How can the FS&I sector protect itself from cybercrime?

Cyber security remains a huge challenge for the financial services and insurance sector today. Ransomware, in particular, continues to be a menace for many businesses and there are few signs of it going away. If anything, it’s even more difficult to defend against, even for the best resourced organisations. Industry analysts and commentators are now warning about the damaging effects of cybercrime on the UK’s economy.

As IT estates have grown larger and become more complex, few banks, building societies, insurers or asset management companies have the resources to maintain a proficient cyber security team that can stay ahead of the threats seen in the digital economy. Even if they do, experienced cyber security professionals are in hot demand, so there’s the added challenge of attracting, training and retaining skilled security professionals in a fast-moving and ever-evolving market.

And then there’s the consideration about which security tools are most effective against cybercriminals’ current attack methods and those they might employ tomorrow. Adversaries are known to regularly change their tactics, techniques and procedures (TTPs), so any security system needs to be flexible and easily adaptable.

And while there’s no shortage of security products promising to secure everything under the sun, they need to be configured, connected, and managed to keep up to date with the current threat landscape and automated where possible to save time.

So, it’s no surprise that security analysts now repeat the phrase that it’s not if but when any organisation will experience a cyber-attack. The well-reported increase in geopolitical tensions and conflicts around the globe are only exacerbating the problem. The financial services and insurance industry remains a high-priority target, not just because they are perceived to be able to afford to pay higher ransoms but because of the confidential and sensitive data they hold.

Readily available ransomware tools for cybercriminals

The emergence of Ransomware-as-a-Service (RaaS) has lowered the barrier to entry for cybercriminals trying to make an easy profit and allowed lesser-skilled criminals to launch attacks. Recently, analysts have noticed a change in tactics too. Threat actors are increasingly employing multi-tiered extortion tactics – double, triple and even quadruple extortion. The earlier tactic of simply breaching a system and encrypting data to hold a business to ransom has mostly become obsolete.

Double extortion – the practice of encrypting and publishing data – is now the most common approach. And now more criminals are turning to triple extortion where they put pressure on the victim’s partners and customers to raise the stakes. Some are taking their attacks to another level with quadruple extortion – adding distributed denial of service (DDoS) attacks on top.

Recently, in a bizarre twist, a prolific ransomware group audaciously tried to use the new US Securities and Exchange Commission (SEC) rules about the requirement to disclose breaches with “material impact” within four days against its victim to pressure them into paying the ransom fee.

According to the latest Microsoft Digital Defense Report, published in October 2023, “last year marked a significant shift in cybercriminal tactics”. Ransomware made up 29% of all cyber-attacks in the 12 months to the end of June 2023, behind identity attacks. Human-operated ransomware attacks rose by over 200% since September 2022 and 70% of their targets were organisations with fewer than 500 employees.

On a positive note, only 2% of attacks progressed to a successful ransomware deployment for “organisations with a strong security posture”.

So, with attacks intensifying, what can financial services and insurance companies do to protect their assets, their data and their reputations from harm in the short-term and ensure their approach is future-proof? How can they achieve a strong security posture without needing their own in-house security team and a big budget to pay for it?

If you would like to learn more about our services or discuss anything related to cyber security or data security, please contact us on 0333 444 0041 or via [email protected].