A bit of irony
struck this past weekend when the Financial Conduct Authority (FCA) was forced
to announce late last Friday that an incident at one of their outsourced data
centres caused a widespread outage that affected a number of the watchdog's IT services. The FCA described the
outage as 'major' even as it was working with their vendor to restore
inaccessible services.
The irony of the
outage is related to comments made earlier in the week by FCA specialist
supervision team director Nausicaa Delfas, who berated private sector companies
for not having appropriate systems in place to prevent cyber-attacks and
network failures. At a cyber security conference last Wednesday, Delfas made it clear that the FCA wants the
companies it regulates to do better.
"Most attacks you have read about were caused by basic
failings – you can trace the majority back to: poor perimeter defences, un-patched,
or end-of-life systems, or just a plain lack of security awareness within an
organisation," Delfas said. "So
we strongly encourage firms to evolve and
instil within them a holistic 'security
culture' – covering not just technology, but people and processes too."
Confirmed Hardware Failure
In the FCA's
defence, the incident was not the result of any sort
of cyber-attack or internal systems shortcoming. It was a direct consequence of a hardware failure as
confirmed by Fujitsu, the vendor responsible for the data centre in question.
Nonetheless, having not restored all systems several days into the incident
demonstrates to the FCA just how difficult it can be to maintain networks when
things like this happen.
The FCA has long argued that the companies they regulate should be prepared for any sort of incident that could knock out network access for any length
of time. To show just how serious they are, regulators fined the Royal Bank of
Scotland a record £56
million after an IT failure in 2014 left millions of customers without access
to their accounts. That has some critics of the agency ready to speak out
against the regulator.
ACI Worldwide's Paul
Thomalla is among those executives calling out the City watchdog. He told the Financial Times that the watchdog has to
be held to the same standards they apply to the financial sector. He said that
if the FCA expects the institutions it regulates to maintain high standards of
security and network reliability they need to implement
the same standards for themselves.
Only time will tell
how devastating the weekend incident really
turns out to be and if there is any
long-term fallout at all. The lesson to be learned is that there is no such
thing as a 100% safe and reliable network. Things can happen even with the best
of intentions and rock solid contingency plans in place. Our job is to do the
best we can to mitigate the adverse effects of those incidents. When they happen, we just have
to do all we can to get things fixed as quickly as possible.
Source:
1.
Telegraph
– http://www.telegraph.co.uk/business/2016/09/23/financial-watchdog-hit-by-it-outage---days-after-telling-banks-t/
2.
Financial
Times – https://www.ft.com/content/57a7e5fa-81a7-11e6-bc52-0c7211ef3198
No comments:
Post a comment