IT disaster recovery, cloud computing and information security news

Lessons from Quantum Dawn: the biennial US financial sector cyber security exercise

SIFMA has released a summary of key recommendations from its biennial Quantum Dawn cyber security exercise, which was conducted in November 2021. This event enabled financial firms, central banks, regulatory authorities, trade associations, law enforcement and information sharing organizations around the world to rehearse incident response protocols, both internally and across the sector, against a broad range of significant ransomware attacks targeting the financial sector.

Participants included over 1,000 representatives from 240 public and private sector institutions, including financial firms, central banks, regulators, and law enforcement entities, across more than 20 countries around the world.

“A clear takeaway from the exercise is the importance of a robust partnership between the industry and government grounded in information sharing,” said Kenneth E. Bentsen, Jr., SIFMA president and CEO.  “No single actor — not the federal government, nor any individual firm — has the resources to protect markets from cyber threats on their own. Firms should also continually exercise their crisis management, incident response, and data recovery plans to ensure rapid response and recovery from ransomware or other types of cyber-attacks.”

Along with SIFMA, global consulting firm Protiviti helped organize the simulation and prepare the After-Action Report with recommendations aimed to help the sector strengthen its readiness to defend critical financial services infrastructure from an array of cyberattacks and extreme scenarios.

Those recommendations include:

Make critical investments in capabilities
Institutions should continue to invest in robust ransomware recovery and cyber, business continuity and information technology incident response plans and strengthen these plans based on frequent exercises and tests.

Create alternate communication channels for worst-case scenarios
In the event a regulatory authority is impacted by a ransomware event and goes offline, firms should have processes in place to use alternate communications channels.

Beware:  Ransom payments may not lead to data recovery
SIFMA does not recommend paying a ransom. Executives need to carefully consider the realities of taking such actions, including the possibility that they still may not recover stolen data.

Join global directory of critical stakeholders
Financial firms are strongly encouraged to join SIFMA’s Global Directory of critical stakeholders.  This directory was created to identify critical public and private sector organizations and key contacts that play a role in crisis management and global information sharing.

Follow best practices

  • Validate that critical infrastructure assets are not exposed to the public Internet.
  • Institute controls such as self-service password management requiring a second factor to avoid being socially engineered.
  • Require multi-factor authentication (MFA) everywhere.
  • Deploy modern-day Identity Governance and Administration (IGA) systems to detect backdoor accounts.
  • Use a privileged account management (PAM) system to check in-and-out access to accounts or deploy even more advanced defenses for critical admin-level accounts.
  • Isolate and disconnect infected machines immediately.
  • Develop proactive threat hunting capabilities.

More details.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.