In this December 2021 speech, Bo Li, Deputy Managing Director of the International Monetary Fund (IMF), reinforced how digital technology permeates all aspects of society, increasing our dependency on interconnectivity and reliance on the networks that support it.
As a result, it’s essential to establish building blocks that address systemic risks that could compromise this ecosystem.
Li goes onto to identify 3 key issues around cyber resilience:
- Cyber resilience isn’t an isolated issue: As technology shifts from being a vehicle for efficiency to one that enables new ways of business and social interactions, so does the impact of threats that target weaknesses in technology.
- Cyber resilience isn’t a one-dimensional issue: The origin, motivation, and execution of cyberattacks are varied and ever evolving – and the various safe-guarding governance mechanisms that exist need to adapt with the same agility.
- Cyber resilience is a societal issue: As technology becomes an essential part of life, so cyber resilience becomes increasingly dependent on the behavior and choices of people and society.
These 3 issues strongly align with the cyber resilience challenges the banking and finance sector faces, both historically and in the current era of rapid digital transformation.
The banking and finance sector is critical infrastructure
Payments systems are vast and interconnected, personal and business banking is now performed from anywhere over a multitude of channels, open banking exposes core banking systems to third-party applications – organizations must be able to deliver these services reliably while ensuring they protect customer data, adhere to regulations , and maintain trust.
Further, the deep interdependencies between the banks, the local and global economies they serve, and the potential threats to these systems in case of instability has led the finance sector to be classified as critical infrastructure in many parts of the world. This brings their importance to society to the level of services such as healthcare, electricity, water, and telecoms.
Banking and finance firms must detect and contain cyberattacks
In line with the expectation of other critical infrastructure, organizations in the financial services sector are no longer expected to simply be able to recover and restore after an incident. They must now be able to detect and contain incidences at the outset and ensure that a minimum level of acceptable service can be maintained throughout.
The Bank for International Settlements – “the central banks’ bank” – reiterates this in their Guidance on Cyber Resilience for Financial Market Infrastructures:
“The safe and efficient operation of financial market infrastructures (FMIs) is essential to maintaining and promoting financial stability and economic growth. If not properly managed, FMIs can be sources of financial shocks, such as liquidity dislocations and credit losses, or a major channel through which these shocks are transmitted across domestic and international financial markets. In this context, the level of cyber resilience, which contributes to an FMI’s operational resilience, can be a decisive factor in the overall resilience of the financial system and the broader economy.”
Many regulators are seeking to uplift the cyber resilience posture of their member organizations, including:
- The Australian Prudential Regulation Authority’s Prudential Standard CPS 234
- The OCC’s Sound Practices to Protect Operational Resilience
- The EU’s Digital Operational Resiliency Act
Complementary to these are frameworks like CBEST from the Bank of England that allow members to assess the cyber resilience of their firms’ critical business services.
How Zero Trust Segmentation helps deliver cyber resilience
To quote Bo Li: “The increasing digitalization of financial services, in combination with the presence of high-value assets and data, make the financial system a prime target. The high level of interconnectedness across financial institutions ... creates a potential vulnerability wherein a localized cyber incident could quickly spread across markets and jurisdictions.”
Zero Trust Segmentation helps address these challenges and improve cyber resilience by:
- Protecting high-value assets and data by ensuring that only authorized access is permitted, reducing the available attack surface.
- Providing consistent visibility across the firm’s hybrid infrastructure, highlighting all dependencies.
- Limiting access on known high-risk ports to prevent the rapid spread of ransomware.
Financial organizations globally, including 6 out of 10 of the world’s largest banks, rely on the Illumio Zero Trust Segmentation platform to improve their cyber resilience.
Read our new industry guide to find out how Illumio can help implement Zero Trust Segmentation in your financial services or banking organization.
And learn how our customers in the industry stay cyber resilient with Zero Trust Segmentation: