Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Technology

You will get hit by ransomware. Here’s how to ensure business continuity

iStock 1199291222 - Global Banking | Finance

You will get hit by ransomware. Here’s how to ensure business continuity

Picture142624 - Global Banking | FinanceBy Paul Robichaux, Senior Director of Product Management at Keepit

Banking and finance industry must brace for strict regulations – DORA is coming, and the impact is global.

In today’s digital landscape, it’s not a question of if your business will get hit by ransomware, but when. The rate, scope, and complexity of ransomware attacks have all increased significantly over the last two years, posing a significant and growing threat to organizations of all sizes across industries. The key to mitigating this threat lies in how well-prepared you are to bounce back when the inevitable happens.

According to a 2023 Total Economic Impact study conducted by Forrester Consulting and commissioned by Keepit, three-quarters of security decision-makers reported experiencing a breach in the last 12 months. This highlights how pervasive ransomware attacks are now, and it underscores the urgent need for robust mitigation strategies. The study emphasizes that while backups are the best insurance policy against an attack, their effectiveness hinges on being part of a well-planned and tested backup and recovery process.

What can you do to mitigate impact?

So, what steps can organizations take today to prepare for and mitigate the impact of future ransomware attacks?

First and foremost, ensure that your disaster recovery measures are in place and that business continuity is secured. This involves mapping out your critical systems and data and identifying tier-one users who need quick restoration of access in the event of an attack. Prioritize which data are crucial for resuming your normal business operations, and ensure that your backup and recovery processes are regularly tested to validate their effectiveness.

In the realm of banking and finance, additional considerations come into play. With the implementation of the Digital Operational Resilience Act (DORA) in the European Union, financial institutions around the world are facing heightened scrutiny and regulatory requirements regarding cybersecurity practices. DORA mandates improvements in incident response capabilities, placing a greater emphasis on the need for resilient backup and recovery solutions.

DORA: From the EU with love…

DORA’s impact isn’t limited to European organizations. Its require banking and finance companies doing business in the EU and companies that do business with them to meet the requirements. That means, for example, that a US organization supplying technology and communication services to improve cybersecurity at a European financial institution may have to meet the DORA regulations. Incident response, disaster recovery, and even seemingly boring back-office technology services like voice networking or print and copy management, may fall under DORA’s umbrella.

Failure to comply with DORA can result in severe penalties, including fines of up to 2% of an entity’s total annual worldwide revenues. Therefore, it’s imperative for financial firms operating in the EU, as well as their technology suppliers, to align their backup and recovery policies with the requirements outlined in DORA.

Must-haves: Segregated backup and granular recovery

Choosing backup and recovery technology that is in compliance with DORA’s requirements for backup and recovery policies, procedures, and methods is critical. The technology should align closely with the core requirements of DORA. For example, article 12.3 says that “when restoring backup data using own systems, financial entities shall use ICT systems that are physically and logically segregated from the source ICT system. The ICT systems shall be securely protected from any unauthorised access or ICT corruption and allow for the timely restoration of services making use of data and system backups as necessary.”

By using segregated backup systems that are securely protected from unauthorized access; by storing backup data in two separate, mirrored locations; and by maintaining full control over the technology stack, organizations can ensure the integrity and availability of critical data in the event of an attack.

Additionally, the granular data recovery capabilities provided by compliant backup and recovery solutions enable organizations to retrieve lost or compromised data quickly and easily, minimizing downtime and disruption to business operations. With the assurance of tamper-proof data integrity delivered through blockchain algorithms, compliant solutions offer a comprehensive approach to safeguarding against the impact of ransomware attacks.

And plenty of acronyms in the UK and US too: FCA, PRA, CISA and SEC

While the EU are often regarded as the frontrunner when it comes to regulations aimed at bolster cyber resilience, the UK and US are of course establishing their own regulations and setting down guidelines for specific industries.

In the UK “the FCA and PRA describe operational resilience as the ability of firms and the financial sector as a whole to prevent, adapt, respond to, recover and learn from operational disruptions and, accordingly, look beyond the technological aspect.” (White & Case Attorneys).

US banking regulators are in the game, too. The US Federal Reserve has spearheaded the issuance of ”Sound practices to strengthen operational resilience” as guidance, and the US Cybersecurity and Infrastructure Security Agency (CISA) have their own recommendations. Publicly traded companies fall under the guidelines issued by the Securities and Exchange Commission (SEC). Even individual states, such as New York and California, are expected to issue their own regulatory requirements.  Most of these regulatory regimes have a lot of overlap with the core requirements of DORA: “have a backup, using a technology that provides isolated and tamper-proof backups, and be prepared to use it when necessary.”

While the threat of ransomware looms large, it’s not insurmountable. By proactively taking measures such as choosing robust backup and recovery solutions that adhere to regulatory frameworks like DORA, organizations can significantly lower downtime and mitigate the impact of attacks, ensuring business continuity in an increasingly volatile digital landscape.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post