The Securities Industry and Financial Markets Association has held its fifth exercise, in a series, simulating a catastrophic cybersecurity event in the banking sector, known as “Quantum Dawn.” The annual exercise provides valuable insight into what the financial services industry views as the most contemporary doomsday scenario and how major players are preparing for it. This year, in its first-ever global event, the industry focused on a fictional, widespread ransomware attack that takes out large financial institutions in Asia, the U.S. and U.K.
More on the story here: https://www.cnbc.com/
This a laudable idea, other countries and industries shall definitely follow the example. I would, however, expand the scenario and consider breaches of trusted third-parties and governmental authorities. A large-scale ransomware attack, even if well-prepared and aimed against major financial institutions, is much less perilous than a campaign simultaneously targeting market regulators, news agencies and law enforcement agencies.
A true “Black Swan” will likely breach a couple of reputable news agencies to spread explosive but fake news, then will corroborate them with a message from a couple of breached governmental websites such as SEC or DOJ and, finally, will paralyze major banks with ransomware to create a verisimilitude of a global collapse.
Such an attack may be the disastrous end of a modern-day financial world that is unprecedently fragile. Therefore, it would be a good idea to consider and asses the risks imputed to trusted third-parties during the next exercise, making it multidimensional.