How to Survive a Severe Cyber Outage

Most financial organizations have mature disaster recovery (DR) and business continuity (BC) plans, yet they are still unlikely to survive a devastating cyber-attack that wipes out all operational systems and data.

This is an issue that US financial regulators and a broad collection of leading financial institutions recognized back in 2015. Which led to the creation of Sheltered Harbor, the leading financial services standard setting and certification organization that enhances resilience and response to a cyber event in the global financial system.

These leading financial institutions determined that it is possible to survive a devastating cyber attack, however, it is only likely with comprehensive preparations that fit neatly into existing resilience practices in BC and DR. The FFIEC updated its manuals to reflect these.

One of the benefits of preparing for the worst is that you also prepare for less severe cyber attacks. For example, in its Ransomware Guide, CISA’s first mitigation step is to

“Maintain offline, encrypted backups of critical data.”

Implementing Sheltered Harbor’s defined set of standards ensures just that. Meaning that your critical data will still be available, even if a catastrophic “zero day” attack, data corruption, or data deletion event occurs, causing critical systems, including backups, to fail.

With secure, immutable data, you’ll be able to provide essential services to customers within 24-36 hours, providing a lifeline to survival, while you re-establish normal operations.

Planning for survival

Effectively securing customer data and ensuring asset accessibility is crucial for surviving severe cyber incidents. To achieve this, your organization needs a resilience plan. Validate and train staff on the plan, educate customers and stakeholders on expectations, and regularly rehearse and update it as your business evolves. Your plan should include:

  1. A focused scope of essential business services.
  2. A clear understanding of the data needed for critical service delivery.
  3. Playbooks for prompt recovery and service delivery, separate from BC and DR plans.
  4. A method to regularly demonstrate preparedness for severe outages.

Has your organization…

  • Designated a person or team to prepare to quickly deliver your most critical services to your customers in a very short timeframe in response to a crippling cyber outage?
  • Defined, tested, and rehearsed your plan regularly?
  • Trained your staff who are supporting customer operations on what to do before, during, and after such a devastating event?
  • Provided all your stakeholders clear, independently validated evidence of yourability to survive such an attack?

For your internal discussion…

  • Are you confident that you’ve distinguished how your organization will handle a severe outage, where your DR plans may take many days to complete?
  • Has an approach been tested to deliver critical services sooner than that?
  • Are you confident that critical third-party providers and counterparties are aware of how such a scenario will be handled, and what they might need to do differently?

Sheltered Harbor is recognized by financial regulators globally as the gold standard for robust resilience and rapid business recovery. Sheltered Harbor is an independent subsidiary of the Financial Services Information Sharing and Analysis Center (“FS-ISAC”). 

 

 

 

Carlos Recalde - President

Carlos Recalde, President & CEO
Insights into resilience against severe but plausible events, as defined by leading U.S. financial firms