Financial institutions now have available a leading practices guide to improve their operational continuity and reduce risks associated with a destructive cyberattack.
Offered by the Financial Services Information Sharing and Analysis Center, the new publication focuses on the relatively rare but extremely harmful cyber attacks that seek not to just steal data but to cause catastrophic harm to a financial services entity.
Recommendations of group
In summary, the materials provided by a working group comprised of FS-ISAC, the National Institute of Standards and Technology, and other agencies include the following steps:
1. Identify—Gain situational awareness by identifying critical data, backup processes, and systems in the organization that are necessary for essential business functions. This should include where each comes from, where they are located, and where they are used.
Having a thorough knowledge of solution components, training, vectors, detection technology, ongoing risk assessments, monitoring, information sharing, and incident response keeps the enterprise in a continuous state of alert and prepares an organization to take action promptly, the group advises.
2. Protect—From network and endpoint security to system redundancy and backup to reputation management, a variety of controls are necessary for a comprehensive and robust security framework to protect corporate data and personally identifiable information.
3. Detect—Speed is essential in detecting malware when it enters a key environment, understanding the context, determining whether it is destructive in nature, and quickly assessing the full potential impact.
4. Respond—In the event of unauthorized access, the financial institution's computer systems could potentially fail, and confidential information could be compromised. Management must decide how to properly protect information systems and confidential data while also maintaining business continuity.
5. Recover—Financial institutions need to adjust their cyber incident response processes and playbooks to prepare for a destructive malware scenario where there is the potential of catastrophic business impact. They need to update mitigation strategies and align multiple parts of the organization including the executive team, communications teams, customer-facing departments, and business partners.
Using the tools
A destructive cyber attack is a unique threat in that it is both rare and yet potentially catastrophic. Such an attack can present a significant threat to an organization’s daily operations and business continuity; it potentially impacts confidentiality, integrity and availability of data, and can potentially thwart an organization’s ability to recover from an attack.
Bill Nelson, president and CEO, FS-ISAC says: "While destructive attacks are rare, financial institutions of all sizes should be prepared. We recommend that our members review their existing strategies to protect critical assets and have a complete plan for operational recovery to preserve data integrity against this evolving risk.”
Download FS-ISAC’s Reducing Risks Associated With Destructive Malware [executive summary]