October 2020
Type your content here…
Following their consultation, the Financial Stability Board (FSB) published their toolkit of effective practices for financial institutions’ cyber incident response and recovery. The FSB encourages authorities and organisations to use the toolkit to enhance their cyber incident response and recovery activities (CIRR).
Cyber incidents pose a significant threat to the global financial system, particularly given its interconnected nature. In light of this, the FSB reminds firms that enhancing cyber incident response and recovery is essential to limit any related financial stability risks and that the shift to remote working in light of the COVID-19 pandemic have heightened the need for attention in this area. The toolkit includes 49 practices for effective cyber incident response and recovery across seven components: (i) governance, (ii) planning and preparation, (iii) analysis, (iv) mitigation, (v) restoration and recovery, (vi) coordination and communication, and (vii) improvement.
Effective governance of CIRR involves defining the decision-making framework with clear steps and measures of success, and allocates responsibilities and accountabilities to ensure that the right internal and external stakeholders are engaged when a cyber incident occurs. Governance also encapsulates the commitment to support CIRR activities through adequate sponsorship by senior management and to promote positive behaviours dealing with, and following, a cyber incident.
Planning and preparation occur before an incident and play a significant role in determining the effectiveness of CIRR activities. Organisations need to establish and maintain capabilities to respond to cyber incidents, and to recover and restore critical activities, systems and data affected by cyber incidents to normal operations. This includes establishing policies, plans, playbooks, communication strategies and scenario testing.
Organisations should conduct analysis, including forensic analysis, and determine the severity, impact and root cause of cyber incidents to drive appropriate and effective CIRR activities.
Organisations should activate mitigation measures to prevent the aggravation of the situation and eradicate cyber incidents in a timely manner to alleviate their impact on business operations and services. This includes ensuring containment, eradication and business continuity measures are in place.
Organisations should restore systems or assets affected by a cyber incident to safely recover business-as-usual operations and delivery of impacted services.
Across the life cycle of a cyber incident, organisations should coordinate with their trusted stakeholders to maintain good cyber situational awareness and enhance the cyber resilience of the ecosystem in which they operate. During a cyber incident, organisations should communicate on an agreed frequency, granularity and language appropriate to each stakeholder group, in order to engage and promote their CIRR activities.
Close coordination with relevant internal and external stakeholders, including authorities, throughout the CIRR life cycle enables timely communication of progress and outcomes of the CIRR activities. Collective actions can be taken by stakeholders throughout their supply chain or orchestrated in their ecosystem.
Organisations should establish processes to improve CIRR activities and capabilities through lessons learnt from both proactive tools, such as CIRR exercises, tests and drills, and past cyber incidents. Lessons learnt can be used in the selection and implementation of additional controls and mitigation measures, including changes to CIRR policies, plans and playbooks.
Enhancing cyber resilience requires a multifaceted approach comprising activities to support the Protect, Detect, Respond and Recover functions. While organisations look to preventative capabilities to enhance their Protect and Detect functions, well-established response and recovery capabilities are essential to reduce the impact of a cyber incident and minimise the risk of contagion in the financial system.
