The Ransomware Self-Assessment Tool (R-SAT) was developed by the Bankers’ Electronic Crimes Task Force, state bank regulators and the United States Secret Service in October 2020.
The R-SAT helps financial institutions (no matter the size) assess their level of information security, recognize gaps in that security and, most notably, measure their ability to mitigate the possibility of a ransomware attack.
As defined by the Cybersecurity and Infrastructure Security Agency, ransomware is “an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable.” When a hacker maliciously encrypts confidential files within a financial institution’s system, what usually occurs is a subsequent monetary demand, and payment must ensue before the perpetrator will release the information back to the institution.
If your organization is victimized by ransomware, you have a number of questions to ask yourself to help determine your response strategy. If you provide the money, for instance, are you certain the information will be released? Will the payment create a bigger target for hackers? If you refuse to pay, will the information be released to the public? For any financial institution, an attack could be decidedly detrimental because of the nature of the information it holds – account numbers, addresses, Social Security numbers, etc. – not to mention the hit on its reputation.
Whether your data is held on-premises or at a third party, recognizing the vulnerabilities in your security practices is crucial in protecting yourself from ransomware. R-SAT can assist and better prepare you to respond. The tool is sectioned into four categories (with 16 questions in total): Identify and Protect, Detect, Respond and Recover. The first section, Identify and Protect, includes a wide range of topics that are crucial to understanding what data a financial institution currently holds, access to the data, and preventive security currently in place. At a high level, subjects include current security controls in place, risk assessments, cyber insurance, location of critical data, vendor access, employee training programs, backup procedures, preventive controls and incident response processes.
The Detection section focuses on determining what monitoring is in place for servers, workstations, networks, endpoints and backup systems, while the Response section follows with the incident response plan. The last section, Recover, focuses on “return to normal” operations procedures, including test plans after the restore, lessons learned processes, and notification procedures to all affected parties.
You’ve heard our thoughts… We’d like to hear yours
The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].
Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.