Phil Venables, Senior Advisor & Board Member, Goldman Sachs
They may not commute to work every day or get a 401k match from their employer, but today’s cyber criminals are highly trained in what they do and operate like an extended business supply chain. They exhibit an increasingly sophisticated understanding of financial institutions’ systems, processes, and are quick to identify new vulnerabilities in the increasingly digital threat surface of the global financial system. The distinctions between cybercrime, financial crime, and fraud are blurring, and expert cyber attackers can take advantage of any voids created by siloed processes, outdated controls, or fragmentation of the supply chain. From re-selling stolen data on third party exchanges to cyberattacks-as-a-service, a vast array of advanced products and services are for sale on the dark web. Millions of attacks on financial institutions are attempted daily, and two-thirds of financial institutions report an increase in attacks in the last year. We are not dealing with amateurs.
The silver lining, if there is one, is that as cyber criminals have gone pro, they take on many of the same natural constraints as any other “business.” They are rational economic actors with finite resources, calculating risk and reward the same way others do. Which means that one of our best strategies in fighting cyber attacks is to continue to make their costs higher to act as a deterrence or containment of their actions.
The major way for us to do that effectively is to share intelligence about attackers’ goals, objectives, tools, tactics and procedures – and to respond to that shared intelligence faster and faster.
Sharing intelligence through an industry consortium like FS-ISAC, a highly trusted peer-to-peer network built over two decades, disrupts cybercrime at several levels. At the micro level of specific attacks, sharing quickly across a trusted network disrupts attackers’ economies of scale. If an attacker can launch an attack and get to 100 (or 1000, or 10,000) institutions, the attack is highly efficient. But if at the first attack or even at the first hint of a breach, the institution shares the threat intelligence rapidly and the other 99 can act to protect against it, it’s far less lucrative.
At the macro level, continuous sharing over time also allows us to spot trends and new techniques being used by adversaries. If we can understand the goals and behaviors of our adversaries, we can construct defenses potentially eliminating whole classes of attacks. And at the systemic level, coordinated intelligence efforts can lead to increased sector-wide resiliency. Many intelligence-informed drills drive systemic uplifts; for example, the formation of Sheltered Harbor, an FS-ISAC subsidiary (of which I am Chairman of the Board), to set standards and assurance levels for banks and brokerages to maintain immutable data vaults for customer data.
It’s not just that intelligence sharing makes attacks more expensive for our adversaries; it also has the double effect of making defense cheaper for us. Constant exposure to threat intelligence and best practices in security architecture and operations design across the industry helps us optimize our systems and evolve faster.
We have to stay ahead of threats to defend ourselves. But one institution, no matter how great its cyber team is, simply cannot see all threats coming. As a sector though, we can see most of them. And if we share them, we can act.
FS-ISAC is the financial service industry’s trusted mechanism for cyber intelligence sharing. If attackers know they need to outsmart the entire ISAC membership, not just one bank, their job becomes a lot harder - and a lot more expensive – and thus less appealing.
As financial institutions work to develop more sophisticated cyber defenses, they must face continual advancements in cyber-criminal capabilities. A major way to effectively combat such sophisticated criminal networks is to attack their economics; in other words, to make their activities more expensive to them, with less reach and less sustainability. No one institution, on their own, can repel all the attackers all of the time. We must all work together: continuous intelligence sharing on a trusted peer-to-peer network like FS-ISAC makes the criminals’ jobs much harder and more costly, since even if they penetrate one institution’s defenses, those in the network can quickly react and protect against the same attack.
© 2019 FS-ISAC, Inc. All rights reserved.