Financial services sector remains top target for cybercrime, says IBM

New report underlines need for back-up to protect against ransomware and malware attacks

Ransomware - in which malicious software infects and shuts down an IT or OT system and can only be removed once a cash ransom has been paid - is growing in popularity as a form of attack against system
Ransomware - in which malicious software infects and shuts down an IT or OT system and can only be removed once a cash ransom has been paid - is growing in popularity as a form of attack against system

Of all the personal detail exposures, and of all the compromised data banks in 2019, 86 per cent of the damage done was due to ‘inadvertent error.’

According to a new report from IBM, the financial services sector retained its top spot as the most targeted sector in 2019, industry-specific targeting highlighted shifting priorities for threat actors, with retail, media, education, and government all moving up on the global chart of the most targeted sectors.

"We see there are lessons that the Irish government can learn from the ransomware attack spree that's targeted US government entities over the past year. It's critical that the government focuses on building the right defences to prepare for and thwart attacks that threaten the resilience of government infrastructure" Paul Farrell, general manager IBM Ireland, told The Irish Times. "How? By practicing preparedness and experiencing attacks before they happen. Through simulation tests government entities and companies can learn how to better react under pressure and ensure they have a robust, effective and quick incident response plan in place.

“Also, backing up data is a vital step toward cyber resilience. Ensuring not only that that they have effective backups of critical systems but that they’re also testing these backups - this can determine the size and scale of impact that a cyberattack could have.”

READ SOME MORE

The companies and organisations deemed most at risk from attacks are those which link up their IT infrastructure, and their operational technology (OT) (which includes both hardware and software that directly carries out tasks, for example traffic management systems, or software that controls industrial milling machines).

Such attacks can have implications beyond those that affect the company or organisation being attacked: IBM’s IRIS team cites one 2019 example, where a company was attacked with ransomware which leaked into the operational systems of a factory. The enforced shut-down of that factory caused “a ripple effect in global markets.” Such operational systems and software are often more vulnerable than IT systems, because they often rely on older ‘legacy’ hardware or software.

Ransomware - in which malicious software infects and shuts down an IT or OT system and can only be removed once a cash ransom has been paid - is growing in popularity as a form of attack against systems, but 2019 has also seen the rise of ‘destructive malware’ - software that enters a vulnerable system solely to delete, wipe, and destroy that system’s ability to operate.

Previously generally only used by governments, seeking to upset the efforts of other nations in weapons manufacture or other sensitive areas, destructive malware is on the rise among private hacking groups, says IBM.

Destructive attacks are estimated to cost an average of $239 million, over 60 times more than the average cost of a data breach.

It is ransomware that remains the biggest threat, though, and such attacks grew by 67 per cent in the last few months of 2019. Of note were municipal and public institutions that suffered ransomware attacks, as well as local government agencies and healthcare providers. Attacks on these types of organisations often caught them unprepared to respond, more likely to pay a ransom, and in some cases under extreme stress to recover from the attack due to threat to public safety and human life.

So what can we do to protect ourselves? Well, aside from the usual personal good practices of not repeating login passwords across multiple services, and being judiciously careful about what we click on in an email that looks suspicious, there are bigger, broader options that are more useful for companies and government departments.

The key is the good use of intelligence data, such as the fact that financial institutions, retail companies, and transportation servers are the most likely to be hacked right now, and deploy cyber-security services more frequently in those areas.

Making sure that multi-factor authentication is used - such as using one-time text message codes in addition to a username and password - can also be of huge help, given that ‘credential theft’ was one of the most common attack methods used in 2019. And, of course (for both individuals and companies) back up all of your key data often, and keep an off-line backup at all times.

Neil Briscoe

Neil Briscoe

Neil Briscoe, a contributor to The Irish Times, specialises in motoring