Community
The past year was the worst on record for ransomware attacks around the globe.
In the past year, ransomware attacks were the worst on record due to an estimated 92% year-on-year global increase. Criminals made off with more than $1 billion in cryptocurrency payments from victims and left a trail of destruction in their wake. This is why ransomware preparedness - and more specifically “tabletop” simulation exercises - are more critical than ever, especially where customer data, business continuity and the very integrity of national payment systems are at stake, according to a top financial services cybersecurity expert.
A Global Response to Ransomware
“Any industry with the duty to protect sensitive customer data should follow global and local guidance on ransomware. The stakes are particularly high for financial services and banking-as-a-service (BaaS) providers who are integral to the national payment system. This is why, in addition to following important guidelines, we must make prevention a very practical and regular real-life internal exercise. This can be done by running annual “Tabletop Ransomware Simulation” exercises,” says Dirk Labuschagne, Chief Information Security Officer at Direct Transact.
Labuschagne says Tabletop Ransomware Exercises are essential for three reasons:
1. Tabletop Exercises are a dress rehearsal for real ransomware attacks
“Structured simulations allow organisations to rehearse their response to get a clear view of how to react to an attack. A well-executed tabletop exercise helps organisations test and refine incident response plans, improve communication between departments, and develop a more coordinated and efficient response.
“Simulations could begin with phishing emails that lead to a network breach or direct attacks on the organisation’s customer data or operational systems. It's crucial to simulate real-time decision-making, test response and recovery protocols, and evaluate containment strategies from every possible angle.”
2. Ransomware response exercises involve all key departments
“Don’t isolate cybersecurity exercises to the IT team - attacks affect every department. In financial institutions like ours, where both customer trust and regulatory compliance are critical, simulations ensure that all departments know their roles during an attack.”
During a ransomware attack, he says IT must handle the technical aspects of containment and recovery, Legal needs to ensure compliance with notification laws and regulations, Compliance should focus on notifying law enforcement, compliance authorities and monitoring service level agreements (SLAs), Operations should focus on maintaining business continuity, Back Office must secure transactional data, Marketing and PR should manage external communication and reputational crisis management, and the executive team should work with highly skilled ransomware negotiators while managing high-level stakeholder engagements.
“By working as a team, organisations can create a comprehensive mitigation strategy. This is particularly important in BaaS, where continuous service availability and customer data security are non-negotiable. Maintaining the integrity of transactional data during recovery minimises operational disruption and restores trust,” says Labuschagne.
3. Ransomware exercises go beyond containment and also focus on recovery and resilience
Tabletop Ransomware Exercises should not stop at the point of containment. “A major part of ransomware resilience is recovery. A simulation should test your backup and data restoration capabilities, and provide a comprehensive systems review to see where the chinks in the armour are.”
“After the simulation, it's essential to conduct a post-mortem analysis to assess performance, identify gaps, and make improvements. Regular tabletop exercises help teams stay sharp against rapidly evolving threats.”
Conclusion: Prepare for the inevitable
“It’s time for all organisations in this space to become more prepared so that we can mount a collective response to the growing ransomware crisis,” says Labuschagne.
“We’ve learnt that it is possible to build a holistic defence and resilience strategy. We want to encourage other financial services organisations to do the same, so that we can together ensure greater cybersecurity in our shared networks, economies and national payment systems in the face of skyrocketing ransomware statistics. Don’t wait - run simulations now so that we can be better prepared together against this growing threat.”
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Seth Perlman Global Head of Product at i2c Inc.
18 November
Dmytro Spilka Director and Founder at Solvid, Coinprompter
15 November
Kyrylo Reitor Chief Marketing Officer at International Fintech Business
Francesco Fulcoli Chief Compliance and Risk Officer at Flagstone
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.