Battling the threat of ransomware attacks

Like enterprises of all sizes in virtually every sector, community banks are facing the growing threat of ransomware attacks that would lock up their data. How can community banks battle these threats?

By Karen Epper Hoffman

Increasingly savvy cybercriminals have come up with a new favorite plan of attack in the form of ransomware. These viruses lock up businesses’ or individuals’ data until a ransom is paid, often in the form of bitcoin. And community banks may be even more in the crosshairs of these evolving online attackers than ever before.
For thieves, ransomware ticks all the right boxes: It can be easily disseminated to enterprise targets, usually through a phishing email or attachment; it does not require much skill or preparation; and it offers a speedy payday in the form of “ransom” paid by an organization to have its data and networks “unlocked” or decrypted by its attackers.

“Cybercriminals are getting better and better at phishing emails and log-on screens that look nearly identical to what [employees] would receive” from a legitimate colleague, third-party provider or another party, says Thomas L. Frale, director for business development at RLR Management Consulting Inc.

Like executives at most smaller enterprises, many community bankers long believed they were at less risk compared with many of their larger counterparts, which could ostensibly pay attackers a higher bounty. But now they are realizing that their smaller size and lack of resources to deal with these attacks are making them ideal targets.

“Community banking institutions are particularly juicy targets because they tend not to have the level of security controls and security awareness processes in place that the larger financial institutions do,” says Tyler Leet, director of risk and compliance services for Computer Services Inc. (CSI), a banking technology provider. “Who is affected the most if a ransomware campaign successfully strikes 25 computers and three servers: the national banking conglomerate or the hometown bank with seven locations?”

In general, banks have the ability to pay higher ransom amounts than other small to midsize enterprises, not only because they have the capital, but also because “their data is the lifeblood of the organization,” Leet explains.

“Banks need to get used to the idea of sharing cyber-risk information. There is no competitive advantage to the bank next door being attacked.”
—Joan McGowan, Celent

Ramping up
Between January and September 2016, the number of ransomware attacks targeting enterprises grew 300 percent, affecting one in every five businesses around the world, according to a report issued by security firm Kaspersky Lab. In less than a year, the rate of ransomware attacks on businesses increased from one every two minutes to one every 40 seconds, and 62 new families of ransomware appeared in 2016 alone, according to the report.

The US Justice Department’s 2016 report “How to Protect Your Networks from Ransomware” called ransomware the fastest-growing malware threat, with more than 4,000 attacks occurring daily in 2016—a number that is expected to significantly increase this year.

And while no bank is immune to such onslaughts, community banks are perceived as being slightly more behind the curve than their bigger bank counterparts in terms of security technology, expertise, staffing and training. “Even if a bank deploys the necessary patches and upgrades across all software and devices, there will always be a window of opportunity for the hacker between the release and deployment of the patches and upgrades,” says Joan McGowan, senior industry analyst for Celent. “But the more secure the bank, the less likely the attack.”

fight cybercrime

View cybersecurity best practices from state banking regulators and the Secret Service by visiting and scrolling to “Regulatory Resources.”

Brad Smith, managing director of technology solutions for Cornerstone