Case Examples
1
Operational Resilience
Ciara Forde & Kirsten Smith
11 May2019
2
Share real life examples of recent Cyber attacks.
Understand the importance of quickly reporting incidents and why a robust disaster recovery plan is critical.
Aims of presentation
Cyber Attack - Example 1
3
1.Pre disaster
2.During issue
3.Post issue
• What happened?
• What went well?
• Lessons learned
• Preventative measures (i.e. training to staff and extra security).
4
• Relying on third party for backups
• No checks had been undertaken to ‘test’ the back up.
Pre Disaster
• Forensic investigation completed
• Contacted Action Fraud/ICO
• No member data compromised
During Issue
• Staff completed ‘manual’ back up
• Communication with members
• Security measures introduced
Post Issue
• Paying a third party for disaster recovery is not enough
• Testing of systems is crucialLessons
Cyber Attack - Example 2
5
1.Pre disaster
2.During issue
3.Post issue
• What happened?
• What went well?
• Lessons learned
• Preventative measures (i.e. training to staff and extra security).
6
• The CU was unaware that data was compromised 2 months prior to ransomware email.
Pre Disaster
• The CU took immediate action and decided to contact both active and dormant accounts
During Issue
•The proactive and comprehensive comms reduced contact from members
Post Issue
•Being open and transparent reduced panic amongst members
Lessons
Cyber Attack - Example 3
7
1.Pre disaster
2.During issue
3.Post issue
• What happened?
• What went well?
• Lessons learned
• Preventative measures (i.e. training to staff and extra security).
8
• Overview
• Previous cyber incidentsPre Disaster
• The Attack - What happened
• Member experience
• The Credit Unions responseDuring Issue
• Member Communication
• Unaccounted for monies
• Issue with Faster payment system
• Automated Telephone banking system
Post Issue
• Review of cyber security including all IT providers.
• IT providers…..solution or part of the problem
• Creating a secondary replica site
• Staff education
Lessons
9
External Threats
• The internet means that organisations can be targeted by a number of malicious groups.
• They all have their own motives and levels of sophistication.
• You can define the groups in many ways, but broadly they fit into:
• Criminals
• Nation States
• Opportunistic
• Hacktivists
Q. Does a formally documented cyber resilience strategy exist within your Credit Union that is independently assessed?
10
Ask yourself these questions…
Q. Do you regularly perform vulnerability assessments to identify & assess security vulnerabilities in your systems & processes?
Q. Have you designed & tested systems & processes to enable timely recovery of accurate data following a cyber incident? Are desktop exercises used to test people?
Q. Do you educate your staff on cyber security risks?
Q. Do you know how to report an incident?
Outsourcing
11
• Some Credit Unions may not have the necessary resources to build in-house IT departments.
• Outsourcing can have benefits, but it is still important to have sight over the provider.
Is your provider right for you?
12
Do they understand the Credit Union model and the
technologies that you’re using?
Can they develop a comprehensive security plan, suggest polices and
security procedures, disaster recovery and auditing?
What is their response times to incidents?
Responding to a cyber attack
13
As the financial system is highly connected and
reliant on technology it will remain a target for cyber-
attacks.
Cyber-attacks will continue to
occur
How firms respond to these disruptive events
is critical.
Take Aways
14
• In terms of support and help we can provide, this varies from case to case.
• Early notification is key and our Cyber colleagues can assist with any technical questions.
Information to be shared:
1. Network Security - the basics
2. Good Cyber Security - the foundations
3. Ransomware infographic
15