The latest edition of Sophos’s survey on ransomware in the financial service industry has revealed a rise in the rate of attacks from 55% in 2022 report to 64% in this year’s study – almost double the 34% reported by the sector in the 2021 report. Although the sector experienced an increased attack rate, it was below the cross-sector average of 66%.
► While number of attacks is rising finance is less targeted than average
► More investment in defences likely to be deterrent for cybercriminals
A massive 81% of financial organisations stated that their data was encrypted – up from 54% in 2022. Over one in ten attacks (14%) were stopped before the data was encrypted by the perpetrators. In 25% of attacks where data was encrypted, it was also stolen, suggesting that this ‘double dip method (of encryption and exfiltration) is becoming commonplace.
Exploited vulnerabilities (40%) and compromised credentials (23%) were the two most common root causes of the most significant ransomware attacks in financial services. Malicious or phishing emails were the root cause of 33% of attacks.
While 98% of surveyed firms got their encrypted data back, 43% paid a ransom – this is down from 52% in 2022. More than two thirds, 69% made use of backups for recovery – up from 66% the year before.
However, the proportion of financial services organisations paying higher ransoms increased, with almost 39% paying a $1 million or more in 2023 study, compared to just 5% the year before. At the same time, the percentage of organisations that paid less than $100,000 remained in line with last year’s report, at around 40%.
Mitigating the ransomware risk
Sophos recommends the following best practices to help defend against ransomware and other cyberattacks:
- Strengthen defensive shields, including:
- Security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and Zero Trust Network Access (ZTNA) to thwart the abuse of compromised credentials
- Adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond
- 24/7 threat detection, investigation and response, whether delivered in-house or by a specialist Managed Detection and Response (MDR) provider
- Optimise attack preparation, including making regular backups, practicing recovering data from backups, and maintaining an up-to-date incident response plan
- Maintain good security hygiene, including timely patching and regularly reviewing security tool configurations
The State of Ransomware in Financial Services 2023 is based on a survey of 336 IT/cybersecurity professionals across 14 countries. It was vendor-agnostic and the organisations taking part had between 100 and 5,000 employees, and revenue ranging from less than $10 million to more than $5 billion.
You can request the full report here.
If you have any questions about cybersecurity – or want to know how the TD SYNNEX team can support you on Sophos, please click below to contact our Security Solutions team.
Read more of our latest Security stories
