The rise of high-profile and sophisticated ransomware attacks with astronomical price tags has brought the topic of cybersecurity into C-suite conversations.

The financial sector is increasingly a target — a January survey reported financial attacks on the UK’s financial services firms were up 81% since the invasion of Ukraine — and it is struggling to keep up with the threat. The IMF recently reported that across 51 countries most central banks and financial supervisors had not introduced cybersecurity regulations or built the resources to enforce them, for example.

Even companies with an established data breach plan in place still find that an attack can throw everything into chaos. According to Veeam’s 2023 Ransomware Trends Report, while 41% of organizations have a “do-not-pay” ransomware policy, 80% tossed their rules aside and ended up paying the ransom anyway to recover their data and end the attack.

One company recently declared that it lost $50 million in its last fiscal year after it was hit by a cyberattack that took out online operations and hindered sales in an otherwise profitable period.

While cyberinsurance offers some protection, payment of claims can take months and coverage policies and premiums are in flux as insurers grapple with a steep rise in claims. Make no mistake: ensuring your company is prepared for a cyberattack is a financial priority as much as it is an IT one.

A persistent threat

One campaign that targeted financial institutions and consumers during the last tax season was named TACTICAL#OCTOPUS. The phishing campaign used seemingly valid tax forms and contracts, including employee W-2s, I-9s, and real estate contracts. Once victims opened the attachment, stealthy malware was deployed that contained the ability to evade detection by cybersecurity software.

Once malware infects, threat actors can infiltrate systems and exfiltrate sensitive company and customer data. Depending on the device's access controls, an attack could expose anything from the private financial details of a client’s merger or acquisition to Social Security numbers. In addition to selling information on the dark web, cybercriminals can hold the data for ransom by encrypting it.

The financial impact can be huge. The average data breach cost can be $120,000 to $1.24 million for small businesses and multimillions for enterprises.

Steps you might be overlooking

A proper recovery plan is essential in protecting your company's most valuable asset: its data. With a good plan, data can be easily and quickly restored, bringing systems back online without paying the ransom. 

While having the proper monitoring, detection, and mitigation tools in place is essential, as is ensuring software is as up to date as possible to avoid unpatched vulnerabilities, companies should not forget their last line of defense: immutable backup storage. 

The “3-2-1” backup method is a well-known straightforward best practice that calls for an organization to have three copies of its data, on two different types of storage media, with one offsite. Taking it a step further with “3-2-1-1-0", it is also essential that one of these backups be offline or air-gapped. In addition, they should also be immutable — meaning that the data stored cannot be modified or destroyed, no matter what.

Companies should also consider having a “breach counsel” — a legal team that can advise in the event of a data breach to ensure compliance is met and mitigate damages. This is important because most cyberattacks target multiple organizations at once. Breach counsels can help find out as much as possible about the attack, connect you with law enforcement, and check local regulations, leaving you to focus on customers and employees.

Finally, communication during a data breach will be critical. You’ll have to operate as a team with external stakeholders and co-workers across departments. Don’t let IT teams work on a breach plan in a silo; ensure the financial team is looped in as well. Keep in mind, however, that when attackers take systems offline, they may take any contact books, active directories, and email access with them, meaning you won’t have the proper information to contact your team. One of the most effective ways to bypass this is to ensure you have a robust LinkedIn network, providing another way to contact stakeholders in an emergency.  

In today’s threat landscape, company leaders, including CFOs, need to take full stock of their cybersecurity plans and ensure they’re ready for anything. The company’s financial health might depend on it.