Handling the Crisis: The Response of a Financial Institution Karina Levitas – Chief Financial Officer Drew Brooks – VP of Public Relations Kayla Rizzoli – Chief Information Officer Zere Kabyl-Fazyl – Chief Information Security Officer Mark Lyubovitsky – General Counsel
Scenario 1: India signs a trade deal with Taiwan. Tensions between China and Taiwan increase. Cyber activism from both sides has increased dramatically. The UN Security Council has been summoned for an emergency meeting. During this time the global ISP has suffered a massive DDOS attack originating from South Korea.
<ul><li>PR – Distributed Denial of Service attack unrelated to India- Taiwan agreement; internal investigatory audit of our cyber security assets. </li></ul><ul><li>CISO - The CISO reports directly to CEO identifying those responsible for record keeping on cyber security; security programs should be aligned with overall business objectives; 12 Layers of Security implemented; keep up to date with ICCS recommendations and Singapore standards. </li></ul><ul><li>CIO – Expand technology; participate in US forum; contact Financial Task Force. </li></ul><ul><li>CFO – Assess all vulnerabilities; contact affected customers; meet with risk management team; contact Secret Service. </li></ul><ul><li>Legal - Analyze cyber liabilities, ensure protection of personally identifiable information (PII) in order to avoid high-risk litigation; review international laws in Asian countries. </li></ul>
Scenario 2: An “advanced persistent threat” has been realized within all major global networks who use the ISP’s backbone. The Financial Institution suffers a major breach impacting the integrity of market data. The Indian government discovers that a Russian hacker crew has penetrated Mumbai’s major data warehousing networks.
<ul><li>PR – Make public statement –all financial assets all secure; bring external cyber security experts to conduct forensics and double the cyber security allocation within IT budget. </li></ul><ul><li>CISO – Ensure intrusion detection system’s full operation and manage an immediate incident response to the breach; contact US Cert to comply with secure coding standards. </li></ul><ul><li>CIO - Isolate compromised data ; work to restore any altered data to its correct form based on the back up system; identify the vulnerability; ensure a patch is made; find red team’s and blue team’s through the Financial Task Force. </li></ul><ul><li>CFO - Utilize back up mechanisms to ensure financial data is uncompromised; sculpt larger budget for technology spending; contact Secret Service Financial Institution Task Forces and contact the International Financial Institutions Anticorruption Taskforce; coordinate with CIO to identify best practices; ensure business continuity. </li></ul><ul><li>Legal – Work with CFO and CIO to ensure effective network security to combat loss of data, information, or personal information of our customers.; review vendor contracts; participate in investigations with international law enforcement agencies; contact G-24. </li></ul>
Scenario 3: China invades Taiwan --and Chinese nationalist hackers flex their muscles.
PR - Threaten to freeze assets of Chinese nationals and corporations associated with the organized hacking if attack on our database originates from China. CISO - Accentuate efforts on risk management; develop a broad-based framework for managing risk; updated security briefings; secure connection devices. CIO – Temporarily isolate Chinese and Taiwanese accounts; verify account activity through spot checking and trend watching; isolate US accounts because of the inflammatory nature of the US response. CFO - Determine if hacking threats have damaged financial investments in the Asian region; conduct business cost benefit analysis; discuss and implement options of freezing transactions with US, Taiwanese and Chinese accounts. Legal - Ensure the procedures and processes are in place to quickly advise customers and other third parties of a theft of PII consistent with international laws; coordinate with India to monitor internal systems; reach out to UN Financial Institution.
Scenario 4: The Indian Central Depository has sustained a DDOS. The E-commerce Giant's web-portal has been successfully poisoned. All visitors for the past week have been infected with a rootkit which spreads itself via the networks it infects. At the UN Security Council--The USA has issued an ultimatum to the Chinese to stop hacking.
<ul><li>PR – Offer macro level loans to India at low interest rates; extend loans to UN countries for the potential UN actions; draft a letter of confidence to all customers outlining current actions being taken from a financial and IT related stance to ensure customer confidence; issue severe warning to US and China over persistence of hostilities. </li></ul><ul><li>CISO - Conduct periodic vulnerability assessment; analyze the logs of the various systems for initiating preventive measures; create security awareness among the organization staff and stake holders; implement stateful inspections. CIO - Isolate the e-commerce access to the system; verify that the Indian Central Depository has only sustained a DDOS; build a non-cloud networking option. </li></ul><ul><li>CFO - Verify existing cyber-insurance policy; examine the business model, policies, and procedures, in addition to scanning the systems and increase vigilance over all 12 levels of layered security; meet with key stakeholders; look to unaffected markets. Legal - Review the contracts with business partners and agreements with customers; ensure our trade secrets and confidentiality of our information is protected from cyber hackers, especially the Chinese; assure contracts include cyber data breach liability limitations. </li></ul>
Scenario 5: An Eastern European cyber crew backdoors all major media outlets and rootkits all users who traverse those sites. The electrical grid in California, NY and New Delhi are knocked offline causing the generators to overheat and explode. **** Major cloud providers corrupted by Pakistan ****
<ul><li>PR - Public statement - company’s internal infrastructure not been affected by latest attack, our assets are secure, and that we are reaping the benefits of our vigilance and recovery operations; potentially halt financial transactions of unscrupulous actors through long term divestment operations; reject China/US choice as false dichotomy and choose to freeze all US/China accounts until further notice. </li></ul><ul><li>CISO – Ensure all 12 Layers of security are functioning; conduct training of the personnel on a regular basis; update the existing security programs. </li></ul><ul><li>CIO – Monitor rootkits and computers; if found financial computers effected, every effort will be made to patch and halt the spread of the infection; records should be looked through to ensure no data was altered; isolate Pakistan’s access to the system and convert to our backup non-cloud. </li></ul><ul><li>CFO - Assess all financial records and archives; meet with legal counsel; expand budget to procure additional back up hardware and networking systems that can store all previous financial data without threat of interruption.; assess liquidity to determine if additional funding is available to provide macro and micro loans to restore functionality in Indian electric grids. </li></ul><ul><li>Legal – Ensure cyber liabilities in place and that our third party continuity operations will continue functioning as normal; review contracts with Indian utility companies to get them the finances as quickly as possible, meet with CFO. </li></ul>