In early June, Microsoft experienced a Distributed Denial of Service (DDoS) attack. ‘Storm-1359’ – Microsoft’s name for the threat actor – launched several types of layer 7 attacks, including https(s) flood, cache bypass, and slowloris.
Fortunately, Microsoft says that they have seen ‘no evidence that customer data has been accessed or compromised’. However, there are still risks, for which the asset and wealth management industry will need to take heed.
While no data may have been lost during this most recent DDoS attack, the fact that a successful attack took place against one of the industry’s tech titans should be enough to ask the question, “What would we do if all of Microsoft, or Google or Box, or our trading platform was completely rendered unusable for a prolonged period time?” The answer to this question lies within your regulatory-required Business Continuity Plan (BCP). And, if your plan doesn’t address how you might communicate without Microsoft e-mail, or how you might function without access to your cloud data, it’s not a viable plan.
With that said, the resolution is not as complicated as you might initially think. Do you have a call tree or a set of known personal emails outside of Microsoft? While these communications are not technically allowed for investor communications, they absolutely are a viable back-up solution to communicate in an emergency. As for your cloud data, perhaps you can go a day or even a week without needing to access your cloud-stored data. But if there is data that you might need which you cannot go without, you may want to consider having it backed up on a local computer or offline storage device – just in case…
For more information related to BW Cyber’s regulatory compliance services related to Business Continuity Planning, Incident Response Planning, and Disaster Recovery Planning, contact us.