If you were attending the Florida Collectors Association annual conference last week — either in person or virtually — you likely heard Jeremy Mapes discuss the growing problem of ransomware attacks. A company falls victim to a ransomware attack every 14 seconds, according to one data source. To help companies in the financial services industry, the Conference of State Bank Supervisors yesterday released a self-assessment tool to help mitigate ransomware attacks.
The tool is a 16-question test that companies can take to understand how well they are managing their risks and where gaps in their information security protocols may exist and need addressing.
The test asks questions like understanding the location of a company’s critical data and whether that data is managed in-house or by an outside third party and which preventive controls — such as disabling browser plugins — have been put into place by the company.
State regulators developed the self-assessment tool in conjunction with the U.S. Secret Service and the Bankers Electronic Crimes Task Force, which is composed of financial institution CEOs, law enforcement, state bank regulators and other industry stakeholders.
“Ransomware is a major threat to the financial services industry,” said Texas Banking Commissioner Charles G. Cooper, who leads the Bankers’ Electronic Crimes Task Force on this effort. “State regulators are offering this tool because the rapid advancements in ransomware and potentially devastating consequences require financial institutions to be vigilant. There is no single measure to prevent ransomware attacks. It requires strong adherence to fundamental cybersecurity controls.”
A ransomware attack occurs when hackers gain control of a victim’s data and threaten to publish it or permanently block the victim’s access to the data unless a ransom is paid. Just yesterday, the city of Mt. Pleasant, Mich., announced it had fallen victim to a ransomware attack.
The number of ransomware attacks increased 41% in 2019 from 2018, according to a published report. The number of ransomware attacks that start with phishing emails has more than doubled in the past two years.