With the recent news of Wall Street banks requesting a meeting with the U.S. Treasury Department and other government officials to discuss cybersecurity concerns, I reached out to one of the leading information security authorities for her take on the cyber threats that banks currently face. Following is an interview I held with CEO and Founder of Pondera International, Kristen Verderame.
What are the key threats banks face today?
Banks face a number of cybersecurity threats today, now more than ever. Threat actors targeting financial services are getting more and more sophisticated. While malware continues to be the biggest reported threat, attackers are more often using attack vectors only once – rendering monitoring for advanced persistent threat groups more and more difficult. The good news is that the financial services industry is way ahead of the curve in terms of preparedness and the ability to counter such threats. In fact, the financial services sector has lead all sectors for some time because their business case has required it.
How can the government(s) help? Why should they?
Governments can help by publicizing best practices for industry to follow, as demonstrated in the NIST Cybersecurity Framework issued earlier this year. Though the Framework is not comprehensive and certainly not a panacea for all cybersecurity vulnerabilities, it provides a useful assessment and summary of best practices and will be a good resource for entities that have not taken action previously. Governments can also help by facilitating trustworthy information sharing and supporting bi-directional sharing (i.e., government-to-industry sharing, not just industry-to-government). Often the government, as a neutral party, is in the best position to facilitate such sharing between industry competitors.
How important is a community approach when it comes to cyber defense?
A community approach is widely recognized as critical for effective cyber defense. The sharing of threat information and best practices between entities has proven the most effective means of combating APTs across industry sectors and across geographical boundaries. Collaboration through information sharing has been recognized by the U.S. Congress as a critical tool against cybersecurity threats – both the House and Senate introduced legislation to promote information sharing across government and industry. President Obama included information sharing as a key component of his Executive Order. Outside the U.S., the European Commission is currently considering cybersecurity legislation that not only encourages information sharing, but requires collaboration across Member States in a variety of other ways.
Are there any precedents for this type of collaboration and will it succeed?
Yes on both counts, in my opinion. One example of collaboration that has proven effective is the “Information Sharing and Analysis Centers” (ISACs), which are comprised of critical infrastructure owners in various sectors. The ISACs provide an information-sharing platform for their members and sometimes also provide risk mitigation, incident response and alerts to members. Some of the ISACs have proven more effective than others. The FS-ISAC has consistently served as a model for other ISACs while the energy sector ISAC is not as robust as many would like, in part because the industry regulator is at the table with industry presenting a potential conflict of interest. Though not perfect, the ISACs provide at their core a facilitative framework used by government and industry for collaboration and cooperation.