How cold storage can freeze cyberattacks in their tracks

Cybercriminals are now initiating assaults on software and security protocols in order to disrupt everything from governmental and utility businesses to operations at public facilities, like hospitals and schools. 

While Russian cyberattacks were originally focused on critical infrastructure in Ukraine, cyber experts and government entities fear that efforts will be expanded to the United States and other NATO countries as retaliation for sanctions against Russia. 

Now, the U.S. Cybersecurity & Infrastructure Security Agency (CISA), which is part of the Department of Homeland Security, has issued a warning to businesses saying they should be prepared to defend against state-sponsored Russian cyberattacks.

Here's why financial institutions should respond to the CISA guidance and prepare for potential cyber threats.  

Financial institutions are prime cyberattack targets

Even before the Ukraine conflict, financial institutions were reportedly 300 times more likely than other organizations to experience cyberattacks. 

Prominent authorities have long sounded the alarms about the dangers of these threats to the financial sector. In 2020, Federal Reserve Chair Jerome Powell identified cyber concerns as one of the greatest risks to the financial system.

There are also many kinds of cyberattacks. According to a report by the New York Federal Reserve, cyber events that can result in major economic consequences for financial organizations often target three main vulnerabilities:

• Confidentiality: In this attack, sensitive information, such as customer social security numbers or proprietary trading records, may be hacked and publicized. In addition to compromised data and liability costs, banks would also likely suffer reputational costs.

• Availability: Some cyberattacks can affect the availability of bank resources or immobilize capital and liquidity. An attack of this nature may impact a bank's ability to perform core activities. 

• Integrity: Security breaches can significantly compromise the integrity of company and customer data. For example, customer account balances or proprietary trading records may be impaired. These events can have direct costs to restore the integrity of the data and legal costs of resolving issues where integrity cannot be recovered. 

According to the report, a cyberattack on a major bank has the potential to spread quickly through the U.S. financial system, citing its ability to impair the flow of credit between financial firms.

As a result of such elevated cyber threats, federal law and oversight agencies now require greater accountability for any organization that experiences an attack. 

Victims of cyberattacks may be held accountable

Under new legislation signed by U.S. President Joe Biden on March 15, 2022, any organization that experiences what it "reasonably believes" could be a cybersecurity incident must report it to the Cybersecurity and Infrastructure Security Agency within 72 hours—or face civil action.

The Securities and Exchange Commission (SEC) is also considering regulations that would require some organizations to adopt and implement written cybersecurity policies and procedures to address cyber risks. 

In addition, any company that suffered from a cybersecurity breach would be required to report it to the SEC within a specified time frame. 

To avoid becoming a victim of a cybersecurity event, financial institutions can implement best practices within their organizations. 

4 strategies to prepare financial organizations for cyberattacks

Today's geopolitical events and regulatory actions make one thing clear: Financial institutions need to do all they can to heighten their readiness to combat cyberattacks. 

Here are four ways banks and financial service providers can better manage these risks.

1. Implement cybersecurity safety precautions 

One of the simplest ways financial organizations can protect themselves from cyber threats is to require multi-factor authentication to access all accounts and systems. In fact, the Director of CISA, Jen Easterly, says this one requirement can make organizations 99% less likely to get attacked. 

In addition, organizations should require strong and unique passwords across multiple accounts. Spam filters, industry-recommended virus protection, and timely software updates can lessen the system vulnerabilities and improve configuration management. 

2. Deploy cybersecurity training programs for the entire organization 

The best defense is a good offense, and employees who know how to spot and avoid potential threats can make all the difference. 

Institutions can consider initiating a cybersecurity training course for everyone in the organization. This course can teach employees how to identify common tactics attackers may use over email or through websites and social media to gain access to the company's systems. Also, employees can be encouraged to report when their computers or phones behave oddly, including crashes or lagging.

In the event of a cyber threat or attack, employees should fully understand what to do and who to contact internally. In addition, IT teams or company leadership can be trained on how to report incidents to federal and local government agencies, such as the regional CISA office and local FBI field office. Communication protocols can include partner companies, peer organizations, and vendors, as well. 

By making established connections with these parties, your organization can improve the odds of detecting cyber intrusions all around. 

3. Include cyber incident response in a business continuity plan

A continuity plan should include a detailed cyber incident response. It should specify how you'll operate if you lose access to your information technology (IT) or operational technology (OT) environment. 

A detailed plan should also answer questions, such as: Who in the organization is responsible for cybersecurity? What processes can be implemented to ensure accountability? How can we communicate about cybersecurity throughout different departments and teams?

Once the strategy is solidified or updated, consider running regular practice drills to test how all teams will respond to a crisis. This practice can help everyone involved learn to operate calmly and efficiently during an actual event.

4. Back up valuable data 

Backup and recovery planning can help financial organizations recoup more quickly from attacks, like ransomware. Ransomware is a cyberattack that takes files and data hostage unless a specific ransom is paid—and the price can be hefty. 

The banking industry was hit especially hard by ransomware attacks, with one study showing a year-over-year increase of more than 1,300% in the first half of 2021. 

While a solid backup plan may require an investment of time and money, even one intrusion could make it well worth it. All in, the cost of recovering from a ransomware attack, including lost productivity, device repairs, network costs, lost business opportunities, and the ransom, is estimated at a whopping $1.85 million. And not paying the ransom could mean your data is lost forever if it's not stored elsewhere. 

Essential information should be kept off-site, so it can be restored if an attack takes hold of company systems. In some cases, it may make sense to outsource certain aspects of your business to a cloud-based or offline storage system to increase your security. 

Take a proactive approach to cybersecurity

As the threat of cybersecurity concerns grows more intense by the day, financial institutions that prepare their IT systems and staff will be in a better position to defend against attacks. 

Learn how Iron Mountain can help you enhance your cybersecurity through our Information Governance Advisory Services.