Mortgage firms “need to understand” key risk

Expert offers tips on how to fight back

Mortgage firms “need to understand” key risk

Earlier this month, some 200 US businesses were hit by a huge ransomware attack when hackers targeted Florida-based IT company, Kaseya.

It was only one of a number of major incidents in July, all thought to have been the work of the same Russia-linked gang - REvil.

The group is also thought to have been behind a $70 million-ransomware operation involving the cryptocurrency, Bitcoin. Victims were told they would be provided with a “universal decryptor” to unlock their files if they agreed to pay up.

Blue Sage Solutions chief security officer Stephen Lineberry is under no illusions about the seriousness of the ongoing threat of cyber criminals.

Speaking to MPA, he gave a stark warning: “This is a very business critical issue and needs to be understood at the highest level in companies - they need to understand the risk.”

Read more: Do you need to operate in the cloud?

Although REvil has since disappeared from the internet, it is not the only criminal gang causing chaos to US firms.

And if you thought the mortgage industry was immune to such attacks, think again.

Two weeks ago, ransomware attackers hit cloud services provider Cloudstar, preventing an indeterminate number of loans from closing.

Lineberry was asked if the mortgage industry was failing to take ransomware threats seriously, and whether it was enough to implement Red Flags rules, obliging all lenders and brokers to include a written identity theft plan to prevent and mitigate such attacks.

Read more: Yes, cyber attacks can affect originators

He said: “I can’t speak for what the industry is doing as a whole, because everyone’s going to be different. I think some are better than others. The ones that I think are probably doing the best are taking a two-pronged approach. One is doing everything you can to prevent (an attack).”

He emphasized the importance of “always encrypting” data and to use high encryption rates and large key spaces to prevent hackers from being successful.

“The higher the encryption rate; the larger the key space; the harder it’s going to be (for hackers to get through),” he said.

He admitted that while firms “would never be able to prevent something entirely”, they could mitigate the worst impacts of a cyberattack by implementing what he called a recovery plan.

“If your countermeasures are circumvented, then the next level is (to ask) what can you do to recover? Are you capable of recovering? And the only way to know that is to have a recovery plan documented, updated and tested,” he stressed.

According to a recent global survey of more than 1,200 tech and cybersecurity firms, 61% of respondents said they had been affected by ransomware attacks in 2020, representing a 21% increase over the previous year.

The attacks caused an average loss of six working days to system downtime. More worryingly, 52% of the victims admitted they had paid their attackers’ ransom demands, but 34% of them never recovered their data.

Lineberry said: “Your key countermeasure is to maintain robust data backups, because that affects a lot of things. A ransomware attack is an attack on the availability, so if you’re not maintaining those backups, and you’re not putting them into a separate place where they need to be, then that is leaving you open to an attack on the availability of data.”

Vast improvements in technology over the last 15-or so years had given firms greater options in response to cyberattacks, but he hinted that no-one could afford to relax.

“Potentially, they can also attack your backup environment…and then you really run out of options at that point, other than recovering from the pain,” he said grimly, while adding that “we certainly don’t want to pay ransoms”.