What Financial Institutions Need to Know About R-SAT

The Ransomware Self-Assessment Tool (R-SAT) was developed by the Bankers’ Electronic Crimes Task Force, state bank regulators and the United States Secret Service in October 2020.

The R-SAT helps financial institutions (no matter the size) assess their level of information security, recognize gaps in that security and, most notably, measure their ability to mitigate the possibility of a ransomware attack. 

As defined by the Cybersecurity and Infrastructure Security Agency, ransomware is “an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable.” When a hacker maliciously encrypts confidential files within a financial institution’s system, what usually occurs is a subsequent monetary demand, and payment must ensue before the perpetrator will release the information back to the institution.

If your organization is victimized by ransomware, you have a number of questions to ask yourself to help determine your response strategy. If you provide the money, for instance, are you certain the information will be released? Will the payment create a bigger target for hackers? If you refuse to pay, will the information be released to the public? For any financial institution, an attack could be decidedly detrimental because of the nature of the information it holds – account numbers, addresses, Social Security numbers, etc. – not to mention the hit on its reputation.

Whether your data is held on-premises or at a third party, recognizing the vulnerabilities in your security practices is crucial in protecting yourself from ransomware. R-SAT can assist and better prepare you to respond. The tool is sectioned into four categories (with 16 questions in total): Identify and Protect, Detect, Respond and Recover. The first section, Identify and Protect, includes a wide range of topics that are crucial to understanding what data a financial institution currently holds, access to the data, and preventive security currently in place. At a high level, subjects include current security controls in place, risk assessments, cyber insurance, location of critical data, vendor access, employee training programs, backup procedures, preventive controls and incident response processes.

The Detection section focuses on determining what monitoring is in place for servers, workstations, networks, endpoints and backup systems, while the Response section follows with the incident response plan. The last section, Recover, focuses on “return to normal” operations procedures, including test plans after the restore, lessons learned processes, and notification procedures to all affected parties. 

Understanding the vulnerabilities in your financial institution’s security processes and procedures is imperative to aid in your protection from ransomware. R-SAT is a strong place to start to help identify gaps in your protection strategy, as well as validate effective security practices. The tool can be found at https://www.csbs.org/ransomware-self-assessment-tool. Additional resources can be found at https://www.cisa.gov/publication/ransomware-guide

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2021 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
Biden Administration Announces First Ever Sanctions Against Cryptocurrency Exchange
Apple Releases Emergency Security Update to Address Critical Spyware Vulnerability
REvil Ransomware Group Resurfaces Over Labor Day Weekend
Google and Microsoft Announce $30B Cybersecurity Investment at White House Summit
Proposed Interagency Guidance on Third-Party Risk Management
COVID-19 Scams Surge with New Variants
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.

×