Global Banks Carry Out Quantum Dawn Cybersecurity Event04.04.2022
SIFMA released the summary of key recommendations from its biennial Quantum Dawn cybersecurity exercise conducted in November 2021.
This event enabled financial firms, central banks, regulatory authorities, trade associations, law enforcement and information sharing organizations around the world to rehearse incident response protocols, both internally and across the sector, against a broad range of significant ransomware attacks targeting the financial sector.
QDVI After-Action Report: Key recommendations arising from SIFMA's recent Quantum Dawn VI cyber exercise.
— SIFMA (@SIFMA) March 31, 2022
The exercise engaged SIFMA’s Global Directory Members, which were brought together during QD V in November 2019, and also focused on identifying potential gaps in responses. Participants included over 1,000 representatives from 240 public and private sector institutions, including financial firms, central banks, regulators, and law enforcement entities, across more than 20 countries around the world.
“A clear takeaway from the exercise is the importance of a robust partnership between the industry and government grounded in information sharing,” said Kenneth E. Bentsen, Jr., SIFMA president and CEO. “No single actor — not the federal government, nor any individual firm — has the resources to protect markets from cyber threats on their own. Firms should also continually exercise their crisis management, incident response and data recovery plans to ensure rapid response and recovery from ransomware or other types of cyber-attacks.”
Along with SIFMA, global consulting firm Protiviti helped organize the simulation and prepare the After-Action Report with recommendations aimed to help the sector strengthen its readiness to defend critical financial services infrastructure from an array of cyberattacks and extreme scenarios.
Those recommendations include:
I. Make critical investments in capabilities:
Institutions should continue to invest in robust ransomware recovery and cyber, business continuity and information technology incident response plans and strengthen these plans based on frequent exercises and tests.
II. Create alternate communication channels for worst-case scenarios:
In the event a regulatory authority is impacted by a ransomware event and goes offline, firms should have processes in place to use alternate communications channels.
III. Beware: Ransom payments may not lead to data recovery:
SIFMA does not recommend paying a ransom. Executives need to carefully consider the realities of taking such actions, including the possibility that they still may not recover stolen data.
IV. Join global directory of critical stakeholders:
Financial firms are strongly encouraged to join SIFMA’s Global Directory of critical stakeholders. This directory was created to identify critical public and private sector organizations and key contacts that play a role in crisis management and global information sharing.
V. Follow best practices:
Validate that critical infrastructure assets are not exposed to the public internet.
Institute controls such as self-service password management requiring a second factor to avoid being socially engineered.
Require multi-factor authentication (MFA) everywhere.
Deploy modern-day Identity Governance and Administration (IGA) systems to detect backdoor accounts.
Use a privileged account management (PAM) system to check in-and-out access to accounts or deploy even more advanced defenses for critical admin-level accounts.
Isolate and disconnect infected machines immediately.
Develop proactive threat hunting capabilities.
The bank expects to hire several hundred employees in the region.
Employees routinely communicated about business matters using text messaging on personal devices.
LCH SwapAgent said trade highlights its coordination of the transition to risk free rates for non-cleared OTC ...
The bank is executing on strategic initiatives including potential divestitures and asset sales.
With Natacha Dezert and Aman Mehta of BNP Paribas Securities Services.