The evolving threat landscape, including an increasing number of cyber-attacks and ransomware threats, requires a holistic view when building operational resilience across the value chain. Financial market infrastructure (FMI) must not only adapt to these threats but also rapidly and safely recover its operational capabilities to facilitate fair and orderly markets. Jason Harrell, DTCC Managing Director, Operational and Technology Risk & Head of External Engagement joined a distinguished panel of cyber experts at the World Forum of Central Securities Depositories to discuss the current threat landscape and ways central securities depositories (CSDs) and FMIs can strengthen their operational resilience.
Related: The Importance of Cyber Advocacy
Highlights of Harrell’s remarks are summarized below.
Recent Developments
The rapidly changing geopolitical environment continues to drive changes in the cyber threat landscape. Firms need to protect against threat actors that are:
- Increasingly using cyber-attacks to seek out weaknesses at financial institutions and supply chain;
- Attempting ransomware attacks to render firms and systems inoperable and extract payments;
- Using geopolitical turmoil to initiate cyber warfare; and
- Exploiting software that is used across financial institutions.
Challenges to Strengthening Resilience
- Balancing Act: Firms need to build resilience efforts across the entire enterprise and value chain, which may include new technologies. However, the integration of legacy systems with emerging technology can create new risks and change the dynamic of existing risks.
- Third-Party Threats: Partnerships with fintech firms and other vendors expand the attack surface area, increasing the accessibility of threat actors.
Cyber Resiliency Best Practices
- Increase information sharing between market players. Threat actors are freely sharing information so CSDs and other FMIs need to increasingly collaborate as well.
- Use educational tools (e.g., industry tabletops) to understand how market participants may respond during a cyber event to inform on your organization’s playbooks.
- Critically important firms may need to adjust (even if their operations are not directly impacted) to bring stability to markets.
- Continuous monitoring systems, using data-driven tools to identify issues on a large scale.
Increasing partnerships, both within the industry and with governments, to gain more intelligence on the capabilities of these threat actors is a critical step toward building resilient operations.
Regulation Trends and Challenges
- Not Just IT: Resilience needs to be consistent across the enterprise, it's not just a technology issue. Firms need to understand how much stress business operations can withstand and if they can rapidly and safely recover from any operational event, not just a cyber-attack.
- Evolving Landscape: New principles and rulemaking continue to be developed for cyber and operational resilience including the Basel Committee on Banking Supervision Principles for Operational Resilience, European Union Digital Operational Resilience Act (DORA) and new operational resilience rulemaking in Singapore and Hong Kong.
- Dual Requirements: FMIs will need to monitor direct and indirect operational resilience requirements. As financial firms continue to receive resilience requirements from their regulators, these firms will increasingly require resilience evidence from its third parties inclusive of CSDs and other FMIs.
What Firms Can Do Right Now
- Become part of the threat intelligence community to gain visibility and knowledge.
- Enhance the organization’s third-party risk management programs to include resilience and assess their third party’s capabilities to deliver on resilience objectives
- Follow the regulatory environment, understand resilience requirements/capabilities and how they may impact the CSDs and other FMIs.