News

10:58 AM
Connect Directly
RSS
E-Mail
50%
50%

No Swine Flu Emergency Yet, but Banks Should Keep Eyes Open

The swine flu scare hasn't reached pandemic proportions at this point. However, that hasn't stopped people and the markets from panicking slightly. Just today, someone working for Ernst & Young in New York was reported to have had swine flu. And stocks are still a little jittery as news of the scope of the disease continues to be broadcast.

"It doesn't take much to get a reaction out of the market during these uneasy times," James Kerr, president and managing partner with Cromwell, Conn.-based Best Practices Enterprise Group, told BS&T. "It's unfortunate that the markets reacted to this because these isolated outbreaks have had little impact on business throughout the world. If it reaches pandemic proportions, yes, some businesses will be in jeopardy. But, as of the moment, calmness should prevail as businesses do what they need to do to prepare for contingency operations."

Although it's not yet time to push the panic button, it is still important for banks to monitor something like the spread of swine flu closely and to take stock of their disaster recovery plans. Today's situation is reminiscent of what happened during the bird flu scare just a few years ago, Kerr comments. "I don't see any major differences in the way businesses have reacted to this compared to the bird flu scare. Most firms took little action then. I don't think this scare will make them take any more action now." This kind of complacency can be dangerous. Kerr senses some banks might think the contingency plans they developed to handled Y2K, for example, are adequate. This is not the case, he asserts, since the steps a bank would take in the event of mass computer outages differ greatly when compared with what must be done if workers are unable to report to the office. "A few years ago many firms built contingency plans to handle a Y2K catastrophe scenario, such as electrical outages, water outages and transportation problems. So, they think that they can just dust those business continuity plans off if a pandemic strikes. But, here again, the Y2K scenario and what you do about it is much different than one where workers can't work. Certainly, many organizations have done it right and have built pandemic-specific business contingency plans. But, many others have not."

Based on what he has seen from the research, Kerr is inclined to believe it isn't a question of "if" but "when" when it comes to a worldwide flu pandemic. "The problem is most of us choose to ignore these kinds of warnings and most of the time we do just fine," he comments. "But, I advise my clients that it is far wiser to make an investment in planning for this (even if it never happens) because the cost of planning is a lot less than the cost to the business if it gets caught without a plan."

And the consequences of being sideswiped by any pandemic vary. According to Jeff Margolies, a security expert and senior executive with Accenture in New York, it's fine if banks tell their people to telecommute to prevent the spread of the disease, but they may underestimate the capacity of their systems to handle such a shift in usage.

"We may see bank employees elect to--or told to--work from home to reduce potential exposures to the virus. This presents two potential challenges," Margolies explains. "First, many banks do not have sufficient bandwidth or capacity to handle the external usage requirements of having high numbers of employees work from home. Second, a bank may not have enough resources on hand at a data center to fix a critical system problem, in which case systems could indeed stop. This issue could be magnified if a bank's data centers are not spread out geographically."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.