Ever since the Great Recession, the financial services industry has been under intense scrutiny and regulation. As hyperconscious as this oversight may seem, firms ranging from boutique hedge funds to family offices continue to feel the pain of increasingly clever cyberattacks. In fact, a report by the Boston Consulting Group explains that an independent cyber attack is three hundred times more likely to hit the finance world versus other sectors. The purpose of this blog post is to identify trends where possible and raise the bar for standard operating procedures across your firm. In turn, we’ll help minimize your chances of both falling victim and falling further into the throes of regulation, fines, and red tape.
Let’s start with a simple yet profound statement that ninety percent of all cyberattacks begin with a malicious email. This known exposure makes our diagnosis a whole heck of a lot easier, as we can now focus attention on the inbox. Long gone are the days of a traditional bank heist with ski masks and high speed chases; a productive cybercriminal can now diversify their attacks hundreds of thousands of times over in a single day and prey on the weakest link. There are approximately 15 billion spam/phishing emails sent per day, nearly half of which target or impersonate financial institutions.
So you make a mistake - it happens, and we’re human. I make plenty of mistakes each and every day. How does it manifest from a malicious email? Let’s cover techniques unfortunately trending up and to the right (a surprisingly bearish indicator):
Business Email Compromise
What it is:
*Simply put, this is impersonating an executive and using the art of deception for direct financial gain
*The cybercriminal has done their homework and, while posing as a colleague, urgently requests a transfer to be sent to a trusted vendor with slightly modified instructions (unbeknownst to the victim)
*A link to a spoofed website doctored as legitimate is also a common component of business email compromise
How to identify:
*Be on the lookout for slight variations on legitimate addresses Example: (kelly.smith@abccompany.com vs. kelly.smith@abccompany.ru) fool victims into thinking fake accounts are authentic
*Exercise caution when the email reads with a sense of urgency
How to protect:
*Implement natural language processing technology (NLP) in your inbox to help analyze the tone and messages in real time as an additional layer of protection. This can run passively in the background while you work!
*Color code your inbox so that any slight variations to the domain will be obvious to the naked eye
*When possible, confirm requests for financial transactions or sensitive data either over the phone or face to face before executing
Ransomware
What it is:
*Merriam-Webster defines ransom as “a sum of money or other payment demanded or paid for the release of a prisoner"
*In the world of Cyber, the “prisoner” is simply systems or data that are invaluable to the victim
*Through a series of events including exploitation, destruction of backup systems, and the encryption of your data, you will be faced with a decision to either pony up or go on the offensive
How to identify:
*Be on the lookout for high volume of files renamed
*When Ransomware strikes, it will result in a massive increase in file renames as your data gets encrypted
*Over the course of a business day, you shouldn’t typically see more than just a few across your organization
*Identify known ransomware extensions in the files themselves
*Open source links such as this crowdsourced Google Sheet explicitly identify known ransomware file extensions. If you see something that is atypical, run a quick search for peace of mind
How to protect:
1) Backup your data and keep the routine
a) Most professionals (ourselves included) recommend backing up sensitive data at a minimum of once per week
b) If possible, you should look to complete this exercise once per twenty- four hours
c) You can easily locate data backup solutions by running a quick Google search and comparing apples to apples on vendor support, features, price, and customer reviews
2) Deploy software defenses
a) As mentioned above, most ransomware attacks are the product of a phishing email. By deploying expert machine learning combined with language analysis, you and your colleagues can be coached away from suspicious emails by means of an email inbox guardian. Paladin Citadel proudly touts an inbox add-on, handling these reviews comprehensively in real time, as one of the key features of the program
3) Training and Behavioral Change
a) When you don’t work in IT by definition, it can be difficult to remember best practices and maintain vigilance throughout a given workday. By testing your employees with craftily worded sample phishing and providing concise and snack-able trainings, you can mitigate the biggest risk to your organization: human error. We at Paladin pride ourselves in being education first, taking the time to coach you through the reality of cybersecurity.
Banking Trojan
What it is:
Spread through a malicious email (quite trendy), this Trojan based infection may arrive either via malicious script, macro-enabled document files, or malicious link.
In terms of distribution, this form of “malspam” will overtake your contact list and send emails directly from your legitimate address
These programs will work through lists of commonly used passwords to gain direct access to financial accounts, sensitive data, and ever increasingly Bitcoin wallets
How to identify:
*If you start to receive emails that have suspicious links, doctored domains, or slightly modified sender names, you are likely being targeted
*Your best fighting chance will be through educating your employees, as game speed identification is really your only fighting chance
How to protect:
*Similar to some of the protections to combat business email compromise, you should be vigilant about carelessly clicking on any links embedded in emails
*Maintain proper backups for critical files and data so you may wipe infected systems if needed
*Educate your employees through hands on training to improve upon their overall cyber behavior
A comprehensive overview of all attack vectors popular in the financial services world deserves its own book rather than a blog post. With that said, the most critical takeaway is that both protecting the inbox and improving employee behavior will undoubtedly be the foundation of your cyber defense.
If you feel as though you are undergoing one of these attacks, feel free to give us a call and we will happily help diagnose and discuss the best plan of action moving forward. To learn more about how Paladin will effectively and passively protect your business and employees against this unfortunate world of cyberattacks, chat with us by clicking this link.