanctions and penalties as a consequence of new EU legislative changes. The problem with ransomware is that unlike any other form of attack, the hacker introduces malware into an organisation’s network that can lie dormant for months undetected before striking. So the organisation is not just dealing with issues like temporary denial of service or data leakage alone – a ransomware attack can bring an organisation down on its knees. Without access to securely backed-up business critical files, the bank’s operation is potentially crippled.

It’s therefore no surprise that banks and other organisations prefer to pay the ransom than face the immediate consequences of the cyber-attack. What is galling of course is that despite paying the ransom, organisations have no guarantee that the criminals will give them the password to the surreptitiously encrypted files and indeed never come back for more. It then becomes a vicious circle!

End user computing management must be a key part of business continuity plans

It is true that most banks and financial institutions already have implemented anti-malware and anti-virus solutions, but these products alone are proving ineffective in preventing security attacks.  These products have a role to play, but financial organisations must take preventative action at the end user computing (EUC) level to limit the impact of a security breach, should it ever happen. EUC application management needs to be a key component of any organisation’s business continuity plans.

EUC applications ((i.e. Excel spreadsheets, databases and financial modelling tools), are pervasively used in financial institutions for commercially critical processes such as cash flow and business forecasting, profit and loss assessments and many other complex financial calculations, including trade deals. Despite the sensitivity of the information these applications contain, EUC applications are largely unmanaged and aren’t subject to controls that are routinely applied to other IT developed enterprise software. This makes the EUC application landscape in financial organisations an expansive and substantial security risk vector, especially as ransomware is introduced into organisations via end user machines.

Approach to EUC application management

To mitigate the effects of a security breach, foremost it’s imperative that financial organisations proactively understand what business critical information exists, in which EUC files and where they are located. This kind of detailed audit will enable organisations to categorise the files containing critical business processes or confidential information in terms of the risk they pose. Subsequently, control frameworks of varying degrees can be applied to every single application and saved in a secure location on the server. In the unfortunate event of a security attack, the organisation would be able to restore the business critical files on end user machines within hours to reinstate ‘business as usual’.   

EUC applications management isn’t a one-off exercise

Key to facilitating such a scenario is real-time EUC application lifecycle management capability. Due to the dynamic nature of spreadsheets and databases, automated monitoring of EUC applications for anomalous behaviour is vital – not simply for security warnings, but also for version control and identification of files for timely retirement. This will ensure that the most current versions of the EUC files are available for restoration, should the need arise.

Given that in any financial organisation, millions of Excel workbooks, each with numerous worksheets with millions of cells is commonplace – a manual approach to EUC estate management is impossible. And the traditional tape-based back-up systems that are prevalent in organisations today are inadequate in emergency situations. Post a security breach, it could potentially take the organisation days to search through hundreds of thousands of files on tape to retrieve the latest business critical files.

Banks and financial institutions would do well to consider adoption of enterprise-grade EUC application management systems to actively monitor, control and secure their end user computing environment to prevent and mitigate the risk and impact of a ransomware attack.

Ransomware has the potential to deliver financial loss to the breached organisation, but the reputational impact is likely to be far greater. Envisage the adverse reaction of high net-worth individuals towards the private equity arm of the bank when they find that their investment details have been monetised by hackers following a ransomware attack. The reputational damage will possibly exceed the actual loss of business in the short term.

Continue Reading

Why pay for news and opinions when you can get them for free?

       Subscribe for free now!


By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Posts