As the financial services sector continues to future-proof its business models, the increasing volumes and forms of data being stored, processed, and transmitted bring new opportunities and risks. Expanding uses of data are integral to staying competitive, but they also represent a growing attack surface. In order to sustain trust in the financial system more broadly and to protect our customers’ security and privacy, that attack surface needs constant and evolving protection.
A major part of this evolution of protection is the timely processing of threat intelligence, but with that there is the problem of scale and speed. The solution isn’t just hiring more cybersecurity staff to manage the continuous flow of threat intelligence; even if we wanted to, there wouldn’t be enough of them. Rather, the entire process of threat intelligence and response needs to be industrialized, with end-to-end automation that enables the humans we do have to make better decisions by processing the data in relevant ways.
In the last 30 years, businesses have figured out how to harness a massive stream of information to deliver value to customers. Algorithms and automation, in some cases augmented by artificial intelligence and machine learning (AI/ML), allow systems to crunch huge amounts of data at an accelerating rate. This enables people to focus on strategy and data-enabled decision making. With these technologies increasingly available at scale, this human-powered decision making is where the differentiated value is created.
We in security can leverage the same strategies to manage threat intelligence that our businesses use to consume market data. We need to keep investing in systems to speed up the “OODA Loop” (Observe, Orient, Decide, Act). Automating intelligence sharing is critical, but not sufficient. We also need to apply end-to-end automation to support humans’ ability to consume and act on that intelligence, so that our responses get orders of magnitude faster. Tools that merge threat intelligence with organizational risk context help teams prioritize their efforts. For example, if we receive millions of intelligence items per day, and 20% of those are related to a technology we don’t use, those can be automatically de-prioritized.
Framing the strategies this way to business executives and boards can help ensure that security operations can be better understood, funded, and optimized.
The parallel isn’t 100%. With business information, there is significant maturity in quantification and validation; there are balance sheets, 10-K filings, stock prices, yields, and rates. Regulations and accounting practices delineate the playing field. The nature and quality of threat intelligence is far less predictable. Standardization and regulation are less mature. The value of the work is harder to quantify.
But there has been huge progress. When the financial services industry started intelligence sharing through FS-ISAC two decades ago, the sharing was informal and person-to-person, and now we have automated intelligence feeds across thousands of institutions around the world. Electronification of markets and the digitization of business has been underway for even longer. We can look to the sophistication of our business colleagues, as well as the levels of automation and data-enabled analysis we see in other industries like defense, aerospace, and energy. As executives start applying the same principles and strategies to intelligence sharing, we’ll get there even faster. We have to, because the onslaught of threats will not slow down.
For more of Phil's insights, go to philvenables.com.
The shift to data-driven business models means keeping data safe is critical to maintaining customer trust, even as the volume of data managed by institutions increases exponentially. Banks have already figured out how to harness the never-ending influx of market data to maximize shareholder value. We need to keep applying those same strategies of automation and data-enabled decision making to cyber threat intelligence.
© 2023 FS-ISAC, Inc. All rights reserved.
Phil is the Chief Information Security Officer of Google Cloud where he leads the risk, security, compliance, and privacy teams. Before joining Google, he was a Partner at Goldman Sachs where he...Read More
held multiple roles over a long career, initially as their first Chief Information Security Officer, a role he held for 17 years. In subsequent roles, Venables was Chief Operational Risk Officer, an operating partner in their private equity business and a Senior Advisor to the firm’s clients and executive leadership on cybersecurity, technology risk, digital business risk, and operational resilience. In addition to this, he was a Board Director of Goldman Sachs Bank. Before Goldman Sachs, Venables held multiple Chief Information Security Officer roles, and senior engineering roles across a range of finance, energy, and technology companies. Outside of Google, Venables is a member of the President’s Council of Advisors on Science and Technology. He also serves on the boards of the NYU Tandon School of Engineering, the NYU Stern Business School Volatility and Risk Institute, the Information Security and Privacy Advisory Board of NIST and is a member of the Council on Foreign Relations.