What Financial Institutions Need to Know About R-SAT

The Ransomware Self-Assessment Tool (R-SAT) was developed by the Bankers’ Electronic Crimes Task Force, state bank regulators and the United States Secret Service in October 2020.

The R-SAT helps financial institutions (no matter the size) assess their level of information security, recognize gaps in that security and, most notably, measure their ability to mitigate the possibility of a ransomware attack. 

As defined by the Cybersecurity and Infrastructure Security Agency, ransomware is “an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable.” When a hacker maliciously encrypts confidential files within a financial institution’s system, what usually occurs is a subsequent monetary demand, and payment must ensue before the perpetrator will release the information back to the institution.

If your organization is victimized by ransomware, you have a number of questions to ask yourself to help determine your response strategy. If you provide the money, for instance, are you certain the information will be released? Will the payment create a bigger target for hackers? If you refuse to pay, will the information be released to the public? For any financial institution, an attack could be decidedly detrimental because of the nature of the information it holds – account numbers, addresses, Social Security numbers, etc. – not to mention the hit on its reputation.

Whether your data is held on-premises or at a third party, recognizing the vulnerabilities in your security practices is crucial in protecting yourself from ransomware. R-SAT can assist and better prepare you to respond. The tool is sectioned into four categories (with 16 questions in total): Identify and Protect, Detect, Respond and Recover. The first section, Identify and Protect, includes a wide range of topics that are crucial to understanding what data a financial institution currently holds, access to the data, and preventive security currently in place. At a high level, subjects include current security controls in place, risk assessments, cyber insurance, location of critical data, vendor access, employee training programs, backup procedures, preventive controls and incident response processes.

The Detection section focuses on determining what monitoring is in place for servers, workstations, networks, endpoints and backup systems, while the Response section follows with the incident response plan. The last section, Recover, focuses on “return to normal” operations procedures, including test plans after the restore, lessons learned processes, and notification procedures to all affected parties. 

Understanding the vulnerabilities in your financial institution’s security processes and procedures is imperative to aid in your protection from ransomware. R-SAT is a strong place to start to help identify gaps in your protection strategy, as well as validate effective security practices. The tool can be found at https://www.csbs.org/ransomware-self-assessment-tool. Additional resources can be found at https://www.cisa.gov/publication/ransomware-guide.