Technology
Disaster Recovery-As-A-Service: A New Front In Cybersecurity War
Ransomware is a major threat to institutions such as banks – they are where the money and data are. We talk to a firm that helps affected organisations to recover and avoid problems.
Ransomware continues to be the most prevalent form of cyber
attack, affecting three out of four organisations – and that
includes banks and wealth managers.
Firms that specialise in recovering from a breach and data loss
are, understandably, making much of what they bring to the table.
One such firm is 11:11,
a UK-based business, which also operates in continental Europe,
North America, Singapore and Australia.
11:11 has recovery processes in place that firms can use. Part of
the firm's offering is educating and training of clients, and
developing ideas on how organisations can act in particular
situations. It encourages firms to simulate a problem to see what
has to be done, Sean Tilley, senior director of sales, EMEA at
11:11 Systems, told this news service in a recent call.
The business’s model can be described as
“infrastructure-as-service,” including disaster
recovery-as-a-service, Tilley said.
The stakes are high. According to the Veeam Data Protection
Trends Report 2024, 75 per cent of organisations suffered at
least one ransomware attack last year. Focusing just on the UK, a
2024 report from the Department for Science, Innovation &
Technology found that half of businesses and around a third of
charities (32 per cent) reported having experienced some form of
cyber security breach or attack in the last 12 months. This is
much higher for medium businesses (70 per cent), large businesses
(74 per cent) and high-income charities with £500,000 ($626,670)
or more in annual income (66 per cent).
By far the most common type of breach or attack is phishing (84
per cent of businesses and 83 per cent of charities).
Besides 11:11, other businesses which help firms deal with
attacks from ransomware include the likes of K2
Integrity (see
an article from that business). Gotham Security, an
Abacus Group company, spoke to this publication about lessons to
be learned from an attack in 2023 on UK-based Succession
Wealth.
A report in March 2024 from Broadridge
Financial Solutions showed that over the next two years,
financial institutions plan to boost their investments in
cybersecurity by 28 per cent on average; impacting their internal
security protocols, and the way in which they engage with
third-party technology vendors. According to the study,
cybersecurity is the top capability executives say they expect
from their technology vendors, outpacing their ability to deliver
projects on time and on budget, and building next-generation
technologies into their solutions. Cybersecurity remains an
important concern for the world’s wealth management industry. In
the US, new Securities
and Exchange Commission rules came into force
in 2023 forcing listed companies to report their
cyberattacks to core stakeholders, such as investors, customers,
and regulators.
Vulnerabilities
An issue for firms such as 11:11 to watch is the pressure on
outsourced, third-party firms and their own security
processes.
The focus on third-party risks is a “huge topic,” Tilley
said.
Vulnerabilities at providers of outsourced services has been
flagged as an issue by the UK’s Financial Conduct Authority. The
late-July Microsoft/CrowdStrike outage was a wake-up call, for
example. In an article published here in September, US-based ACA
Group said: “For those on the buy-side, for every provider you
take on, you must consider the risk to your side of the
business…this is about asking the right questions and making sure
that your due diligence is up to date.”
European Union regulators wanting to make systems more robust, is
one example of what is taking place.
In a recent article which he authored, Tilley noted that the
European Union has introduced new rules such as the Digital
Operational Resilience Act (DORA) and the NIS2 Directive.
Getting into better shape to handle cyber attacks is not just
about spending money, it can also give firms that have strong
safeguards a competitive edge over rivals, Tilley
wrote.
“Regulatory compliance is not just a defensive move – it can be a
strategic advantage,” he wrote. “Financial firms that effectively
implement these standards can enhance their operational
efficiency, customer trust, and ability to enter new markets.”