12-18 November is Fraud Awareness Week, and once again, cyber-resilience is a hot topic. As a licensee, do you wonder what you legally have to do? Before we tell you, let's start, as Simon Sinek recommends, with Why...
In one weekend earlier this year, the world was subject to an "unprecedented" cyber-attack which is reported to have affected approximately 200,000 users in 150 countries. The "WannaCry" attack combined ransomware with a worm virus and spread quickly. Victim's systems were locked down and, unless they had appropriate safeguards in place, and backups, they had no access to information until a ransom was paid. In the meantime, the virus continued to spread through networks.
Why are we telling you this?
Licensees have possession of highly personal information. This information in the wrong hands can be used for criminal activities such as ID fraud, and can be sold for a high value. Certain industries are considered more vulnerable to attacks such as WannaCry because of the sensitive nature of the information that they held.1
This secondary market for personal information, as well as the inability to conduct business means that unprepared targets of an attack, like WannaCry, are more willing to pay a ransom to have the information unlocked and returned.
"This is a massive reminder to sectors across the world that Cyber-security should be a top-line executive priority and you need to do something to protect yourselves".2
Of course, no-one wants to suffer from a cyber attack. But there are extra reasons why licensees should immediately prioritise cyber-resilience – for example, because your AFSL requires it.
- You must have adequate risk management
- Have you identified your vulnerability and exposure to cyber incidents?
- Do you know what the risks are, and have you assessed what
controls you need to deal with them?
- You must have adequate information technology resources
to provide the financial services covered by the
- If your information is locked down and you must pay a ransom, what will you do?
- Can you continue to provide the financial services?
- Have you identified the resources that your business needs to
As all licensees would know, these procedures need to be documented, and you will need to update your compliance manual as well.
However, we are here to help! We've created a cyber-resilience manual to assist you with implementing cyber-resilience within your AFSL business.
1 Rob Wainwright, Director Europol, speaking to the BBC "Ransomware cyber-attack threat escalating – Europol" 14 May 2017 http://www.bbc.com/news/technology-39913630
2 As above
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.