Finance ministers from the G20 and Central Bank governors have been briefed on effective practises for cyber-incident response and recovery.
The Financial Stability Board (FSB) sent its report on Effective Practices for Cyber Incident Response and Recovery last week, in advance of a three-month consultation period and an October meeting between the G20 Finance Ministers and Central Bank Governors.
Describing it as a “toolkit of effective practices” that aims to assist financial institutions in their cyber-incident response and recovery activities, it lists 46 effective practices, structured across seven components:
- Governance: frames how cyber-incident and recovery is organized and managed
- Preparation: establishes and maintains capabilities to respond to cyber-incidents and to restore critical functions, processes, activities, systems and data affected by cyber-incidents
- Analysis: ensures effective response and recovery activities, including forensic analysis, and determines the severity, impact and root cause of the cyber-incident to drive appropriate response and recovery activities
- Mitigation: prevents the aggravation of the situation and eradicates cyber-threats in a timely manner to alleviate their impact on business operations and services
- Restoration: repairs and restores systems or assets affected by a cyber-incident to safely resume business-as-usual delivery of impacted services
- Improvement: establishes processes to improve response and recovery capabilities through lessons learned from past cyber-incidents and proactive tools, such as tabletop exercises, tests and drills
- Coordination and communication: coordinates with stakeholders to maintain good cyber-situational awareness and enhances the cyber-resilience of the ecosystem
The FSB acknowledged that “efficient and effective response to and recovery from cyber-incidents by organizations in the financial ecosystem is essential in limiting any related financial stability risks,” and such risks could arise, for example, from interconnected information technology systems between multiple financial institutions or between financial institutions and third-party service providers. Issues are also present from loss of confidence in a major financial institution or group of financial institutions, or from impacts on capital arising from losses due to the incident.
The FSB added: “A major cyber-incident, if not properly contained, could seriously disrupt financial systems, including critical financial infrastructure, leading to broader financial stability implications.”
In an email to Infosecurity, Javvad Malik, security awareness advocate at KnowBe4, said that the list looks like a useful set of guidelines, however, at this time most, if not all, financial organizations are trying to adapt to new working practices, remote workers, and public demands.
“Under such conditions, having a hefty new set of practices will likely not take priority,” he argued. “Upon first glance, while there is nothing wrong with the proposed set of practices, financial organizations are among the most heavily regulated industries, and already have mature security practices due to adopting a multitude of other standards and practices. Even among existing standards and practices there is considerable amount of overlap, so I'm uncertain as to the additional value this will provide.”
A source told Infosecurity that advice to businesses is always taken with a pinch of salt, as target businesses will already have this in place, but often have not tested it.