INVESTING

PREVENTING AN OPERATIONALLY CRIPPLING RANSOMWARE ATTACK – DO YOU KNOW WHERE YOUR RISK EXPOSURE LIES?

Preventing an operationally crippling ransomware attack – do you know where your risk exposure lies?

By Jim Culverwell, Vice President, Research & Development, ClusterSeven

Given the fast pace of technological advancement and the growing sophistication of hackers, when it comes to security, organisations across industries widely admit that a breach is a matter of ‘when’ not ‘if’. Unsurprisingly, the financial sector is a prime target and faces 300 per cent more cyber-attacks than any other industry.

This year, ransomware is on the rise and banks have already been warned to protect themselves or else face excruciating sanctions and penalties as a consequence of new EU legislative changes. The problem with ransomware is that unlike any other form of attack, the hacker introduces malware into an organisation’s network that can lie dormant for months undetected before striking. So the organisation is not just dealing with issues like temporary denial of service or data leakage alone – a ransomware attack can bring an organisation down on its knees. Without access to securely backed-up business critical files, the bank’s operation is potentially crippled.

It’s therefore no surprise that banks and other organisations prefer to pay the ransom than face the immediate consequences of the cyber-attack. What is galling of course is that despite paying the ransom, organisations have no guarantee that the criminals will give them the password to the surreptitiously encrypted files and indeed never come back for more. It then becomes a vicious circle!

End user computing management must be a key part of business continuity plans

It is true that most banks and financial institutions already have implemented anti-malware and anti-virus solutions, but these products alone are proving ineffective in preventing security attacks.  These products have a role to play, but financial organisations must take preventative action at the end user computing (EUC) level to limit the impact of a security breach, should it ever happen. EUC application management needs to be a key component of any organisation’s business continuity plans.

EUC applications ((i.e. Excel spreadsheets, databases and financial modelling tools), are pervasively used in financial institutions for commercially critical processes such as cash flow and business forecasting, profit and loss assessments and many other complex financial calculations, including trade deals. Despite the sensitivity of the information these applications contain, EUC applications are largely unmanaged and aren’t subject to controls that are routinely applied to other IT developed enterprise software. This makes the EUC application landscape in financial organisations an expansive and substantial security risk vector, especially as ransomware is introduced into organisations via end user machines.

Approach to EUC application management

To mitigate the effects of a security breach, foremost it’s imperative that financial organisations proactively understand what business critical information exists, in which EUC files and where they are located. This kind of detailed audit will enable organisations to categorise the files containing critical business processes or confidential information in terms of the risk they pose. Subsequently, control frameworks of varying degrees can be applied to every single application and saved in a secure location on the server. In the unfortunate event of a security attack, the organisation would be able to restore the business critical files on end user machines within hours to reinstate ‘business as usual’.   

EUC applications management isn’t a one-off exercise

Key to facilitating such a scenario is real-time EUC application lifecycle management capability. Due to the dynamic nature of spreadsheets and databases, automated monitoring of EUC applications for anomalous behaviour is vital – not simply for security warnings, but also for version control and identification of files for timely retirement. This will ensure that the most current versions of the EUC files are available for restoration, should the need arise.

Given that in any financial organisation, millions of Excel workbooks, each with numerous worksheets with millions of cells is commonplace – a manual approach to EUC estate management is impossible. And the traditional tape-based back-up systems that are prevalent in organisations today are inadequate in emergency situations. Post a security breach, it could potentially take the organisation days to search through hundreds of thousands of files on tape to retrieve the latest business critical files.

Banks and financial institutions would do well to consider adoption of enterprise-grade EUC application management systems to actively monitor, control and secure their end user computing environment to prevent and mitigate the risk and impact of a ransomware attack.

Ransomware has the potential to deliver financial loss to the breached organisation, but the reputational impact is likely to be far greater. Envisage the adverse reaction of high net-worth individuals towards the private equity arm of the bank when they find that their investment details have been monetised by hackers following a ransomware attack. The reputational damage will possibly exceed the actual loss of business in the short term.

To Top