Despite South African financial institutions imposing strict security measures, cybercrime in the local financial sector is set to spike with costly ransomware attacks predicted to increase.

This is according to Deon Smal, CEO of Cyber Insight, who says many high-profile financial services organisations have recently experienced ransomware attacks with the trend on a sharply-upward trajectory.

“A ransomware attack begins with hackers locking their targets out of their computer systems by encrypting them with malware,” he explains. “The damage can only be reversed if a sizable ransom is paid.”

Smal says financial institutions are appealing targets because they offer cybercriminals a broad attack surface to exploit as a result of the institutions’ increasing reliance on cloud platforms and the pandemic-accelerated “digital shift”.

He says financial institutions are also seen as easy or soft targets because they generally pay a ransom as demanded in order to draw a veil of secrecy over the attack, avoid negative publicity and protect their brand image. He notes that ransomware attackers use multiple extortions to pressure victims into paying the ransom without delay.

“Ominously, the increasing use by cybercriminals of sophisticated artificial intelligence tools to improve cryptocurrency returns on ransomware attacks should represent a wake-up call for all organisations,” he warns.

“Financial institutions without skilled and technologically-conversant security personnel are most at risk,” notes Smal, adding that at this moment and without their knowledge, these firms’ defences could be breached and attacks may be imminent.”

He encourages financial firms to take immediate steps to increase the effectiveness of security controls, with an emphasis on email protection. “Phishing and attacks based on social engineering are often aimed at staff members and other internal actors who have detailed knowledge of their institution’s inner workings. In this way hackers are able to expose the soft underbelly of an organisation and exploit its vulnerabilities.

“This strategy also reveals the vulnerabilities of the institution’s partners, associates and clients who become prime targets for double-extortion attacks.”

Smal says breaches typically involve a compromised password, so the implementation of a robust password policy together with secure email gateways is crucial. These measures should be complemented by a thorough identity and access management (IAM) strategy.

“IAM security is an essential element of an overall IT security plan in that it manages digital identities and user access to an organisation’s data, systems and resources.

“The policies, programmes and technologies that are part and parcel of an IAM strategy are able to significantly reduce identity-related access risks.”

Smal adds that for smaller financial institutions, the option of an industry-endorsed third-party managed security services provider (MSSP) is recommended.

“Today, even experienced professionals require constant up-skilling in order to maintain currency with the latest digital technologies and stay ahead of new and evolving cyberthreats.

“A professional MSSP will be geared to support a client’s security personnel, help reduce the vulnerability footprint, simplify management structures and boost the overall effectiveness of existing cybersecurity defences.”