As the financial services sector continues to future-proof its business models, the increasing volumes and forms of data being stored, processed, and transmitted bring new opportunities and risks. Expanding uses of data are integral to staying competitive, but they also represent a growing attack surface. In order to sustain trust in the financial system more broadly and to protect our customers security and privacy, that attack surface needs constant and evolving protection. 

A major part of this evolution of protection is the timely processing of threat intelligence, but with that there is the problem of scale and speed. The solution isn’t just hiring more cybersecurity staff to manage the continuous flow of threat intelligence; even if we wanted to, there wouldn’t be enough of them.  Rather, the entire process of threat intelligence and response needs to be industrialized, with end-to-end automation that enables the humans we do have to make better decisions by processing the data in relevant ways. 

Lessons from the Business

In the last 30 years, businesses have figured out how to harness a massive stream of information to deliver value to customers. Algorithms and automation, in some cases augmented by artificial intelligence and machine learning (AI/ML), allow systems to crunch huge amounts of data at an accelerating rate. This enables people to focus on strategy and data-enabled decision making. With these technologies increasingly available at scale, this human-powered decision making is where the differentiated value is created. 

We in security can leverage the same strategies to manage threat intelligence that our businesses use to consume market data. We need to keep investing in systems to speed up the “OODA Loop” (Observe, Orient, Decide, Act). Automating intelligence sharing is critical, but not sufficient. We also need to apply end-to-end automation to support humans’ ability to consume and act on that intelligence, so that our responses get orders of magnitude faster. Tools that merge threat intelligence with organizational risk context help teams prioritize their efforts. For example, if we receive millions of intelligence items per day, and 20% of those are related to a technology we don’t use, those can be automatically de-prioritized.  

Framing the strategies this way to business executives and boards can help ensure that security operations can be better understood, funded, and optimized. 

Structural Differences

The parallel isn’t 100%. With business information, there is significant maturity in quantification and validation; there are balance sheets, 10-K filings, stock prices, yields, and rates. Regulations and accounting practices delineate the playing field. The nature and quality of threat intelligence is far less predictable. Standardization and regulation are less mature. The value of the work is harder to quantify.   

But there has been huge progress.  When the financial services industry started intelligence sharing through FS-ISAC two decades ago, the sharing was informal and person-to-person, and now we have automated intelligence feeds across thousands of institutions around the world.  Electronification of markets and the digitization of business has been underway for even longer. We can look to the sophistication of our business colleagues, as well as the levels of automation and data-enabled analysis we see in other industries like defense, aerospace, and energy. As executives start applying the same principles and strategies to intelligence sharing, we’ll get there even faster. We have to, because the onslaught of threats will not slow down.   

For more of Phil's insights, go to philvenables.com.

The Insight

The shift to data-driven business models means keeping data safe is critical to maintaining customer trust, even as the volume of data managed by institutions increases exponentially. Banks have already figured out how to harness the never-ending influx of market data to maximize shareholder value. We need to keep applying those same strategies of automation and data-enabled decision making to cyber threat intelligence. 

© 2020 FS-ISAC, Inc. All rights reserved.

WFH_Turquoise_03-WFHText-v1-1000x1000

Work From Home (WFH) Additional Resources  

As a result of COVID-19, many organizations are now a few weeks or even months into a wholesale shift in their business operations to a virtual model. Doing this successfully requires new technology and security considerations to be embedded into operations. We believe many organizations will find value in this guidance and so have summarized some key tips below.

Download

FS-ISAC members around the world receive trusted and timely expert information that increases sector-wide knowledge of cybersecurity threats.

Learn More