X

SIFMA Provides Recommendations to Strengthen Cybersecurity

SIFMA offered recommendations to strengthen financial institution defenses against cyberattacks based on a biennial cybersecurity exercise that included over 900 representatives from 240 public and private financial firms, central banks, regulators and law enforcement entities. The goal of the exercise was to allow participants to rehearse incident response mechanisms against a broad range of simulated ransomware attacks.

The summary results contained in the "Quantum Dawn VI After Action Report" showed that most financial institutions (i) have integrated ransomware recovery plans or "incident response procedures" into their crisis planning; (ii) have exercised those plans; (iii) have critical data recovery abilities; (iv) have some form of cyber insurance; and (v) have the ability to “bare-metal restore” business functions in the event of a cyberattack.

Based on the results of the exercise, SIFMA recommended that financial institutions:

  • continue to make investments in ransomware recovery and cyber, business continuity and information technology incident response plans and strengthen them;
  • incorporate alternative communications channels in the event that a regulatory agency faces a ransomware attack;
  • have executives carefully consider the possibility that paying a ransom may still not allow for the recovery of compromised data and that “SIFMA does not recommend paying a ransom”;
  • join SIFMA’s Global Directory of critical stakeholders, which was created to identify public and private sector organizations and key contacts that play a role in crisis management and global information sharing; and
  • follow best practices including (i) requiring multifactor authentication "everywhere"; (ii) deploying Identity Governance and Administration systems to “detect backdoor accounts”; (iii) using advanced defense mechanisms for administration accounts; (iv) incorporating the ability to search within the IT environment for possible security incidents; and (v) developing proactive threat hunting capabilities.

SIFMA concluded that “[f]irms should continually test their crisis management, incident response and data recovery plans to ensure rapid response and recovery from ransomware or other types of cyberattacks.”

Primary Sources

  1. SIFMA Press Release: Financial Sector's Global Cybersecurity Readiness Exercised by Quantum Dawn VI
  2. SIFMA After-Action Report: Quantum Dawn VI

Tags

Regulated Activities
Data Protection / Cybersecurity
Sub-Activity
Cybersecurity
Body of Law
Banking Law Securities Law
Jurisdiction
Global
Organization
Trade / Industry Associations
Sub-Author
SIFMA