Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Technology > Multi-Tiering to Negate the Heightened Risk from Cyber-Attacks

Multi-Tiering to Negate the Heightened Risk from Cyber-Attacks

Published by Jessica Weisman-Pitts

Posted on April 22, 2022

4 min read

Last updated: January 20, 2026

Cybersecurity concept illustrating multi-tiered data protection strategies - Global Banking & Finance Review — An illustration depicting a multi-tiered approach to cybersecurity, emphasizing its importance for banks facing increased cyber-attack risks due to geopolitical tensions. This image supports the article's focus on protecting financial data.

By Marco Fanizzi, SVP and GM, Commvault International, talks about the heightened threat from cyber-attacks as a result of sanctions for Russia, and how a multi-tiered approach to security is essential to protect data.

Both the US and UK Governments have warned banks and financial institutions to be on high alert for Russian reprisal attacks, as a result of increasingly tight sanctions. Russia’s largest banks have been excluded from Swift as a result of the continued invasion of Ukraine and Hydra, the Russian dark web marketplace for cybercriminals, has had its servers seized by German authorities.

Cyber experts and heads of state are both warning that we are about to see an explosion of financially-motivated cyber-attacks from Russia as the economy increasingly struggles with the impact of sanctions. “The global threat of cybercrime and ransomware that originates in Russia, and the ability of criminal leaders to operate there with impunity, is deeply concerning to the United States,” said Janet Yellen, Treasury Secretary, in the Financial Times.

The risk from ransomware won’t be new to anyone in banking – or many other sectors. Attacks regularly cause denial of service or interrupt critical infrastructure and services like hospitals, energy, and food supply chains. However, a more co-ordinated, state-sponsored approach is now expected. Sophisticated gangs of highly skilled cyber professionals, employed for a state-backed purpose.

So, what should global financial institutions be doing to ensure they have a comprehensive cyber strategy in place?

Tiers provide the strongest defences

Ransomware attacks do not discriminate across borders, size of institution, or by sector. A multi-tiered approach will provide the strongest protection and bolster defences against newly released cyber threats. The National Institute of Standards and Technology’s (NIST) five step approach should be at the core of any cybersecurity policy:

1 – Identify

Identifying data assists in developing an organisational understanding to managing cybersecurity risk to systems, people, assets, data, and capabilities. Understanding exactly what data you hold and where it is stored is key to protecting it.

2 – Protect

Put in place safeguards to ensure delivery of critical infrastructure services. By correctly identifying key data when designing the architecture and cost model, you will put in place stronger protections for it in the long-term. Unfortunately, many organisations use technology from different providers that does not integrate or identify key data. If you use a single, integrated solution, it will enable stronger protection. Then, if a ransomware attack is launched, data shouldn’t slip through the cracks.

3 – Detect

Being able to detect inappropriate activities will increase the chances of identifying a cyber-attack. Detecting a vulnerability early enough limits the havoc it can wreak. Continuous monitoring capabilities will help verify threats and measure the effectiveness of protection.

4 – Respond

Once detected, response planning processes need to be executed both during and after an incident. This is critical to be able to contain the impact of a breach. Managing communications with stakeholders is important, along with forensic analysis to understand what has happened and stop the problem growing. It is only from understanding this that the organisation will eventually be able to learn what went wrong, and avoid a repeat situation in the future.

5 – Recover

Banks and financial institutions that stay calm and have rehearsed plans, recover their systems fastest. Since the start of the pandemic, many institutions have turned to cloud-based solutions to better support hybrid working for their teams. This does give an additional layer of backup for recovering lost data. Datasets can be returned to a safe environment without having to physically check each dataset is clean.

Where is this heading?

Currently, no-one knows truly if, how, or when businesses will start to feel the heat from Russia’s cyber teams. We especially don’t know where the focus would be. What is clear though, is that it hasn’t happened to date. We are seeing moderate attacks, like the Wiper threat against Ukrainian banks, that was designed to destabilise and disrupt, but thankfully, nothing significantly debilitating has been targeted at global banking.