The EU is set to introduce new regulations that will see financial services firms having to show how quickly they could recover from a cyberattack. This comes as regulators fear their increasing reliance on a small pool of cloud vendors could result in downtime at a range of banks as the result an outage at just one of the major cloud players.
Thomas Eeles, CSIRT Manager at Orange Cyberdefense, Europe’s largest MSSP, has shared comment below based on his experience of incident response. He has provided thoughts on the dangers of not having a seamless incident response and recovery plan in place ahead of time, and how financial services firms can ensure these plans are implemented before they’re needed.
“A major part of incident response, especially when dealing with large scale incidents, is recovery and remediation. Typically, the immediate action will be to block the specific attack vector linked to the incident at hand, and then firms will move on to long term recovery and take steps to get everything back to normal.
“It is abundantly clear to those in the industry which companies have a disaster recovery plan, and which don’t. From my perspective, those that don’t have a recovery plan always – without fail – end up spending more money and time on recovery than on the actual investigation itself. I would say this reaches a rough 70/30 split.
“Businesses that do have a recovery plan will save time and money by planning their recovery strategy before it’s needed, as well as reducing stress and the risk of staff turnover after an incident. Ultimately, if financial services firms plan how long it would take to completely rebuild their network before any incident has taken place and present this plan to the powers that be for sign off, the process will be much smoother in the event that it’s needed. The rush and pressure will be alleviated, and the process will likely be completed more smoothly as a result.”
To read other news stories and exclusives, see our latest issue here.