Banks are asked to critically assess the need to set up a secure tertiary data backup to guard against destructive cyber attacks.
The HKMA (Hong Kong Monetary Authority) has instructed banks to “critically assess” the need for setting up a secure tertiary data backup (STDB) to guard against cyber attacks.
“Destructive malwares, including ransomwares, are of growing concern as they can potentially lead to permanent loss, corruption or unauthorised alteration of critical data in both production and backup environments,” the HKMA says in a circular.
The HKMA points to international developments to address this type of cyber threat, including Sheltered Harbor, a US initiative.
Under the Sheltered Harbor initiative, participating banks regularly make a copy of consumers’ account data in a standard format for archiving in a secure data vault where it is protected from alteration or deletion. This is meant to allow for the restoration of accounts in the event of a major outage.
The HKMA had similarly asked the HKAB (Hong Kong Association of Banks) to develop guidelines on STDB that are appropriate for the Hong Kong banking landscape, resulting in the development of the “Secure Tertiary Data Backup Guideline”, which was issued on 30 April.
The guideline covers eight high-level principles for banks to use when deciding whether to set up an STDB and to understand what implementation issues they will need to overcome in ensuring the effectiveness of the STDB.
The HKMA says it expects all banks to critically assess the need for implementing an STDB, accounting for their risk exposures and the principles stipulated in the HKAB guideline.
All retail banks and foreign bank branches with significant operations in Hong Kong are asked to submit a report containing the result of their assessment to the HKMA by 30 November 2021.
For locally-incorporated banks, the assessment report should be endorsed by the board of directors. For foreign bank branches, the assessment should be conducted under the scrutiny of their head office or regional headquarters.
The HKMA circular is available here.