Sheltered Harbor is reportedly offering data security to more businesses.
Previously limited to banks since its founding in 2015, Sheltered Harbor is now offering its solution for cyberattacks to insurance companies, asset managers, payment processors and other financial businesses, Bloomberg reported Thursday (Dec. 22).
Sheltered Harbor provides participants with a way to store their data separately from the rest of their infrastructure so that they can quickly restore their files should their regular infrastructure be compromised by wiper malware, ransomware attacks or other events that harm computer systems and backups, according to the report.
Participants devise a plan to restore operations quickly after a cyberattack, designate another financial institution (FI) or service provider to help them do so, define the data that they consider to be critical, and then back up and encrypt that data once a day, the report said.
The organization started with 34 banks and currently has about 160 participants that hold 72% of the deposit accounts and 71% of the brokerage client accounts in the United States. To date, none have had to use the tool, per the report.
In a statement provided to PYMNTS, Sheltered Harbor said that while the standard initially focused on archiving critical account data for deposit and brokerage accounts at the end of each business day, the industry has demanded that it be applied to any kind of data that financial firms may want to protect at any time.
“Vendor solutions continue to mature around the concept of data isolation, and Sheltered Harbor’s standards are being implemented by the majority of significant vendors in that space,” the statement said. “Dell is the first to have attained Sheltered Harbor Endorsement for implementing those standards. Several are planning to release their endorsed products in the first half of 2023.”
As PYMNTS reported in 2017, Sheltered Harbor came about as banks began quietly doomsday-prepping for a successful apocalyptic attack on their computers by hackers.
The concern among bankers isn’t that hackers will merely abscond with funds; another possibility is that they will simply hold funds hostage by finding ways to lock the custodial banks out of them. Hackers could also threaten to destroy the data.
Such an attack could leave a bank wholly unable to function for days or even weeks or months, depending on the severity of the attack.
In its latest Financial Trend Analysis report, which was released Nov. 1, the Financial Crimes Enforcement Network (FinCEN) said that the number of ransomware attacks reported by FIs and occurring in 2021 was double the number that occurred during the previous year.
The number leapt 108% from 602 in 2020 to 1,251 in 2021. The dollar amounts involved in those ransomware-related incidents rose 68% from $527 million in 2020 to $886 million in 2021, FinCEN said.