"But as we saw with SolarWinds, the government itself is not immune to compromise."
If Russian hackers were able to infiltrate critical federal government agencies through the SolarWinds attack, nothing is completely safe from cyber threats.'Blind spots'Although big banks are believed to have strong defenses, security experts and industry officials fear hackers could infiltrate the industry through third parties with lax security.Brendan Conlon, who worked at the National Security Agency for over a decade, said that while big banks "practice good cyber hygiene," the consultants, law firms, contractors and vendors they rely on may not and could be vulnerable to ransomware."These institutions are likely to have blind spots in their critical supply chain," said Conlon, who is now vice chairman of cybersecurity firm BlueVoyant.Now they need to acknowledge the risk that their less secure vendors are presenting to their business."
The Financial Service Information Sharing and Analysis Center (FS-ISAC), the authority for cyber threats facing the industry, is aware of this threat."Institutions with robust cybersecurity programs are well positioned to prevent ransomware attacks on their own networks but the risk to be impacted by third-party suppliers is increasing," FS-ISAC CEO Steven Silberstein told CNN Business in a statement.Silberstein also noted that ransomware operators have "grown and matured in sophistication, making it an area of concern." The financial industry is a large target for many different groups -- from organized criminals seeking to steal money to politically motivated groups attempting to make a statement.In its annual report, Nasdaq (NDAQ) said potential threats include attacks from foreign governments, hacktivists, insiders and criminal organizations.Danny Jenkins, CEO of cybersecurity firm ThreatLocker, told CNN Business that banks get hit with attempted ransomware attacks "nearly everyday" but they're mitigated."The likelihood of seeing a major bank go completely offline is small but not impossible," he said, adding there is "much higher probability" that ATM networks or major branches get disrupted.To keep up with the bad guys, he urged banks to rely more on cyber defenses powered by artificial intelligence."As a threat hunter, I hate saying that because it puts guys like me out of a job," he said.Prudhomme, the IntSights executive, described it as a "constant cat-and-mouse game" between companies and hackers."Just when you develop a new defense and you think you're squared away," he said, "some actor will find a way to circumvent it."