As the financial services sector continues to future-proof its business models, the increasing volumes and forms of data being stored, processed, and transmitted bring new opportunities and risks. Expanding uses of data are integral to staying competitive, but they also represent a growing attack surface. In order to sustain trust in the financial system more broadly and to protect our customers’ security and privacy, that attack surface needs constant and evolving protection.
A major part of this evolution of protection is the timely processing of threat intelligence, but with that there is the problem of scale and speed. The solution isn’t just hiring more cybersecurity staff to manage the continuous flow of threat intelligence; even if we wanted to, there wouldn’t be enough of them. Rather, the entire process of threat intelligence and response needs to be industrialized, with end-to-end automation that enables the humans we do have to make better decisions by processing the data in relevant ways.
In the last 30 years, businesses have figured out how to harness a massive stream of information to deliver value to customers. Algorithms and automation, in some cases augmented by artificial intelligence and machine learning (AI/ML), allow systems to crunch huge amounts of data at an accelerating rate. This enables people to focus on strategy and data-enabled decision making. With these technologies increasingly available at scale, this human-powered decision making is where the differentiated value is created.
We in security can leverage the same strategies to manage threat intelligence that our businesses use to consume market data. We need to keep investing in systems to speed up the “OODA Loop” (Observe, Orient, Decide, Act). Automating intelligence sharing is critical, but not sufficient. We also need to apply end-to-end automation to support humans’ ability to consume and act on that intelligence, so that our responses get orders of magnitude faster. Tools that merge threat intelligence with organizational risk context help teams prioritize their efforts. For example, if we receive millions of intelligence items per day, and 20% of those are related to a technology we don’t use, those can be automatically de-prioritized.
Framing the strategies this way to business executives and boards can help ensure that security operations can be better understood, funded, and optimized.
The parallel isn’t 100%. With business information, there is significant maturity in quantification and validation; there are balance sheets, 10-K filings, stock prices, yields, and rates. Regulations and accounting practices delineate the playing field. The nature and quality of threat intelligence is far less predictable. Standardization and regulation are less mature. The value of the work is harder to quantify.
But there has been huge progress. When the financial services industry started intelligence sharing through FS-ISAC two decades ago, the sharing was informal and person-to-person, and now we have automated intelligence feeds across thousands of institutions around the world. Electronification of markets and the digitization of business has been underway for even longer. We can look to the sophistication of our business colleagues, as well as the levels of automation and data-enabled analysis we see in other industries like defense, aerospace, and energy. As executives start applying the same principles and strategies to intelligence sharing, we’ll get there even faster. We have to, because the onslaught of threats will not slow down.
For more of Phil's insights, go to philvenables.com.
The shift to data-driven business models means keeping data safe is critical to maintaining customer trust, even as the volume of data managed by institutions increases exponentially. Banks have already figured out how to harness the never-ending influx of market data to maximize shareholder value. We need to keep applying those same strategies of automation and data-enabled decision making to cyber threat intelligence.
© 2023 FS-ISAC, Inc. All rights reserved.
Phil is a former senior advisor to the firm and a member of the Board of Directors of Goldman Sachs Bank USA. As a senior advisor, he supports the firm’s executive leadership...Read More
and client franchise on cybersecurity, technology risk, digital business risk, and operational resilience. In addition to this, Phil spearheads the firm’s work with industry associations and initiatives to reduce systemic risk. Prior to becoming a senior advisor, Phil was a line executive as Chief Operational Risk Officer, and before that, the firm’s first Chief Information Security Officer and Head of Technology Risk, a role he held for 17 years. Prior to joining Goldman Sachs, he was Chief Information Security Officer at Deutsche Bank and also functioned as the Global Head of Technology Risk Management for Standard Chartered Bank. Phil serves on the Executive Committee of the US Financial Services Sector Coordinating Council for Critical Infrastructure Protection, is co-chair of the Board of Sheltered Harbor, and is a member of the boards of the Center for Internet Security and the NYU School of Engineering. Phil is a member of the Council on Foreign Relations. Phil earned a BSc (Hons) in Computer Science from the University of York and an MSc in Computation and Cryptography from the Queen’s College at Oxford University. For more of Phil's insights, visit philvenables.com.