The Office of Compliance Inspections and Examinations (OCIE) released last Friday a ransomware risk alert. OCIE reports two main issues:
- Threat actors have orchestrated campaigns designed to penetrate financial organization networks to access internal resources and deploy ransomware.
- Increase in sophistication of ransomware attacks on financial organizations.
Previously OCIE released a risk alert highlighting the risks associated with the storage of electronic customer records and information in the network storage solutions. Back then the OCIE alert noted that financial firms do not consistently use security features, and that weak and misconfigured security settings put electronic customer records and information in network storage solutions at risk of unauthorized access.
If you put those two together, it leaves no doubt that a ransomware attack on network storage solutions is a clear and imminent danger. This form of attack may result in huge mass of critical data becoming unavailable and potentially lost, in an extent that we may have never seen before. Given how central data storage systems are, the impact of such an attack could be devastating, shutting down wide range of critical applications and services, effectively crippling the organization.
OCIE shares several observations to assist organizations to enhance preparedness and operational resiliency to address ransomware. Among the listed observations, OCIE noted the following measures:
Operational resiliency. Ensure that critical applications can continue to operate in the event primary systems becomes unavailable, and that off-site immutable data copies exist.
Vulnerability scanning and patch management. Ensure firmware, operating systems and application software are not vulnerable, and that anti-virus and anti-malware solutions are always up to date. Note that in order to address the risks described by OCIE, proactive vulnerability scanning should also be performed for Storage operating systems, Storage firmware and Storage management applications.
Access management. Manage and limit user access including measures such as multifactor authentication, least privileges, strong password policy and other measures. Once more, to mitigate the risks described by OCIE, such measures should be applied and verified also for the network storage solutions.
How we can help:
Seeking to validate and improve operational resilience?
Interested to assess and improve the security posture of your data storage estate?