Major US banks and other financial companies and institutions are currently preparing in anticipation of cyberattacks from Russian hackers in response to the economic sanctions Biden administration officials have imposed upon Russia in the wake of the Ukraine invasion from early 2022. Other countries have followed suit in imposing sanctions, with assets of various Russian financial organizations and notable figures being frozen as Russia continues its onslaught against Ukraine.
European and US-based regulators have been warning financial institutions of a potential increase in attacks that aim to cause as much loss and disruption as possible. Damage to financial institutions often causes a ripple effect, leaving a lasting impact on other businesses as well. And it’s not just banks that need to strengthen their protection in anticipation of a cyberattack onslaught from Russian attackers–other financial and fintech companies and organizations can stand to benefit from enhancing security also. Start-ups, with their smaller, overstretched IT teams and an already large workload, are particularly vulnerable to threats.
Cybersecurity should always be a priority in the financial–and indeed the fintech–arena. After all, these organizations deal with highly sensitive information that is valuable to both organizations and consumers, as it handles personal and company finances. Attacks from Russian-based threat actors are not a new problem, but they may be on course to get far worse in light of recent events. Heightening tensions between the West and Russia have also been compounded with a shortage of IT staff, an increase in remote and hybrid staff, and the continued mass migration to the cloud.
Why Hackers Are Targeting Finance
Western organizations and institutions of considerable importance can expect to see an increase in hacking attempts from Russian threat actors in the coming weeks, months, and possibly years–particularly if an attack on a particular organization will cause significant disruption and damage. This is a driving reason as to why finance in particular is getting singled out.
Yet a potential rise in attacks against financial companies and institutions from Russian hackers can also be suspected to largely be a like-for-like response to the restrictions and sanctions Western nations have imposed on Russia’s financial services and banks. This is something particularly feared after the removal of a number of high-profile Russian lenders (most notably among them VTB, Russia’s second largest bank, and Promsvyazbank, a state-owned bank that’s financing the war on Ukraine) from the international payment service Swift.
What Companies In The Finance Industry Can Do
It might seem like an insurmountable task to protect against such a seemingly unstoppable force but maintaining best practices and extensive vulnerability assessments is a critical step towards safeguarding your company’s–and your clients’ and customers’–data.
Some best practices that you can implement to secure your organization against Russian cyberattacks include:
While it might be the engine that keeps the business world turning, email communication remains one of the largest–if not the largest–attack vectors that hackers frequently take advantage of, with around 25% of all data breaches involving phishing. In a phishing attack, an attacker sends an email to a targeted end-user, impersonating a trusted sender and manipulating that user into clicking on malicious links or files which can download harmful malware and ransomware onto the server once clicked or opened.
Email phishing relies on a range of tactics–both technical and social engineering based–to make an email appear legitimate to trick the user into thinking it has come from a trusted source. And it’s becoming increasingly prevalent: 81% of organizations worldwide have experienced an increase in phishing attempts in the last two years. A successful phishing attack can result in financial loss, reputational damage, and the loss of sensitive data, making its prevention critical for companies to include in their cybersecurity architecture.
Email encryption helps remediate this issue by protecting the contents and attachments of an email to make sure that only the intended recipient receives confidential and sensitive data and information. It helps to reduce the overall risk of data breaches and keep sensitive information where it should be–away from threat actors. Information in the wrong hands can lead to devastating breaches that can be incredibly costly–in the 2021 Data Breach Investigations Report (DBIR) from Verizon, it was reported that stolen credentials were the primary precipitating incident for an attack.
Email encryption offers end-to-end encryption, which makes sure that an email is encrypted from the moment it has left an inbox to when it arrives at its destination–ensuring no one beyond the sender and intended receiver can view and access the content. Other features of a strong email encryption solution should include Data Loss Prevention (DLP), a range of delivery methods so Best Method of Delivery (BMoD) can be applied, strong end-user controls, recipient authentication, an intuitive and insightful dashboards for admins, and a high level of accuracy.
You can read more about what to look for in an email encryption product here: 8 Features To Look For When Choosing An Email Encryption Solution
Secure Email Gateways
Secure email gateways (SEGs) are an email cybersecurity tool that protect both external and internal email communication. As the name might imply, SEGs are essentially just gateways for email content to pass through for inspection. Deployed as either as a physical device, a piece of software, or cloud tool (the choice of which is often dependent on how the company’s email server is deployed), SEGs monitor all incoming and outgoing mail for any anomalies, malicious senders and content, to help prevent the distribution of malware and phishing attacks via email.
Some SEGs also enable admins to configure data loss prevention policies, which instruct the SEG to scan outbound content for sensitive information. Any sensitive information that is detected leaving the organization can either be blocked—if the recipient is not within guidelines or the content leaving shouldn’t be going out—or automatically encrypted. SEGs are an excellent add-on to email encryption tools, as not all encryption solutions offer internal or same server email scanning at the gateway.
However, Secure Email Gateways (SEGs) are not infallible and in the face of a tidal wave of cyberattacks it doesn’t hurt to be prepared. Email is something worth securing twice over, as around 90% of cyberattacks are email-born (specifically, 94% of malware attacks originate from an email). Adding an extra layer of defense in the form of API-based solution operating at the mailbox level can enhance protection in areas where your traditional gateway tools may be lacking. API-based solutions like IRONSCALES can scan and remediate any anomalies with incoming mail after it’s passed the initial SEG checks, offering enhanced anti-phishing protection.
Identity And Access Management
Identity and access management (IAM) systems are a critical component of any robust cybersecurity measure. IAM utilizes a number of security protocols that revolve around–unsurprisingly–the identity and access permissions of each user. Identity management focuses on managing the user identities and verifying them via authentication protocols, while access management determines what access these users should have to corporate systems, applications, and services. And it’s not just users that IAM solutions manage–it also keeps the identities of applications and devices in check as well. A lot of IAM solutions can work as an add on to robust legacy solutions to create a stronger, more layered approach which can throw more obstacles in the face of attackers.
IAM works by consolidating a range of protocols such as multi-factor or two-factor authentication (MFA or 2FA) and single sign-on capabilities, which help prove that a user is a real person, trying to access a service legitimately, in real time. They also offer strong reporting features for administrators, allow admins to easily and centrally manage user identities, and easily provision and deprovision user access.
Applying MFA or 2FA at all levels and to all users–both employees, clients, and consumers alike–is a critical part of securing your business against cyberattacks. MFA works by verifying the identity of each employee via two or more of the following methods:
- Something they know: Passwords are the most common one for this, but the user answering a security question is also frequently seen
- Something they have: This is where authentication apps, dongles and tokens really come into play. A user will have access to a pre-downloaded app or a physical dongle that provides one-time access codes that need to be entered at the point of sign-in to verify their identity
- Something they are: This pertains to the biometric side of things. Think fingerprint and face scans
Single sign-on is an authentication tool that allows users to sign into a server with one set of credentials so they can access multiple applications at once without having to re-enter their credentials at any point. The provisioning and deprovisioning of users specify what levels of access a user should be granted, based on a series of predetermined rules.
Privileged Access Management
Privileged access management (PAM) is a more advanced access management tool that is best suited towards enterprise-level organizations, often due to the cost and the sheer time and workload needed to deploy and configure but is highly worth investing in if budget and staffing allow. Like IAM, PAM refers to a system of protocols that control, monitor, secure and audit all identities–both user, device, other technology, and more–across an enterprise’s server. They offer secure credential storage and credential rotation, to help prevent attackers from gaining access to critical corporate systems.
PAM solutions are built around the principle of “least privilege”–meaning, everyone and everything gets the exact or bare minimum level of privilege they need in order to perform their exact duty, nothing more and nothing less. To achieve this, they reduce the level of access users and applications have, thereby limiting the lateral spread of account takeover attacks throughout an organization.
Backup And Recovery
Last but certainly not least, we recommend deploying an air-tight, fool proof backup and recovery solution. While having backups might seem like an obvious thing to any company, with fintech it’s even more of an imperative. For a lot of fintech companies, clients and customers can find themselves unable to manage their personal finances once systems are down, which puts them at a considerable risk.
But it’s not enough to just create data backups of individual files–companies need server backups as well, in case of widespread destruction as a result of a natural disaster or a ransomware attack. Creating and managing these backups can be a challenge, particularly for organizations with large amounts of sensitive, historical data that must be stored securely. And restoring backups in the event of data loss can be even trickier. But a backup and recovery solution can make the challenge much easier.
So, what does a robust backup and recovery solution look like?
Backup and recovery solutions can be stored physically on hard drives, though it is increasingly common for companies to opt for cloud backup solutions as they are easier to backup and maintain on a regular basis. Software-based backup solutions are more complex to deploy and configure than hardware appliances but offer greater flexibility. They allow you to define which systems and data you’d like to back up, allocate backups to the storage device of your choice, and automatically manage the backup process. Whatever backup solution companies decide to opt for, they need to be regularly maintained and tested to make sure that anything and everything that is important is backed up and secure–and that it stays that way.
There are two objectives that need to be considered when a company is configuring their backup solution: Recovery Point Objective (RPO) and Recovery Time Objective (RTO). RPO is essentially how much data a company is willing to lose in the event of a breach, which is determined by the pre-set frequency of the automated backup solution. If a company’s frequency is 24 hours, that means if the RPO hasn’t hit the 24-hour mark by the time there’s a breach, all data from that day will be lost, but everything older than 24 hours will be backed up and protected. RTO is how long it will take for data and servers to be restored, and how long it will take for the company network to be up and running again.
Vulnerability management refers to a specific program system that utilizes a range of processes and protocols to seek out, identify, analyze, respond to, and report on any vulnerabilities within a network. Vulnerabilities are exactly that—vulnerabilities within your network that, if left alone, are liable to be taken advantage of by threat actors to gain access to your network and therefore your data. For more on vulnerability management and how it specifically works, check out our blog here:
What Is Vulnerability Management?
A lot of these tools are considered part and parcel of any standard security framework but making sure that they’re configured correctly and regularly tested and improved to make sure they can withstand a sudden spike in attacks is key in preparing against an expected tidal wave of Russian-based attacks.
Russian-based cyber threats are nothing new, but the unprecedented scale of attacks against financial institutions certainly is. While it might seem like a daunting task to secure your organization in the face of heightened and advanced attacks, sticking to best practices and patching vulnerabilities can help your organization stay protected.