As the upstream and downstream become more interconnected and complex, cyber security teams have an exponentially growing scope. This has elevated cyber security to the top of executives’ priority lists and put the threats and risks associated with it into board agendas. Once an afterthought, cyber security is now a crucial factor in the design of products, services, and technology roadmaps. Not only has this allowed for a better allocation of funding and resources, it has become a material factor in a plethora of business decisions.
"Cyber Everywhere" Calls for More Intelligence Sharing
The need to embed cyber security into every aspect of the business calls for more intelligence sharing. If each firm only acts based on their limited view of the world, they will constantly be reinventing the wheel, which quickly eats up the significant resources required to stay ahead of threat actors. With intelligence sharing, we can adapt much more quickly to the constantly shifting strategies of our adversaries, who have their own sharing platforms enabling them to keep up with the latest attack tactics.
Through SWIFT ISAC, we share intelligence across our 11,000-member community of institutions on the latest modus operandi, tools, tactics, techniques, and procedures that we have seen used in attempted payment fraud. This enables our customers to immediately apply this information to their environment connected to SWIFT. We also share back and forth with FS-ISAC, which has a broader mandate of intelligence sharing on all threat vectors across the entire financial services industry.
Automation Requires Investing in People
Automating the more technical aspects of sharing, such as widespread use of the STIX and TAXII format and protocol, has enabled us to share threat intelligence even faster. As technologies such as artificial intelligence and machine learning continue to increase in sophistication and accuracy, even more technical aspects of cyber security currently executed by humans will become automated, freeing up more human brainpower to focus on wider cyber security strategy.
As threat intelligence feeds further industrialise, investing in the human capabilities that will enable a more predictive approach becomes pivotal. As the attack surface grows, anticipating how threat actors will evolve and attack next is quite possibly the only way forward.
Investing in Trust
Human judgment sits at the heart of the fight against cyber crime. This means that industry members need to make a steadfast effort to build and sustain trust among their peers to share intelligence at the speed, scale, and depth that is necessary. We need to continue to build trusted peer-to-peer relationships and maintain the personal nature of trust.
Being part of an intelligence sharing community is both a privilege and a responsibility. Building trust on a consistent basis can encourage more institutions to actively share, and not just consume intelligence. The more people share, the better the quality of our intelligence will be. In a world where limitless opportunities come with limitless risks, high-quality intelligence is an invaluable tool in the fight against rapidly changing cyber threats.
Insights
