By sharing intelligence, the financial services sector and government agencies make it much harder and more expensive to use the same infrastructure to hit multiple institutions. For example, if an attacker uses ten servers to hit Bank A and Bank A alerts the network, then Bank B is able to protect against those ten servers.

That means the attacker has to stand up entirely new servers and start again each time, rather than use the same infrastructure on many targets. Without intelligence sharing, each company would have to fight all potential attackers alone, blind to adversaries who may be targeting them in the future but simply haven’t yet. With it, we are armed with visibility into what everyone else is seeing and therefore can take action in advance of an attack.

Intelligence Sharing’s Special Sauce: Trust

In the last two decades, intelligence sharing has evolved in sophistication, from a few people chatting in a room to a manually managed anonymized portal with a few hundred organizations, to nearly 7000 institutions sharing intelligence through human and automated channels today. The financial services sector and governments around the world collaborate to protect our customers and citizens from cyber threats. Together, FS-ISAC, the Department of Homeland Security (DHS) and the MITRE Corporation have developed protocols to enable automated threat intelligence, including the STIX and TAXII, which have become the open standard for cyber intelligence sharing across the internet. On the human side, FS-ISAC convenes a wide array of in-person meetings and regular calls to build concentric and adjacent circles of trust, organized by categories like vetting level, region, and sub-sector. This has helped improve the resiliency of the financial services sector through sharing of threats and incidents, best practices, and remediation techniques, allowing the sector stay ahead of the rapidly evolving cyber threat landscape.

New Trends

Cyber threats are constantly evolving as new technologies emerge. Along with trends like open banking and the growing use of APIs to provide flexibility in decoupling technologies, several new challenges will inform the evolution of intelligence sharing in coming years.

Short Term: Cloud Computing

When it comes to cybersecurity, it is a shared responsibility model in the cloud. The cloud provider is responsible for the security of the cloud. But then, you also have the client side of that responsibility, which is the security in the cloud. And especially as you have infrastructure-as-a-service cloud environments, you, as the customer, have to take advantage of the capabilities that your cloud provider has but are responsible for ensuring your instantiation and configurations have been designed securely and appropriately.

This shared responsibility needs to translate to more transparency and frequency of cross-sector ISAC sharing between financial services and IT. As the economy continues to become ever more digitized and interconnected, cross-sector ISAC sharing will become critical to safeguarding the global financial system.

Medium Term: Deep Fakes and AI/ML

With artificial intelligence and machine learning (AI/ML) tools that enable the production of deep fakes now in the hands of malicious threat actors, the ability to quickly determine the authenticity of video and audio is taking on new urgency. Experts expect cyber criminals will dedicate more time, energy and resources to using deep fake audio and video to execute business email compromise (BEC) and other types of attacks.

Over the next two to five years, information sharing circles will continue to collaborate and learn more about emerging tactics and build tools to combat the proliferation of deep fakes that have the ability to undermine institutions and the wider financial system. In addition, as institutions increase their use of AI/ML for competitive advantage, they will also have to determine if there are blind spots such as biases in AI decision-making and/or selection of training data that can be exploited by threat actors.

Longer Term: Quantum Computing

Quantum computing will profoundly impact the financial services sector, as well as the entire internet more broadly. Quantum computers may be able to break current encryption methods exponentially faster; what used to take 1000 years to decrypt could soon take 1000 hours or 1000 minutes. While large-scale deployment of quantum computing may be a decade away, the internet has a history of taking 15-20 years to evolve its cryptographic standards. The National Institute of Standards and Technology (NIST) now has a working group for quantum-safe encryption standards, and ISACs will be a key forum for intelligence sharing regarding the scale of the risk, as well as best practices in crypto-agility, the ability to efficiently replace outdated cryptography protocols without compromising larger systems.  

Intelligence Sharing Moving Forward: More, Better, Faster

To respond to new challenges like these, FS-ISAC is building new infrastructure and evolving its technology platforms and tools for members to enable more ecosystem communication and automation.  For example, when a threat is reported by one institution, other institutions that have sightings will be able to automatically report back to the network. This bi-directional feedback will enhance the fidelity of the threat; if there are 10 or 20 sightings, we’ll know the threat has real disruptive potential and can prioritize communication, protection, and remediation across the network.

The digital future is big and complex. Safeguarding the integrity of the financial sector while enabling new technologies and innovation is a team sport, as no one can see and prepare for all emerging threats on a continuous basis alone. Whether it’s participating in intelligence sharing organizations for financial services like FS-ISAC, creating industry-specific sharing organizations like the Legal Services Information Sharing and Analysis Organization (LS-ISAO), public-private partnerships or all of the above, intelligence sharing will be increasingly critical to business success in the future. If you haven’t already, start sharing today.

The Insight

Intelligence sharing has evolved from an informal manual process to a multi-layered approach with both human and automated interaction. The channels have matured, but the success of intelligence sharing remains based on circles of trust. By securely sharing information about attacks on one institution before they happen to the next institution, criminals are forced to build new infrastructure to carry out the same attack on someone else. In the near-term future, artificial intelligence, machine learning, and quantum computing pose both new business opportunities and potentially disruptive cyber risks. Because these peer-to-peer networks are built on trust, intelligence sharing circles will serve as a prime venue for discussion and deliberation on highly sensitive topics and threats.

Opinions expressed herein are those of Jason Witty and may differ from those of other JPMorgan Chase employees and affiliates. This information in no way constitutes JPMorgan Chase research and should not be treated as such. In no event shall JPMorgan Chase or any of its directors, officers, employees or agents be liable for any use of, for any decision made or action taken in reliance upon, or for any inaccuracies or errors in or omissions from, the information in this article. 

November 2019

© 2020 FS-ISAC, Inc. All rights reserved.

Ransomware-Sidebar
Ransomware_Graphic_1200x627px (1)

With its attractive business model and multiple revenue streams, ransomware is a growing threat to financial services and their third party suppliers. While there are many steps you can take to prevent attacks, threat actors are evolving their tactics all the time. If attacked, will you pay the ransom?

View Report

FS-ISAC members around the world receive trusted and timely expert information that increases sector-wide knowledge of cybersecurity threats.

Learn More