The comprehensive 2020 Ransomware Report released by SWK partner Datto at the start of 2021 has many valuable lessons to impart for the industries most affected, including financial services. After the healthcare sector, those in finance and insurance were the next most likely to be targeted (the fourth were any professional service firms) according to respondents, with half of the over 1000 managed service providers (MSPs) surveyed indicating so. With how many independent advisors and broker-dealers have to outsource their IT to exactly the type of partners this report canvassed, these findings give serious implications about the state of malware cybersecurity in your industry.
Here are some of the top takeaways from the 2020 Ransomware Report that will most impact financial services:
What Was Learned from the Datto 2020 Ransomware Report
The study uncovered several key findings and reflected the progression of trends that had been observed in recent years with malware threats, and the increasing number of gangs that rely on them to gain a more reliable ROI. Some of the biggest highlights include:
- Ransomware was the #1 malware threat of 2020
- 94% of MSPs predicted it would grow at the same or increased rate YoY
- The pandemic was likely the biggest factor in ransomware’s growth
- 59% of respondents attributed it to the mass remote work shift
- Downtime was the biggest cost from a successful breach
- Post-ransomware expenses increased 94% since 2019
- BCPs with adequate backup and disaster recovery mitigated the costs of a breach
- 91% of clients with BCDR solutions avoided significant downtime
There are some clear conclusions to draw from the MSP respondents’ learnings: ransomware will likely get worse, remote worker cybersecurity needs to be a priority and your data is your most vulnerable mission-critical asset against malware. Operating in a professional service space, financial advisors and brokers will be heavily impacted by these trends if they continue, with exposed user endpoints handling any number of valuable customer files that could be encrypted for ransom.
Financial Services & Insurance Most Targeted After Healthcare
Survey respondents were asked to select industries they had observed as being susceptible to being targeted by ransomware for the Report. The results followed trends from the 2019, except for the top contenders which surged upwards in attack rates during COVID-19. Those selected by the surveyed MSPs, in the percentage of those that responded yes, can be seen below:
- 59% Healthcare
- 50% Finance/Insurance
- 45% Government
All three of these sectors have a few things in common, but chief among these is the level at which was impacted from the onset of the pandemic and how they were forced to respond to their respective disruptions. Another shared factor is the sensitivity of much of the data managed by the majority of organizations within them, which would require additional efforts from every one of them to prevent exposure while shifting to a distributed workforce.
User Security Practices the Biggest Vulnerability
Being a service firm where good customer communication and account management are key, the security your users practice becomes your first – and often last – line of defense all the cyber threats out there. The answers given by the Ransomware Report’s respondents indicate that that most successful breaches occurred when employees failed to provide this, either out of ignorance or negligence. Human-facing functions and tools were the primary channels of attack, with the MSPs surveyed attributing the majority of these to:
- 54% phishing email
- 27% lack of secure user practices
- 26% lack of cybersecurity training
- 21% weak password management
It should be obvious that almost all of these are interconnected and are not mutually exclusive of each other, reflecting the role that individual-level cybersecurity plays in protecting your business from ransomware. Nor is deploying an automated cyber defense solution the simple answer – the respondents also claimed that they saw hackers frequently get past antivirus and even antimalware software.
Business Continuity Planning Makes the Difference
The 2020 Ransomware Report did have some good news on top of the bad – despite the majority of those who were hit by ransomware losing productivity (and many of these experiencing critical business losses), a good business continuity plan enabled recovery for most. While having a good backup solution made a huge difference, respondents stressed that having a layered approach was the most effective defense. Some of the tools and systems highlighted by these MSPs included:
- Business continuity and disaster recovery (BCDR) solutions
- Employee cybersecurity training
- Endpoint protection
- Patch management
- Email filters
- Multi-factor authentication (MFA)
It should be noted that many of these are also increasingly recommended by FINRA, which echoes the advice that firms should be layering their cybersecurity as well.
How Secure is Your IT Service Provider?
One area where the respondents agreed on was that they themselves were being increasingly targeted by ransomware gangs. Your managed service provider could become a viable backdoor to capturing control over your IT systems if they do not do their own due diligence in protecting themselves. Many of those surveyed have begun partnering with managed security service providers (MSSPs), among other solutions, including:
- 44% using Single Sign-on (SSO)
- 30% using MFA
- 46% partnering with MSSP
An MSP versus an MSSP is roughly analogous to comparing a doctor versus a professional bodyguard – one oversees your IT health while the other protects you from external cyber threats. Providers that are able to leverage MSSP-level services (such as a security operations center (SOC) or security information and event management (SIEM) software) not only give you a better edge over ransomware, but provide your firm with the degree of cyber defense you need in the modern digital landscape.
The State of Ransomware in 2021 So Far
As 2021 unfolds, the predictions made in the 2020 Ransomware Report are being given plenty of chances to be proven or disproven, and unfortunately even those that may have been wrong are giving way to potentially worse trends. Cybercriminal gangs have indeed continued with the same frequency and tactics, but have intensified some of their efforts in what is looking like an ecosystem-wide escalation as security focus has increased across organizations. Some of more troubling – or interesting – developments include:
- The average amount of ransom demands and costs are growing
- Gangs are more likely to steal the data they encrypt
- Hackers are targeting supply chain partners
- Attacks targeting Microsoft Exchange servers are increasing
- Targeted industries like manufacturing and insurance are being hit even harder
- The length of downtime from ransomware grew on average
- Follow-up attacks on the same victim increased
Download the 2020 Ransomware Report to Learn More
These are only some of the takeaways from Datto’s 2020 Ransomware Report, and discovering all of the lessons gathered in this study will help you better plan for what is to come for the rest of the year. Quite a few of the predictions made in this survey are already coming to pass, and if you wait too long to take action you may find your firm a victim of the growing malware threat.
Download the 2020 Ransomware Report here and reach out to SWK Technologies ASAP with any questions about how to best protect yourself from the top cyber threats for financial services.