Backup and recovery, Remote access

Natural disasters expose cyber weaknesses for financial firms

Lineman work to restore power to residents as the recovery continues from the tornado on December 16, 2021 in Dawson Springs, Kentucky. (Photo by Scott Olson/Getty Images)

When storms, hurricanes, earthquakes, wildfires and other natural disasters strike, they impact life across wide swaths of the country. They also impact the ability to access financial services and the potential for bad actors to get in amid the chaos.

As seen recently with the tornados in Kentucky and the snow and ice-storms across the country, natural disasters can bring in-person banking to a standstill, preventing acces too bank branches and staff, as well as the systems to back up transactions. An academic white paper released in mid2021 by VoxEU looked at the potential impact of natural disasters on the overall financial system, especially in the face of the on-going COVID pandemic, and found that “natural disasters are a major source of systemic risk, and finance must play a major role in the prevention and taming of those risks.”

Indeed, going into the “hurricane season” this year from late summer into fall, the FDIC released notice about how natural disasters might affect financial services institutions (FSIs).

David Blaszkowsky, head of product and regulatory affairs for Helios Data, points out that super-Storm Sandy nearly a decade ago [in fall 2012] remains the nightmare baseline for how future natural disasters can threaten to impact not just to individual local financial institutions, but the national financial system. "Lose a bank and the state and federal regulators can reconstruct things quickly, but when scores or hundreds go down at the same time the system can collapse,” he said.

Adding to this, the failure of electronic systems like ATMs and inability to travel or even rescue and replace lost systems and records, as has happened across lower Manhattan during Sandy, and “the inability for people to get money will quickly mean pain and loss of face across a region,” he added. “Now is the time for FSIs, even for local ones, to build the resilience to survive regional disasters.”

According to analysts at the National Oceanic and Atmospheric Administration (NOAA), 2020 was the fourth-costliest year on record for natural disasters. And, as of early July 2021 there have been eight weather or climate disaster events with losses exceeding $1 billion each to affect the United States, according to NOAA’s findings. While these physical and human losses do not directly equate to financial industry impact, there is nonetheless a correlation — with branches in these areas unable to operate, and digital systems often downed.

Gary McAlum, senior cyber analyst with the TAG Cyber Group, and a member of the board of directors of the National Cybersecurity Center, said that the responsibilities placed upon financial services organizations boils down to business continuity and “resiliency.”

In many ways, the pandemic itself and the subsequent lockdown and remote work requirements represent “a natural disaster,” said McAlum, with the ongoing push to have more employees (including FSI employees) to work from home. “Every financial institution goes through their own list of how a natural disaster could impact them,” McAlum said. “When something like this happens, banks need to track their third-party suppliers as they will be increasingly reliant on those providers.”

As Blaszkowsky pointed out, “Lose a bank and the state and federal regulators can reconstruct things quickly, but when scores or hundreds go down at the same time the system can collapse.”

“Add [to this] the failure of electronic systems like ATMs and inability to travel or even rescue and replace lost systems and records, like it was across lower Manhattan" in recent natural disasters, he said. “Now is the time for FSIs, even local ones, to build the resilience to survive regional disasters.”

prestitial ad