Zephyrnet Logo

Generative Data Intelligence

Fintech

Ransomware Crisis: FX and Crypto Sectors Show Resilience as Attacks Soar over 70%

Republished By Plato
Republished By Plato

Date:

Views: 48

Over the past decade, as organizations worldwide have
increasingly embraced the digitalization of their commercial operations,
cybersecurity has evolved from a specialized technological endeavor into a
standard practice for mitigating risk.

According to ZScaler’s State of
Ransomware Report, in 2023, the frequency of ransomware attacks rose by 73% from
the previous year, where the total payouts surpassed over one billion USD, with
the average attack requesting a payout ranging anywhere from $100,000 to $5 million. This does not reflect the many attempts or
successful attacks that go undetected or unreported.

Financial institutions, including those in the foreign
exchange and cryptocurrency sectors, are targeted by malicious actors due to
their high liquidity and digital dependency. Consequently, establishing robust cyber defenses is critical to protecting important services and maintaining customer trust.

This article covers steps that financial institutions should consider
taking to mitigate the risks of ransomware, considering both the potentially
high costs of attacks and the significant investments required for effective
cybersecurity measures. It is important to note that this type of risk can never be fully mitigated, and any investment will depend on organizational maturity and risk appetite.

If cybercrime were measured as a country, it would be the
world’s third-largest economy after the United States and China. Ransomware
encrypts a computer system and denies user access, holding the decryption key
in exchange for a ransom. Since the infamous WannaCry attack in 2017,
ransomware has shown no respect for geopolitical boundaries, affecting systems
worldwide. However, the nature of cyberattacks and the dynamics of ransomware
have evolved significantly over the past several years.

The concept of “big game hunting”—targeting
high-value entities such as banks and financial institutions whose disruption
could harm a nation’s economy—is emphasized by the Ransomware-as-a-Service
model. This model enables adversarial nation-states or organized crime groups
to develop sophisticated malware while lowering the barrier to entry for
cybercriminals and threat actors, using these groups as proxies in loosely
coordinated campaigns against economically significant sectors.

For financial
institutions, the fallout from a ransomware attack can be catastrophic,
potentially leading to operational disruption, significant financial loss, and
erosion of customer trust. It is vital for these institutions to stay informed
about the latest ransomware tactics and the vulnerabilities within their
technology stack through advanced threat intelligence and global cybersecurity
networks.

Establishing an Enterprise Security Framework

An information security framework consists of documented
processes that define the structure for developing a corporate policy. This
policy outlines the key elements of the security governance structure, assigns
responsibilities, and aligns security practices with business goals. These
policies are generally divided into three key segments: regulatory, advisory,
and informative.

Ensuring alignment with industry standards such as the U.S. Department of Commerce’s NIST Cybersecurity Framework (CSF), which provides a structured approach to managing cybersecurity risks, emphasizing the need to identify, protect, detect, respond, and recover from incidents. It guides institutions in prioritizing cybersecurity
initiatives and effectively allocating resources. By integrating a robust
enterprise security framework through corporate policies and operational
processes, financial institutions can strengthen their overall security
posture.

Secure Data Backups

Given that ransomware exploits the critical need for
organizations to access their data, maintaining frequent and secure offsite
data backups can enable institutions to restore operations, provided the
ransomware has not also impacted the backups(s). Many threat actors involved in
ransomware campaigns are often blacklisted by the United States Department of
the Treasury, making ransom payments a potential violation of international
sanctions. Therefore, organizations attempt to recover rather than make
payments.

However, backups themselves are of no use if the backup copy
is compromised. Therefore, organizations must ensure backups are secure and
resilient in their own right.

Employee Training and Awareness

Organizations invest heavily in securing their
infrastructure, applications, and overall network environment. However, the
security of digital networks is only as robust as the people operating them.
It’s often easier for hackers to (metaphorically) “knock on the door”
rather than “break it down.”

Phishing emails, which initiate about 90% of ransomware
attacks, target employees with access to sensitive networks. This underscores
the importance of training and awareness, positioning these elements at the
forefront of an organization’s enterprise security framework. As cyber threats
evolve, training programs must also adapt, fostering a culture where security
awareness is paramount and suspicious activities are promptly reported.

Incident Response and Recovery Plans

A well-defined, regularly tested incident response plan is
crucial. This plan should outline the steps for isolating affected systems,
communicating with stakeholders, and involving external experts (e.g. legal and
forensics) to limit damage and reduce recovery time and costs, both direct
(such as re-provisioning) and indirect (such as loss of reputation and market
share).

Costs of Cybersecurity: Penetration Testing for
Blockchain Networks

Penetration testing for blockchain, vital for cryptocurrency
exchanges, can be viewed as expensive. However, with cyber incidents on crypto
exchanges or de-fi projects potentially resulting in losses in the hundreds of
millions, the high cost of testing is a justified investment in security and
operational integrity. However, it may pose a barrier to entry for innovative
startups looking to develop their service offerings in this sector.

Partnerships and Collaboration

Building partnerships with other financial entities,
technology providers, and cybersecurity firms enhances security efforts. These
collaborations can lead to the development of new security standards and
protocols that benefit the entire industry.

Navigating the complexities of digital security requires
vigilance and adaptation. By investing in enhanced cybersecurity measures,
financial institutions, particularly those in the foreign exchange and
cryptocurrency sectors, not only defend against immediate threats but also
build a foundation for long-term security and trustworthiness. The significant
costs associated with securing blockchain networks, while substantial, are
essential expenditures that underpin the operational viability and resilience
of these institutions.

Over the past decade, as organizations worldwide have
increasingly embraced the digitalization of their commercial operations,
cybersecurity has evolved from a specialized technological endeavor into a
standard practice for mitigating risk.

According to ZScaler’s State of
Ransomware Report, in 2023, the frequency of ransomware attacks rose by 73% from
the previous year, where the total payouts surpassed over one billion USD, with
the average attack requesting a payout ranging anywhere from $100,000 to $5 million. This does not reflect the many attempts or
successful attacks that go undetected or unreported.

Financial institutions, including those in the foreign
exchange and cryptocurrency sectors, are targeted by malicious actors due to
their high liquidity and digital dependency. Consequently, establishing robust cyber defenses is critical to protecting important services and maintaining customer trust.

This article covers steps that financial institutions should consider
taking to mitigate the risks of ransomware, considering both the potentially
high costs of attacks and the significant investments required for effective
cybersecurity measures. It is important to note that this type of risk can never be fully mitigated, and any investment will depend on organizational maturity and risk appetite.

If cybercrime were measured as a country, it would be the
world’s third-largest economy after the United States and China. Ransomware
encrypts a computer system and denies user access, holding the decryption key
in exchange for a ransom. Since the infamous WannaCry attack in 2017,
ransomware has shown no respect for geopolitical boundaries, affecting systems
worldwide. However, the nature of cyberattacks and the dynamics of ransomware
have evolved significantly over the past several years.

The concept of “big game hunting”—targeting
high-value entities such as banks and financial institutions whose disruption
could harm a nation’s economy—is emphasized by the Ransomware-as-a-Service
model. This model enables adversarial nation-states or organized crime groups
to develop sophisticated malware while lowering the barrier to entry for
cybercriminals and threat actors, using these groups as proxies in loosely
coordinated campaigns against economically significant sectors.

For financial
institutions, the fallout from a ransomware attack can be catastrophic,
potentially leading to operational disruption, significant financial loss, and
erosion of customer trust. It is vital for these institutions to stay informed
about the latest ransomware tactics and the vulnerabilities within their
technology stack through advanced threat intelligence and global cybersecurity
networks.

Establishing an Enterprise Security Framework

An information security framework consists of documented
processes that define the structure for developing a corporate policy. This
policy outlines the key elements of the security governance structure, assigns
responsibilities, and aligns security practices with business goals. These
policies are generally divided into three key segments: regulatory, advisory,
and informative.

Ensuring alignment with industry standards such as the U.S. Department of Commerce’s NIST Cybersecurity Framework (CSF), which provides a structured approach to managing cybersecurity risks, emphasizing the need to identify, protect, detect, respond, and recover from incidents. It guides institutions in prioritizing cybersecurity
initiatives and effectively allocating resources. By integrating a robust
enterprise security framework through corporate policies and operational
processes, financial institutions can strengthen their overall security
posture.

Secure Data Backups

Given that ransomware exploits the critical need for
organizations to access their data, maintaining frequent and secure offsite
data backups can enable institutions to restore operations, provided the
ransomware has not also impacted the backups(s). Many threat actors involved in
ransomware campaigns are often blacklisted by the United States Department of
the Treasury, making ransom payments a potential violation of international
sanctions. Therefore, organizations attempt to recover rather than make
payments.

However, backups themselves are of no use if the backup copy
is compromised. Therefore, organizations must ensure backups are secure and
resilient in their own right.

Employee Training and Awareness

Organizations invest heavily in securing their
infrastructure, applications, and overall network environment. However, the
security of digital networks is only as robust as the people operating them.
It’s often easier for hackers to (metaphorically) “knock on the door”
rather than “break it down.”

Phishing emails, which initiate about 90% of ransomware
attacks, target employees with access to sensitive networks. This underscores
the importance of training and awareness, positioning these elements at the
forefront of an organization’s enterprise security framework. As cyber threats
evolve, training programs must also adapt, fostering a culture where security
awareness is paramount and suspicious activities are promptly reported.

Incident Response and Recovery Plans

A well-defined, regularly tested incident response plan is
crucial. This plan should outline the steps for isolating affected systems,
communicating with stakeholders, and involving external experts (e.g. legal and
forensics) to limit damage and reduce recovery time and costs, both direct
(such as re-provisioning) and indirect (such as loss of reputation and market
share).

Costs of Cybersecurity: Penetration Testing for
Blockchain Networks

Penetration testing for blockchain, vital for cryptocurrency
exchanges, can be viewed as expensive. However, with cyber incidents on crypto
exchanges or de-fi projects potentially resulting in losses in the hundreds of
millions, the high cost of testing is a justified investment in security and
operational integrity. However, it may pose a barrier to entry for innovative
startups looking to develop their service offerings in this sector.

Partnerships and Collaboration

Building partnerships with other financial entities,
technology providers, and cybersecurity firms enhances security efforts. These
collaborations can lead to the development of new security standards and
protocols that benefit the entire industry.

Navigating the complexities of digital security requires
vigilance and adaptation. By investing in enhanced cybersecurity measures,
financial institutions, particularly those in the foreign exchange and
cryptocurrency sectors, not only defend against immediate threats but also
build a foundation for long-term security and trustworthiness. The significant
costs associated with securing blockchain networks, while substantial, are
essential expenditures that underpin the operational viability and resilience
of these institutions.

spot_img

Latest Intelligence

spot_img

Copyright @ 2024 Plato Technologies Inc.