EU regulation on banks’ reliance on cloud giants

The EU is set to introduce new regulations that will see financial services firms having to show how quickly they could recover from a cyberattack. This comes as regulators fear their increasing reliance on a small pool of cloud vendors could result in downtime at a range of banks as the result an outage at just one of the major cloud players.

Thomas Eeles, CSIRT Manager at Orange Cyberdefense, Europe’s largest MSSP, has shared comment below based on his experience of incident response. He has provided thoughts on the dangers of not having a seamless incident response and recovery plan in place ahead of time, and how financial services firms can ensure these plans are implemented before they’re needed.

“A major part of incident response, especially when dealing with large scale incidents, is recovery and remediation. Typically, the immediate action will be to block the specific attack vector linked to the incident at hand, and then firms will move on to long term recovery and take steps to get everything back to normal.

“It is abundantly clear to those in the industry which companies have a disaster recovery plan, and which don’t. From my perspective, those that don’t have a recovery plan always – without fail – end up spending more money and time on recovery than on the actual investigation itself. I would say this reaches a rough 70/30 split.

“Businesses that do have a recovery plan will save time and money by planning their recovery strategy before it’s needed, as well as reducing stress and the risk of staff turnover after an incident. Ultimately, if financial services firms plan how long it would take to completely rebuild their network before any incident has taken place and present this plan to the powers that be for sign off, the process will be much smoother in the event that it’s needed. The rush and pressure will be alleviated, and the process will likely be completed more smoothly as a result.”

To read other news stories and exclusives, see our latest issue here.

Never miss a story… Follow us on:
LinkedIn Security Buyer
Twitter logo @SecurityBuyer
Facebook @Secbuyer

Media Contact
Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: editor@securitybuyer.com

Recent Posts

Subscribe to our newsletter

Don't miss new updates on your email
Click here

Copyright notice This website and its content is copyright of Security Buyer – © Hand Media International LTD 2021. All rights reserved. Any redistribution or reproduction of part or all of the contents in any form is prohibited other than the following: you may print or download to a local hard disk extracts for your personal and non-commercial use only you may copy the content to individual third parties for their personal use, but only if you acknowledge the website as the source of the material You may not, except with our express written permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any other website or other form of electronic retrieval system.