CrowdStrike outage spurs rethink on ‘critical’ vendors
Some want US regulators to designate tech firms that pose risks to financial stability
CrowdStrike was not generally deemed a critical vendor by bank risk teams before last month’s outage – though some now think it perhaps should have been.
“While the assessment of criticality varies by company, CrowdStrike is often seen as a lower-tier vendor,” says a chief information security officer (Ciso) at a large global bank. “What happens with this type of security company is that we see them as utilities and never think of them going down. But in reality, they have the ability to
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net
More on Risk management
No end of peer-to-peer demand for securities financing
After Archegos, buy side turns to fellow asset managers for diversity and liquidity in securities financing and repo
Why was Archegos worse than the Fed’s five-fund stress test?
Some believe Credit Suisse was an outlier, but others say the CCAR results underestimated risks
For compliance risk, the big get bigger
Second-line teams have been growing at US G-Sibs – and are set to continue – while Europeans’ flatline
Déjà vu for common domain model
Piecemeal progress on ambitious derivatives data standard raises questions over business case
Between the lines: why banks are rethinking risk management
Lloyds is not the only bank wanting to reshuffle the three lines of defence as tech risks grow
For G-Sibs managing cyber outages, confidence makes the difference
IT disruption drops among top G-Sib concerns this year, as banks revamp models and retool risk indicators
Long shadow of Apollo looms over turmoil at Athora
Risk.net investigation reveals troubling picture of US asset manager’s European insurance project
Information security: mind the first-line gap
G-Sibs’ second-line cyber teams still growing, survey shows; others are overhauling KRIs and switching vendors
