Stepping into a Cyber Attack

Shameela Gonzalez, Director, FSI Industry Lead at Cyber CX

• Financial services are high value targets.

• Cyber attacks either come from national states or financial crime syndicates.

• Cyber extortion is still the most common type of cyber-attack.

• Criminals create layered senses of pressure and stress to encourage ransom payments.

• Often attacks are not sophisticated and could be avoided via training/updated platforms.

• All senior leaders crucial in responding to cyber attacks. It’s not someone else’s problem.

• They won’t pick a usual time or hour – could be a Friday afternoon.

• Employees could be being targeted for several months before the incident.

• Cyber attackers will – disrupt systems and threaten to release confidential information.

• Key questions include:

  • What harm could be caused to customers if their data is leaked?

  • What financial losses could the company face?

  • What legal and compliance obligations could the company be breaching?

  • Does the company have cyber insurance?

  • What would the Board’s position be?

• Cyber criminals have an interest in sticking to their word, as they have reputations too.

• Even after the incident your customer base could be hit with very targeted scams.

• Have cyber responses plans in place – including knowing who is and is not responsible internally and externally during an attack.

• Run your simulations regularly in order to have teams prepared when a real attack happens.

• Training of staff is your best way of avoiding a cyber attack.

• Be aware of your regulatory obligations and penalties for breach.

• The Cyber Security Strategy is coming out later in November 2023. However, the Government’s current position is to discourage ransom payments as they incentivise further attacks. Instead of paying ransoms, solve for ability to back-up and restore files.