Keep up to date with the trending topics
from our industry experts

4 rules of engagement: Negotiating with hackers after a cyberattack

Written by Dan O’Hara

Tuesday, 7 May, 2024

Webinar: This is your Microsoft Copilot speaking, we’re ready for financial services take off

On demand

Learn how this powerful AI tool can help you create, analyse and communicate better with your data.

Microsoft Copilot Webinar

A guide for financial services firms to protect their data and reputation from cyberattacks

Cybersecurity is a top priority for financial services firms, as they face increasing threats from hackers who seek to steal, damage, or disrupt their data and systems. Hackers can cause significant financial losses, reputational damage, regulatory fines, and legal liabilities for financial services firms.

Prevent and detect ransomware

One of the most common and devastating types of cyberattacks is ransomware, which involves encrypting the data or systems of the victim and demanding payment to restore access. Ransomware can cripple the operations of financial services firms, as they may lose access to critical information, transactions, or services. Moreover, ransomware can also expose the firms to other risks, such as data breach, extortion, or legal action, if the hackers threaten to release or sell the data to third parties. Therefore, financial services firms should take proactive measures to prevent and detect ransomware attacks, as well as prepare contingency plans in case they are targeted.

Negotiating after a ransomware attack

Sometimes, despite the best efforts and precautions, financial services firms may fall victim to a cyberattack and find themselves in a situation where they have to negotiate with hackers. This can be a stressful and challenging scenario, as hackers may demand a high ransom, threaten to expose or destroy the data or impose a tight deadline. However, there are some strategies that can help financial services firms negotiate with hackers and minimise the impact of the attack. These include:

  1. Engage a professional negotiator: Negotiating with hackers can be a complex and risky process, requiring specialised skills and experience. Financial services firms should consider engaging a professional negotiator who can communicate with the hackers, assess the situation, and advise on the best course of action. A professional negotiator can also help to establish trust, rapport, and credibility with the hackers, as well as leverage psychological techniques to influence their behaviour and decision-making.
  2. Get help from the police, regulators and cyber experts: Financial services firms should also consult with law enforcement and cyber experts in the negotiation process, as they can offer valuable help and support. Regulators should be informed of the situation and your strategy. Law enforcement can help to trace and identify the hackers, collect evidence, and pursue legal action. Cyber experts can help to investigate the attack, assess the scope of the damage, and recover the data and systems. Law enforcement and cyber experts can also cooperate to check the reliability and validity of the hackers’ claims and demands, as well as the possibility and security of the payment and decryption methods.
  3. Evaluate the options and risks: Financial services firms should carefully evaluate the options and risks involved in the negotiation process, and weigh the pros and cons of each. For example, paying a ransom may seem like a quick and easy way to resolve the situation, but it may also encourage future attacks, fund criminal activities, and not guarantee the recovery of the data. On the other hand, refusing to pay the ransom may lead to the loss or exposure of the data, as well as legal and regulatory consequences. Financial services firms should also consider the impact of the negotiation on their reputation, customer trust, and stakeholder confidence.
  4. Seek a mutually acceptable outcome: Financial services firms should aim to seek a mutually acceptable outcome that satisfies both parties and resolves the situation. This may involve making a counteroffer, requesting proof of life, extending the deadline, or agreeing on a partial payment or decryption. Financial services firms should also document the negotiation process and the agreed terms, and keep a record of the communication and evidence. However, financial services firms should also be prepared to walk away from the negotiation if the hackers are unreasonable, uncooperative, or untrustworthy.

Should you even negotiate?

Depending on the jurisdiction and the nature of the attack, negotiating with cybercriminals may violate the law or the ethical standards of the financial services industry. For example, some countries have sanctions or prohibitions against paying ransoms to certain groups or individuals. Moreover, negotiating with cyber criminals may be seen as endorsing or legitimising their unlawful activities, which may damage the reputation and credibility of the financial services firm.

There is no guarantee that the cybercriminals will honour their promise and decrypt the data after receiving the ransom. In some cases, the hackers may demand more money, delete or leak the data, or provide faulty decryption keys. Additionally, the encrypted data may be corrupted or damaged during the attack, making it impossible to restore even with the decryption keys. Therefore, negotiating with cybercriminals may not only be futile but also costly and risky.

By negotiating with cybercriminals, financial services firms may signal their willingness to pay and their lack of preparedness, which may attract more attacks in the future. Furthermore, paying the ransom may not prevent the hackers from exploiting the same or new vulnerabilities in the systems or networks of the financial services firm. Therefore, negotiating with cybercriminals may create a false sense of security and a cycle of dependency, rather than a lasting solution.

Tipping the balance of power

Negotiating with hackers is not the only way to deal with a cyberattack. Financial services firms can also take proactive and preventive measures to win against hackers and protect their data and systems from future attacks. These include:

  • Implement a robust cybersecurity framework: Financial services firms should implement a robust cybersecurity framework that covers the policies, procedures, and practices for identifying, protecting, detecting, responding, and recovering from cyber threats. The cybersecurity framework should align with the industry standards and best practices, such as ISO 27001, NIST, and CIS. The cybersecurity framework should also be regularly reviewed and updated to reflect the changing threat landscape and business needs.
  • Invest in advanced security tools and solutions: Financial services firms should invest in advanced security tools and solutions that can provide comprehensive and multi-layered protection for their data and systems. These include antivirus, firewall, encryption, backup, endpoint protection, network monitoring, threat intelligence, and incident response. Financial services firms should also leverage the cloud and AI technologies to enhance their security capabilities and scalability.
  • Educate and train the staff: Financial services firms should educate and train their staff on the importance of cybersecurity and the best practices for preventing and responding to cyberattacks. Staff should be aware of the common types and signs of cyberattacks, such as ransomware, phishing, DDoS, and BEC, and how to avoid or report them. Staff should also be familiar with the security policies and procedures of the organisation, and follow them accordingly. Staff should also use strong passwords, avoid using public Wi-Fi, and update their software and devices regularly.
  • Conduct regular audits and tests: Financial services firms should conduct regular audits and tests to assess their security posture and readiness, and identify any gaps or weaknesses. Audits and tests can include vulnerability scans, penetration tests, risk assessments, and compliance checks. Audits and tests can also help to measure the effectiveness and performance of the security tools and solutions and provide feedback and recommendations for improvement.

Cybersecurity is a vital and ongoing challenge for financial services firms, as they face constant and evolving threats from hackers who seek to exploit their data and systems. Firms should be prepared to negotiate with hackers in the event of a cyberattack and seek professional, legal, and technical assistance and support.

However, financial services firms should also take proactive and preventive measures to win against hackers and protect their data and systems from future attacks. By implementing a robust cybersecurity framework, investing in advanced security tools and solutions, educating and training the staff, and conducting regular audits and tests, financial services firms can enhance their security resilience and confidence, and safeguard their reputation and trust.

Speak to a Lanware security expert about enhancing your security resilience today

Our services

Our 4 pillars for a complete choice of managed IT services - all tailored to the needs of financial services firms in London and the UK.

Finance Forward 365 - Microsoft 365 cloud services supported by experts

Finance Forward 365

Microsoft modern workplace & cloud technology for digital transformation.

Compliant Teams -  Microsoft Teams phone system with call recording and archiving

Compliant Teams

Increased productivity & collaboration with call recording whilst reducing costs.
Cyber security solutions for financial services

Cyber Security

Keep your data secured against rapidly changing threats within Financial Services.

Responsive IT managed services for financial services

Power BI

Business Intelligence transformation and support tailored for Financial Services.

Follow us:

Pin It on Pinterest

Share This