6 Ways to Help Your Financial Institution Dodge the Ransomware Bullet

If you thought the majority of cybercriminals were nobly motivated by sticking it to the Man or getting back at a “deserving” boss or coworker, you couldn’t be more wrong. In recent years, as many as 89 percent of data breaches were motivated by cold, hard cash.

Yes, cybercriminals see dollar signs everywhere they look, which means they go where the money is: banks. As a prime target, financial institutions suffer day in and day out from denial-of-service attacks, card skimmers, privilege misuse, ransomware, web applications, and more.

Although backup and disaster recovery plans are important, giving your workforce the right security skills should be priority numero uno.

Ransomware 101

Ransomware attacks cost businesses an estimated $11.5 billion annually, and they’re one of the most common ways cybercriminals attack financial institutions. Ransomware is easy to deploy and incredibly effective, which is why even the most amateur of criminals can make a cyberattack happen in a matter of minutes with easy-to-find off-the-shelf toolkits.

Typically spread through phishing emails with malicious attachments, ransomware can also land on a device after a cybercriminal lures an unsuspecting person into visiting an infected website by clicking on what appears to be a legitimate link.

It takes just one click for malware to be downloaded and installed on a device without the user’s knowledge. Suddenly, a ransom letter that would make your fourth-grade teacher wanna cry (bazinga!) appears in a pop-up with the cybercriminal promising to free up your device—and any stolen data—once the ransom is paid. Usually, the request for payment comes through an impossible-to-trace cryptocurrency.

Until the user pays the ransom, their data, computer, livelihood, and reputation are held hostage. Most of the time, even if you do pay, the data disappears. In fact, only 19 percent of companies that pay the ransom ever see their data again, so it’s just not worth it.

They’re Following the Money

Cybercriminals love money—sorry, banks, you’re a top target. Year after year, financial motives drive cybercriminals. In 2018 alone, 76 percent of data breaches were financially motivated.

In 2017, the number of unique mobile banking malware samples rose by 94 percent from the year prior, according to cybersecurity firm Trend Micro. With 2 billion mobile banking transactions happening every day—yikes. Also in 2017, banks suffered nearly 1,000 web application attacks per day, according to enterprise security firm Positive Technologies.

This financial services company decided to improve their security awareness  training>>

These growing threats have banks hiring more IT professionals and dishing out hundreds of millions of dollars on the shiniest, newest cybersecurity technology. But are more warm bodies and bells-and-whistles apps the solution?

According to a Verizon survey, system admins are the top internal actors responsible for breaches 25.9 percent of the time, so bringing more people in probably isn’t the solution. Yes, the more lines of defense you have, the better, but there’s a better way, people!

Pro Tips

Empower your workforce with the right security habits so ransomware can’t find a way in with these pro tips.


Although some data breaches take months to discover, many take a year or more to uncover. Seriously? Your customers, employees, and brand deserve better. Pop on reporting buttons and make sure your workers know how to report phishing scams and other security breaches ASAP so you don’t get caught up in a delayed data breach scandal.

Reinforce with tech

You can help your organization avoid costly, embarrassing data loss using any of a dozen free backup solutions, and make sure your workers have anti-malware software installed.


Turning on two-factor authentication can be a simple way to reinforce security. This is especially true when a mind-blowing 81 percent of data breaches involve weak, default, or stolen passwords being cracked, allowing cybercriminals in. If you’re not sure where to start, TurnOn2FA.com is a great place to start—this site gives you step-by-step instructions on how to turn 2FA on for pretty much every site you’re already using.

Slow down

This may seem pretty basic, but encouraging your employees to slow down and actually spend just four minutes thinking about what they’re doing/reading/clicking can make all the difference. How, you ask?

According to Verizon's Data Breach Investigations Report, 13 percent of people clicked on a phishing attachment within an average of just 1 minute, 40 seconds and then clicked on an attachment in that phishing email within 3 minutes, 45 seconds.

Those four minutes could be the difference between business as usual and Steve clicking on that urgent email from the CEO asking for a quick wire and the resulting fraudulent payout.

Security culture

Most ransomware attacks happen when a person clicks on a bad link or visits a fake website. Train and empower your workforce, and you’ll build a culture of security where good passwords and public Wi-Fi habits are second nature.

Secure your networks

Strengthen your password policies and security protocols. Cybercriminals love vulnerabilities—don’t let them find a reason to love you.

Don’t let cybercriminals look your way and see giant piles of cash. Request a consultation with our crack team of security awareness experts today.

Humor in financial services security awareness training? Trust us, it works! See for yourself>>