You are currently viewing Ransomware During COVID and the Need for Proactive Cyber Hygiene

Ransomware During COVID and the Need for Proactive Cyber Hygiene

By Braden Perry, Partner at Kennyhertz Perry, LLC

Earlier this year, the COVID-19 pandemic caused businesses to rapidly deploy a remote workforce, which created new challenges for financial firms to continue operating and providing critical services. It also created an opportunity for malicious actors to hack into and gain access to IT systems and sensitive, personal information that these financial firms maintain.

Among the most dangerous cyber threats is ransomware, malware that encrypts user or system files. The cyber actor then demands a ransom to restore the data through the use of a decryption key. These attacks have escalated since the pandemic began and continue to rise among financial institutions through remote desktop protocol (RDP) vulnerabilities. These attacks have occurred with varying levels of debilitating damage, from affecting various systems to complete shutdown, with the cyber actors generally threatening to release victim data publicly, in addition to leaving systems locked if ransom demands are not met.

If your company is a victim, law enforcement does not encourage paying a ransom to cyber actors. Paying a ransom may embolden adversaries to target other organizations, encourage other criminal actors to engage in ransomware distribution, and fund illicit activities. Also, paying the ransom does not guarantee that the files will be recovered. So, what should a company do? In addition to reporting the event to local law enforcement, the following can potentially alleviate the issue:

  • Having a robust data backup system is the most important layer of defense against ransomware attacks, which are air-gapped, and password protected.
  • Follow the Principle of Least Privilege for Access Control. Each user should have the least privileges needed for their job.
  • Implement endpoint protection solutions such as antivirus and antimalware.
  • Enact multifactor authentication wherever possible.
  • Ensure network segmentation; and
  • Disable RDP and other remoting options except when necessary.

But there are many things a financial institution can do to prevent an infection from occurring in the first place. First, get top-down management buy-in. The commitment of senior management and the effectiveness and tone of their communication to their staff are pivotal to the cybersecurity compliance program’s success. This commitment is shown when management changes their vision and strategic goals and provide the compliance department with the authority to implement, communicate, and improve the compliance policies and procedures. The best policies and practices will fail without the full support from the top. It is also crucial to have direct-line access to the CEO and the organization’s oversight committees. The Chief Information Security Officer (CISO) should be part of senior management, with sufficient resources and staff to oversee and manage the compliance structure. Forward-thinking companies view and treat their compliance department as an asset, not a cost, which is a key to buy-in from the top down.

What CEOs want out of CISOs is the ability to see the forest through the trees. Information Security is increasingly complex. Today, CISOs not only must deal with their trained information security skills but use ever-evolving business skills, including financial management and leadership skills. A CISO needs to understand the organization’s context – and its risk strategy and deal with stakeholders in varying ways depending on the circumstances.

While the global view is an asset from a managing risk perspective, overmanaging risk can also hinder business practices. So, it’s imperative that CISOs can strike the balance of managing risk and procedures while ensuring the business is functioning properly and securely. If the forest becomes too dense to see the trees and the tone at the top (i.e., the CISO) allows the company to become reactive, meaning that they do not anticipate issues but wait for issues to arise and then act or “react.” This leads to short-sightedness, looking at the near-term, and not focused on long-term goals. This is opposed to the “proactive” approach and forward-looking, not only in anticipating issues that might arise but in having clear directions and goals.

Since the emergence of H5N1 in 1996, both industry leaders and government officials have known that an influenza pandemic will occur with a new subtype of influenza capable of efficient person-to-person spread and to which few of the world’s population are immune. They’ve also known that it will be a global pandemic with all countries being effected within a matter of months. Many industry leaders and government officials have prepared for this and outlined detailed responses. It’s evident that some industries and companies are more prepared than others. Those that didn’t prepare or prepare enough and are now caught in a disruptive corporate environment and at the mercy of IT and other tech-related issues as most companies are working remotely. Proactivity will be the new standard, and companies that don’t look forward to risk potential will be massively behind when the next business disruptions arise.

For additional guidance or a risk assessment, seek competent counsel that understands the importance of cybersecurity and identify the weaknesses that could lead to massive business disruption or a complete takeover of your system.

At Kennyhertz Perry, we assist our clients with data security needs, blending traditional legal experience in the corporate and litigation arenas with technical acumen. To learn more about Kennyhertz Perry, LLC, please visit