Know When to Hold 'EmTo win in any of these scenarios, you need good cards. Luckily, unlike poker, your hand is not based on the luck of the draw. The risk management and security teams’ mission is to stack the deck in your favor with the following:
Calling Their Bluff
Typically, you will only want to play this ace when you have run out of other options. For example, with a Sheltered Harbor data vault, critical customer account data is archived every night. In the event of a major operational outage, the firm can effectively turn back the clock to the day before the event. This means that all transactions that happened after the last archiving are wiped out, which can be substantial but manageable. It is also an effort to activate; it takes time to get data out of the vault and loaded onto production or alternative systems. In the case of a devastating attack where all systems are down, the industry agreed that last night’s customer account data and balances are enough to maintain public confidence in the financial system more broadly. In the case of a less severe attack, firms need to weigh whether using the vaulted data is their best option; there may be easier and less drastic remedies.
To really be able to call your opponent’s bluff, you must be confident that the data going into the vault is clean. You need an iron-clad process for validating the data before it is encrypted and sent to the vault. Without ensuring the integrity of the data going in, the vault itself is worthless. With it, you have ultimate negotiating power with the attackers when the stakes are high: the confidence that if you walk away, at least a relatively recent copy of your data remains intact.
In the poker game that is a ransomware attack, the best thing you can do is stack the cards in your favor ahead of time. No matter the exact scenario, you should ensure you have threat intelligence, a security operations center, a resiliency plan, several kinds of backups, and your ace in the hole: a trustworthy, accessible data vault.
© 2020 FS-ISAC, Inc. All rights reserved.
Carlos Recalde wrote the book on Sheltered Harbor. This financial industry consortium is working to enhance resiliency for consumer accounts in banks and brokerages throughout the US. Carlos oversees all operations of...Read More
this industry-funded not-for-profit organization - not the least of which is the ongoing development and implementation of the Sheltered Harbor protection framework for US deposit and brokerage accounts. Carlos has been managing businesses and implementing technology since last century. He has successfully launched four different technology-focused businesses. Carlos served as the Executive Director of Technology for the Americas Region of KPMG, where he led the transformation to a distributed, mobile, knowledge-enabled workforce globally. Carlos also led the creation of KPMG’s global information security organization. As Senior Vice President for Product Management at Lehman Brothers, Prime Services business, he led changes to customer service and technology processes that enabled a 50% increase in revenues. Then as CTO for SunGard’s Asset Management business, he brought market-value product and technology development together to increase revenues by over 15% in two years.