- August 31, 2020
- Posted by: Pat Riot
- Categories: CyberSecurity, Finance, Security Operations
Financial companies are under constant pressure to keep data safe. If a data breach were to occur, they are expected to act swiftly and transparently through the entire incident. Failure to respond in a timely manner to a data breach can result in massive federal fines, loss of customer relations, and most importantly – trust in the organization. Recent studies have shown that it takes over 100 days for a financial institution to detect a data breach, and an additional 50+ days to contain the threat. The outcome is an average cost of $3.8 million dollars to remedy. To put it into perspective, the following are examples of two different financial services companies: one that values cybersecurity and created a response plan and one that that felt that they were too small and didn’t have any information of value.
No Response Plan-
Let’s take a CEO’s perspective from an average SMB Financial Service Firm. An entry level new hire is going on their second week in the company and they seem to be hardworking and diligent but hasn’t quite gotten the hang of the company culture yet. During their second week of work, they receive an email from what seems to be the CEO asking them to RSVP to a company event coming up in a few months. Being new to the company, not knowing many employees, and trying to make good impression, he quickly RSVP’s with no hesitation. A few months go by, the new employee is getting used to their role and has pretty much forgotten about the company event. On the fourth month, he tries to access a client’s file on their cloud-based application but is denied access. Following the denial of access, a message pops up on the screen:
Unfortunately, the employee was hit with a Ransomware attack on his second week of employment and didn’t even know it. The attacker has encrypted all the user’s data and is holding the decryption code as ransom until a sum of money is paid. Frightened by the message, he takes the laptop to the IT department. IT analysists discover that the device had been infected by malicious malware software months ago and that RSVP wasn’t to a company event, it was to an attack. The malware had been extracting personal data, login credentials, and financial records for months without anyone knowing it was doing it. Waiting to obtain enough data and information to be valuable to the company. The IT team takes a picture of the ransom note, disconnects the infected device from the network. Law enforcement, compliance officers, employees & clients are all notified of the incident and an investigation is underway because this financial firm did not feel that cybersecurity was important. With no response plan or procedures written, important client data was not restored/backed up, the company decided not to pay the ransom. After paying almost $100,000 in restoration, data loss, and loss in productivity, the company still faces legal & compliance fines, increased spending on IT security budget, and loss of business. From a CEO’s perspective their entire organization is in jeopardy mainly due to the lack of focus on protecting the most important asset, their data. There was no mandated employee security training or cybersecurity policies which left this company vulnerable to attack.
In another example company, this company has focused on cybersecurity and identified how important assets are to their operations. This company made the choice early to leverage an outsourced cybersecurity provider who provides a Managed Detection & Response (MDR) software to monitor for threats as well as provides cybersecurity policies and training. If an employee would RSVP to the email sent to them & the malware begins to infect the device, the MDR and endpoint protection software immediately in real-time detects the suspicious anomaly/behavior coming from the end user’s device. A team of security experts begins to investigate the anomaly, determines it is an infectious virus, isolates, removes, and shuts down the device. Rendering the attack obsolete before it begins extracting data. The company is notified of the incident, pays ~$300 for a new device, and continues about their normal workday. Saving millions in damages. From the CEO perspective, being safe than sorry paid off.
As we can see the difference in the level of effort between these two financial services companies, with proper cybersecurity process, value, and procedures there isn’t a example to tell beyond planning keeps your client data safe. Unfortunately, for many financial organizations, due to the lack of the necessary tools & skills they are unable fortify their network by themselves.
Here, at Steel Patriot Partners, our artificially intelligent, machine learning MRD platform allows your company to detect, isolate, and terminate all malware trying to breach your network. All completely monitored 24/7/365 by a team of trained highly skilled security experts. Our software proactively hunts for any type of intrusion, suspicious behaviors, and other anomalies. Which is then investigated by our SOC Team, cross referencing all applications & activities used within a network, to determine if there is truly a threat. Eliminating false positives and wasted time. Don’t RSVP to your own ransomware attack, return the message back to the sender.
For more information on how our SPP MDR software can help you respond to cyber threats in real time give us a call at 703-297-4405 or email [email protected]! We excited to talk!