They may not commute to work every day or get a 401k match from their employer, but today’s cyber criminals are highly trained in what they do and operate like an extended business supply chain. They exhibit an increasingly sophisticated understanding of financial institutions’ systems, processes, and are quick to identify new vulnerabilities in the increasingly digital threat surface of the global financial system. The distinctions between cybercrime, financial crime, and fraud are blurring, and expert cyber attackers can take advantage of any voids created by siloed processes, outdated controls, or fragmentation of the supply chain. From re-selling stolen data on third party exchanges to cyberattacks-as-a-service, a vast array of advanced products and services are for sale on the dark web. Millions of attacks on financial institutions are attempted daily, and two-thirds of financial institutions report an increase in attacks in the last year. We are not dealing with amateurs.
The silver lining, if there is one, is that as cyber criminals have gone pro, they take on many of the same natural constraints as any other “business.” They are rational economic actors with finite resources, calculating risk and reward the same way others do. Which means that one of our best strategies in fighting cyber attacks is to continue to make their costs higher to act as a deterrence or containment of their actions.
The major way for us to do that effectively is to share intelligence about attackers’ goals, objectives, tools, tactics and procedures – and to respond to that shared intelligence faster and faster.
Sharing intelligence through an industry consortium like FS-ISAC, a highly trusted peer-to-peer network built over two decades, disrupts cybercrime at several levels. At the micro level of specific attacks, sharing quickly across a trusted network disrupts attackers’ economies of scale. If an attacker can launch an attack and get to 100 (or 1000, or 10,000) institutions, the attack is highly efficient. But if at the first attack or even at the first hint of a breach, the institution shares the threat intelligence rapidly and the other 99 can act to protect against it, it’s far less lucrative.
At the macro level, continuous sharing over time also allows us to spot trends and new techniques being used by adversaries. If we can understand the goals and behaviors of our adversaries, we can construct defenses potentially eliminating whole classes of attacks. And at the systemic level, coordinated intelligence efforts can lead to increased sector-wide resiliency. Many intelligence-informed drills drive systemic uplifts; for example, the formation of Sheltered Harbor, an FS-ISAC subsidiary (of which I am Chairman of the Board), to set standards and assurance levels for banks and brokerages to maintain immutable data vaults for customer data.
It’s not just that intelligence sharing makes attacks more expensive for our adversaries; it also has the double effect of making defense cheaper for us. Constant exposure to threat intelligence and best practices in security architecture and operations design across the industry helps us optimize our systems and evolve faster.
We have to stay ahead of threats to defend ourselves. But one institution, no matter how great its cyber team is, simply cannot see all threats coming. As a sector though, we can see most of them. And if we share them, we can act.
FS-ISAC is the financial service industry’s trusted mechanism for cyber intelligence sharing. If attackers know they need to outsmart the entire ISAC membership, not just one bank, their job becomes a lot harder - and a lot more expensive – and thus less appealing.
As financial institutions work to develop more sophisticated cyber defenses, they must face continual advancements in cyber-criminal capabilities. A major way to effectively combat such sophisticated criminal networks is to attack their economics; in other words, to make their activities more expensive to them, with less reach and less sustainability. No one institution, on their own, can repel all the attackers all of the time. We must all work together: continuous intelligence sharing on a trusted peer-to-peer network like FS-ISAC makes the criminals’ jobs much harder and more costly, since even if they penetrate one institution’s defenses, those in the network can quickly react and protect against the same attack.
October 2019
© 2023 FS-ISAC, Inc. All rights reserved.
Listen on
Phil is a former senior advisor to the firm and a member of the Board of Directors of Goldman Sachs Bank USA. As a senior advisor, he supports the firm’s executive leadership...
Read Moreand client franchise on cybersecurity, technology risk, digital business risk, and operational resilience. In addition to this, Phil spearheads the firm’s work with industry associations and initiatives to reduce systemic risk. Prior to becoming a senior advisor, Phil was a line executive as Chief Operational Risk Officer, and before that, the firm’s first Chief Information Security Officer and Head of Technology Risk, a role he held for 17 years. Prior to joining Goldman Sachs, he was Chief Information Security Officer at Deutsche Bank and also functioned as the Global Head of Technology Risk Management for Standard Chartered Bank. Phil serves on the Executive Committee of the US Financial Services Sector Coordinating Council for Critical Infrastructure Protection, is co-chair of the Board of Sheltered Harbor, and is a member of the boards of the Center for Internet Security and the NYU School of Engineering. Phil is a member of the Council on Foreign Relations. Phil earned a BSc (Hons) in Computer Science from the University of York and an MSc in Computation and Cryptography from the Queen’s College at Oxford University. For more of Phil's insights, visit philvenables.com.
© Copyright 1999 - 2023 FS-ISAC, Inc. All Rights Reserved.