7. Collaboration and threat sharing
I’ve found that one of our most valuable defenses isn’t a tool, it’s the community. We actively share indicators of compromise (IOCs), phishing lures and suspicious behavior with other financial institutions through FS-ISAC. The intel we get back has helped us block multiple threats early.
We also engage directly with Treasury, DHS and the FBI. In at least one case, intelligence shared during a joint simulation helped us catch a potential intrusion before it escalated. We’re also contributing to broader public-private initiatives, such as the Joint Ransomware Task Force, which aims to dismantle ransomware networks globally. When law enforcement succeeds, we all benefit, and we support these efforts in any way we can.
Building cyber resilience amid a ransomware siege
From my perspective, defending against ransomware in 2025 necessitates a layered, collaborative approach. We structure our entire strategy around five pillars: prevent, detect, contain, recover and collaborate. While threat actors are more sophisticated than ever, I’ve also never seen the financial sector more unified, better resourced or more determined to fight back.
Our goal isn’t just to survive ransomware, but to make paying the ransom unnecessary. That means not only stopping attacks, but also ensuring our systems can recover, our customers can trust us and our regulators see that we’re operating with integrity and foresight.
Ultimately, ransomware has fostered a stronger culture of cyber readiness and cooperation. I’ve seen banks learn from painful incidents, bounce back stronger and then share their lessons freely with others. I’ve seen executive teams take ownership of cybersecurity. And I’ve seen our sector come together, competitors one day, defenders the next, against a common threat.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
