Sheltered Harbor ensures cyber resilience for financial services firms

After the infamous Sony Pictures hack in 2014, the financial services industry came together to develop Sheltered Harbor to ensure customer financial data would remain secure and accessible in the event of a cyberattack.

Sheltered Harbor ensures cyber resilience for financial services firms
Getty Images

The 2014 hacks of Sony Pictures sent shockwaves through executive suites in every industry, but for many in the financial services industry, it was especially sobering. Pooling their resources, the industry responded with an initiative designed to step up the financial sector's cyber resiliency.

“Thinking about what you’d do, as a financial services organization, if you went in and half your server infrastructure was wiped; your backups corrupted. And as a consumer, what happens if your bank account suddenly had a zero balance? Oh, my God — the impact on customers, on the financial institution itself, as well as the public confidence in your institution and the financial services sector in general would be awful,” says Trey Maust, Sheltered Harbor CEO.

The financial services industry regularly conducts Financial Services – Information Sharing and Analysis Center (FS-ISAC) Hamilton Series exercises, which simulate various plausible cybersecurity incidents or attacks to better prepare the industry to respond to cyberattacks. The Sheltered Harbor Specification, designed to enhance resiliency and protect financial institutions’ customer accounts and data in the event of a breach or an attack, emerged from these Hamilton Exercises, and was outlined in a white paper. Financial institutions, industry trade groups and leaders, brokerages, and core processing providers formed the non-profit Sheltered Harbor organization in 2015 to support the initiative.

The mission was to create a standardized, secure, encrypted data vaulting solution, recovery standards, and a stringent adherence framework in addition to financial services companies’ existing business continuity and disaster recovery (BC/DR) solutions. The organization has since built a collaborative industry platform, which has received a CIO100 award in IT excellence.

“We started thinking about how to put together an industry-wide initiative to address the public impact of such an event,” Maust says. “What happens if a customer goes in and suddenly there’s a zero balance? What happens if they cannot access their accounts? What they’re thinking is also, ‘Is it ever going to get restored? What if it hits other banks?’ So, the idea was to protect and secure data and allow for limited access, at least, so while it might be more inconvenient, you could still access funds, make limited transactions.”

To continue reading this article register now

7 secrets of successful remote IT teams