FS-ISAC communities support industries, regions, roles, functions, and relevant topics, ensuring that our members connect with and learn from peers with similar interests. FS-ISAC working groups allow subject matter experts to share ideas, exchange success stories, navigate challenges they face in protecting their firms and customers, and produce guidance for the rest of the membership. In 2022, FS-ISAC formed new working groups on post-quantum cryptography and the software supply chain, among others.
The Community Institution and Associations Council (CIAC), in operation for a decade, is currently the largest community of interest (COI) in FS-ISAC.
Our goal with CIAC is to help distill the vast reservoir of information and knowledge shared throughout the FS-ISAC community into resources that community institutions can practically put to use protecting their firms and customers.
New in 2022:
Executive Risk Report. A single topic, high-level threat report for C-suite and board personnel that summarizes a particular risk and engages the reader with thought questions designed to stimulate discussion and assist in increasing control objectives within the firm.
Commercial Services Security Newsletter. A TLP Green co-branded document designed for members to provide security awareness information to commercial customers.
Coming up in 2023:
State Coordination Pilot (SCP): A new effort to increase local, state, and regional coordination and information sharing. The pilot, focused on Michigan and Wisconsin, creates regional and state Connect (member chat) channels to allow secure sharing at the local level. The pilot also offers trial membership to non-members, as well as specialized support and training.
Our securities and investment community continues to grow. Member firms vary widely in size, yet often face many of the same cyber threats, regulatory obligations, and security considerations.
To enable the group to share more effectively, FS-ISAC offers retention of electronic communications (Connect Chats) for members to meet regulatory obligations.
Our work was highlighted by FINRA in a note to firms they oversee for being a trusted sharing community with intelligence and information specifically tailored to security staff at asset managers.
Over the past several years, insurance has become a bigger target, and their regulatory requirements and need for resilience have increased. This year, we hosted a special session on the New York State DFS proposed regulation changes as well as kicked off a dedicated Insurance Fraud Working Group aimed at understanding and reducing insurance fraud. Next year will bring dedicated IRC groups to our insurance members based in EMEA and APAC.
FS-ISAC is dedicated to reducing payment-related cyber risk and fraud. This year, we reinvigorated the Payment Processor Information Sharing Council (PPISC) with a four-part series on operationalizing the Payment Card Industry (PCI) Data Security Standard (DSS) v4.0 changes.
Additionally, based on member-feedback, we’ve constructed a Payments Risk Council (PRC) agenda for 2023 aimed at combatting the most common risks and fraud within payment systems. These efforts, combined with a new newsletter focused on payments risk, payment processing and payments related compliance, led to 15% growth (Oct. 2021 – Oct. 2022) across our Payments-related COIs.
In 2023, we will grow the breadth and depth of our payments work, broadening our scope to all types of payments processing and members around the world, increasing dialogue and engagement between both groups, and build out our work with fintech and digital assets–focused members.
In August 2022, we hosted the first Financial Services Post-Quantum Cryptography Global Congress. The event convened leading researchers and subject matter experts from around the world to align the industry’s preparations and priorities for moving to a post-quantum world.
The Congress set the stage for future collaboration and joint work products, which will continue in 2023. On an all-sector call on 23 September, the US’s CISA recognized the leadership role FS-ISAC is playing in ensuring the financial sector is coordinated and prepared for the sea change quantum computing will bring to the industry and the world at large.
Given the sector’s common reliance on many of the same software packages and suppliers, we formed the Supply Chain Working Group to coordinate efforts around software supply chain management with 20 inaugural participants.
Initial outputs included creation of a software bill of materials (SBOM), use and handling exploration, and the Software Supply Chain Primer White Paper.
In September, FS-ISAC became an Associate Member of the Open Source Security Foundation, demonstrating our commitment to enhancing open source software supply chain security and reducing risks. In 2023 we expect this partnership to create opportunities and avenues to identify and remediate open-source code vulnerabilities in packages commonly used within the financial sector.
FS-ISAC serves as a vast reservoir of knowledge for fincyber professionals to share and learn from each other, avoid re-inventing the wheel, and of course, improve the security of the sector.