I’ve asked Michael Monday to co-author this blog post on ransomware. He specializes in cybersecurity in financial services as Accenture Security’s North America Banking Lead. Having begun his career in the US Air Force, Michael knows all about precision, rigor and why offense is often the best defense against bad actors.
The threat of cybersecurity breaches has always kept bank chief security officers (CSOs) up at night. But the headlines about recent ransomware attacks have been like late-night jolts of caffeine for them. For one company, the attack occurred because a single password was stolen. Just one password, that’s all it took.
Middle market banks have a target on their back
Not surprisingly, the financial services industry is a prized target for ransomware attacks. Middle market banks are especially vulnerable. As a group, they don’t have the sophisticated cyber defenses or elite in-house cybersecurity skills that the big banks have. Adversaries know this, and they see middle market banks as both easy and lucrative marks.
Think this is just a CSO problem? Think again.
Middle market bank CSOs understand the need to predict, detect and protect against breaches, including the insertion of ransomware. Yet many are in a difficult position. They must juggle competing priorities with resource limitations—and within an ever-expanding threat landscape. After all, the bad guys are good at innovation.
While there’s no doubt that CSOs have a key role to play in preparing middle market banks to repel ransomware attacks, this is not their problem alone. Far from it. Ransomware threats are enterprise-wide crises that demand enterprise-wide crisis management. This is especially true given the regulatory environment and the tenor and requirements of the recent Cybersecurity Executive Order, which we think will help set new baseline standards and increase information sharing across the government and private sector.
Going on the offensive against attackers
So much hinges on middle market banks’ enterprise-wide approach to ransomware threats. How they respond to and recover from these attacks is a clear competitive differentiator. It can make or break relationships with partners and customers. And the hard truth is that it’s no longer a question of “if” these attacks will happen, but “when.” To go on the offensive, banks should focus first on three fundamentals:
- Prepare with precision. As part of enterprise-wide crisis response efforts, banks need cyber incident response teams—or CIRTs. These teams include IT professionals as well as stakeholders from across the business, each with a distinct role and responsibilities. Their work is guided by rigorous playbooks that are developed and continually revisited outside of crisis response situations, never in the heat of the moment. Having a trusted playbook in place is critical to ensure that cross-disciplinary teams are aligned, processes are crystal clear, everyone who should be engaged is, and the entire response is organized and systematic.
- Practice like you fight. In the military, soldiers train like they fight, and they fight like they train. This should be every middle market bank’s mantra in the battle against ransomware. Banks should never wait until an incident occurs to ensure that their playbook is complete, and that their CIRT has the capability and agility that it needs. The value of running through scenario-based ransomware attack simulations cannot be overstated. They are an excellent way for banks to pressure-test their responses and vulnerabilities and make meaningful improvements so that they are truly ready when an attack happens.
- Invest in resilience. Part of gauging vulnerability to cyber breaches is taking a hard look at system vulnerabilities. In most cases, middle market banks are very likely to need to rearchitect systems and/or install security patches to meet regulatory requirements. They must ensure that their systems’ back-up and restore capabilities are robust enough so that malware doesn’t inadvertently continue to cycle through the system. In addition, supply chain security practices are key to reduce exposure to attacks on partner systems that could directly or indirectly impact a bank’s systems. Because vulnerabilities in a partner’s systems create vulnerabilities in the bank’s systems.
Ransomware threats aren’t going away. But readiness is within reach.
Ransomware threats will continue to be a 3:00 a.m. issue for leaders. The potential damage to banks is serious and far-reaching, including everything from business continuity to reputation. But middle market banks don’t have to go it alone. By shoring up their teams, tapping into the weight of the full enterprise and working with skilled partners in key areas, readiness is within reach.