The financial services sector is the backbone for India becoming a connected economy. Accelerated digitization of financial services has the true potential to further unlock economic value and drive financial inclusion. A prime example is the rise of digital payments and Non-Banking Financial Companies (NBFCs) adding a growth layer to the already robust traditional banking system. With the financial services transforming to keep pace with the dynamic customer demands, adopting a data-driven approach is further delivering new opportunities, meeting compliance standards, mitigating risks, managing frauds and delivering customer delight.
According to a report by KPMG, the transaction value of digital payments in India is expected to see a CAGR (compounded annual growth rate) of 20.2 percent between 2019 and 2023. While the market size of digital payments is growing tremendously, at the same time, the industry has seen an upsurge in cybercrimes like ransomware attacks too. The BFSI sector has become an appealing target for cybercriminals today. According to the Reserve Bank of India’s(RBI) annual report, fraud cases (involving ₹1 lakh and above) reported by banks/FIs increased by 28 percent by volume and 159 percent by value during 2019-20. The increase in digitization opens new avenues of security breaches, leading to a greater risk of data theft and protection. These sophisticated nature and quantum of cyber-attacks don’t just impact financial loss but also hamper substantial brand value.
This situation has only become increasingly complex under the pressure of the global pandemic and a remote workforce. Hence having a robust plan in place is important, for ensuring business continuity and ransomware resilience. While ransomware is extremely complex and a huge responsibility for organisations, there are steps that can be taken to mitigate risk from the get-go.
Understanding the threat
The main points of entry into any business for ransomware is through Remote Desktop Protocol (RDP) or other remote access mechanisms, phishing emails and software vulnerabilities. Knowing that these are the three main mechanisms is a huge help in focusing the scope of where to invest the most effort to be resilient from an attack vector perspective.
Most IT administrators use RDP for their daily work, with many RDP servers directly connected on the Internet. The reality is that Internet-connected RDP needs to stop. IT administrators can get creative on special IP addresses, redirecting RDP ports, complex passwords and more; but the data doesn’t lie that over half of ransomware comes in via RDP. This tells us that exposing RDP servers to the Internet does not align with a forward-thinking ransomware resiliency strategy.
The other frequent mode of entry is via phish mail. We’ve all seen email that doesn’t look right. The right thing to do is delete that item. Combined with training to help employees identify phishing emails or link, self-assessment tools can be an effective mode of first-line defense.
The third area that comes into play is the risk of exploiting vulnerabilities. Keeping systems up to date is an age-old IT responsibility that is more important than ever. While this is not a glamourous task, it can quickly seem a good investment should a ransomware incident exploit a known and patched vulnerability.
Back up data
With so much at stake,organisations in the financial services industry must also prepare for the worst-case scenario and prepare an ultra-resilient backup storage.
The 3-2-1 rule is a good starting point for a general data management strategy. The 3-2-1 rule recommends that there should be at least three copies of important data, on at least two different types of media, with at least one of these copies being off-site. The best part is that this rule does not demand any particular type of hardware and is versatile enough to address nearly any failure scenario.
Do not pay the ransom
In spite of these techniques, businesses must still be prepared to remediate a threat if introduced. Our approach is simple. Do not pay the ransom. The only option is to restore data. Additionally, organisations need to plan their response when a threat is discovered.
In disasters of any type, communication becomes one of the first challenges to overcome. Have a plan for how to communicate to the right individual’s out-of-band. This would include group text lists, phone numbers or other mechanisms that are commonly used to align communications across an extended team. In this contact book you also need security, incident response and identity management experts – internal or external.
There are also conversations to have around decision authority. Businesses must decide who makes the call to restore or to fail over before an incident takes place. Once a decision to restore has been made, organisations need to implement additional safety checks before putting systems back online. A decision also has to be made as to whether an entire virtual machine (VM) recovery is the best course of action, or if a file-level recovery makes more sense. Finally, the restoration process itself must be secure, running full anti-virus and anti-malware scans across all systems as well as forcing users to change their passwords post-recovery.
Today, digital services are not just enabling delivery of innovative products and services in the tough economy, but also increasing exposure to evolving cyber threats. Meeting changing customer demands while complying with industry regulations demands a robust data security and availability framework. Simply put, the impact of downtime goes beyond just cost implications thereby deeply impacting customer loyalty and brand reputation. What financial services really need is a resilient data management and protection strategy that deliver backup solutions for cloud data management.
Views in this article are the personal opinion of Rick Vanover, Senior Director of Product Strategy and Sandeep Bhambure, Vice President and Managing Director, India & SAARC, Veeam Software.