In the wake of the recent global IT outage affecting CrowdStrike (CS) from a periodic software update, Financial Institutions worldwide and in Singapore are reassessing the critical importance of robust IT security measures within their Business Continuity Management (BCM) frameworks as a key provider was affected on 19 July 2024.
This recent incident has highlighted key areas that emphasise the importance for fortified cybersecurity strategies in Singapore Financial Institutions’ operational strategies:
1. Mitigating Operational Disruptions
In this digital era, cloud computing goes hand in hand with FIs as a much needed service solution for being cost effective, enabling better collaboration and supporting business continuity and disaster recovery. On the flip side when the service hits downtime, it may significantly impact not just FIs’ operations but may also potentially give rise to financial losses and risk of data theft. Hence, it is essential for Singapore Financial Institutions to have a robust IT infrastructure in place for alternative arrangements in the event of such outages to minimise disruptions.
2. Safeguarding Customer Trust and Compliance through Data Integrity
Upholding stringent IT security standards is paramount for maintaining customer trust and regulatory compliance. Singapore Financial Institutions must adhere to rigorous data protection regulations and demonstrate robust cybersecurity measures to safeguard sensitive customer and proprietary information and preserve institutional integrity. Regular testing of IT security such as routine firewall checks, network penetration testing and regular malware and virus monitoring will help to detect potential weaknesses if any.
3. Enhancing Resilience and Recovery Capabilities
Integrating robust IT security into the Singapore Financial Institutions’ Business Continuity Management frameworks enhances internal preparedness and awareness by enabling swift recovery from disruptions with well-trained employees. Proactive measures such as real-time monitoring, incident response planning, and comprehensive data backup strategies are essential components of a resilient framework that ensures business continuity with minimal disruptions. An appointed IT officer can also be a measure used to carry out regular testing and checks for IT security maintenance based on different disaster recovery scenarios.
4. Addressing Emerging Cyber Threats and Promoting Awareness as a Culture
In this digital era, cyber threats are constantly evolving which may pose challenges for threat detection technology and outdated cybersecurity training programs. Hence, it is important to constantly seek and invest in advanced technologies to stay ahead of threats, mitigate risks and protect critical assets. Internally, Singapore Financial Institutions can also educate employees and stakeholders on cybersecurity by fostering their awareness for vigilance and accountability. Training programs, simulated exercises, and regular awareness campaigns empower individuals to recognize and respond to potential threats effectively. Training programs such as differentiating real and phishing emails can be conducted to better detect threats. Singapore Financial Institutions can also conduct random exercises to test employees’ alertness in instances where a planned phishing email is received. This enables employees to apply their knowledge in real life situations.
In conclusion, the CrowdStrike global IT outage serves as a timely reminder for FIs to remember that even global IT infrastructure vendors are capable of failing, and that when in reliance of such vendors, it is important to have appropriate backups or alternative arrangements in place to minimise disruption to the business. This helps organisations to further strengthen their resilience against new cyber threats, minimising operational disruption while ensuring data integrity in today’s interconnected digital era.
If you require any support in understanding and building a comprehensive Business Continuity Management Plan and Policy for your regulated business, our team at Curia Regis are well equipped to assist you with this.
Reach out to us at [email protected] to know more.
