Proactive, not reactive: the path to ensuring operational resilience in cybersecurity
From bank robbers in the Wild West to ransomware-as-a-service (RaaS), threats to the world’s financial ecosystem have evolved significantly over the years. Technological advancements have led to the rapid evolution of the financial industry, from cash transactions to digital wallets, embedded finance, and open banking. But they have also democratized sophisticated technology tools, making them cheaper and more accessible for threat actors.
For financial firms, the emerging threat arena is immensely dynamic. We already have our hands full, ensuring operational resilience in the face of natural disasters, geopolitical changes, and loss of public confidence.
Now, with easy access to criminal “services providers,” anyone with a grudge or a group with an agenda can bring down a business or even compromise an entire sector. And they don’t even need technical expertise for this, they can pay a nominal fee to leverage the “as-a-service” providers to deliver an attack with the efficiency of a factory production line.
Against this backdrop, financial regulators worldwide are emphasizing the need to build operational resilience to maintain the stability of the financial sector. This is apparent from the EU’s Digital Operational Resilience Act (DORA), the framework for operational resilience established by the Bank of England (BoE), Prudential Regulation Authority (PRA), and Financial Conduct Authority (FCA) of the UK, and the updated business continuity guidelines of the Monetary Authority of Singapore (MAS).
So, how does the financial sector ensure operational resilience — the ability to counter, continue operations, recover, and learn — when the unexpected happens? It all comes down to adopting a proactive, not reactive approach.
Why use a proactive approach to security?
Operational resilience goes beyond ensuring business continuity by mitigating disruptions as and when they occur. Resilience needs a proactive approach to maintaining stable and reliable digital systems, regardless of the severity of threat incidents. This “bankability” (excuse the pun) of the financial system is critical to preserving public trust and confidence in the global financial system.
