Attitudes about cyberthreat information sharing, as well as attack attribution, have dramatically changed in the last 18 months, says FS-ISAC's Bill Nelson, a featured speaker at RSA Conference 2015.
In an interview with Information Security Media group before his April 22 presentation about account takeover trends and banks' legal liability for fraud losses, Nelson, president and CEO of the Financial Services Information Sharing and Analysis Center, says banking institutions have become far more willing to share cyberthreat information as they've realized the benefits.
"I know that in the FS-ISAC's case, we have the ability to share information anonymously; but even with that, some members share with attribution in some of the different trust groups that we've established."
FS-ISAC has created "trust" groups for sharing information among those working in various niches, including payments, insurance, clearinghouses and community banking.
"We have different groups within the FS-ISAC that share and, when necessary, that information gets shared much more broadly," Nelson says. "A lot of this success with sharing within the industry is a result of the number of attacks that we're seeing. The number of attacks keeps increasing, so I think the banks and credit unions have been more concerned about how to protect themselves."
Attributing Attacks to Threat Actors
While banking institutions have always been concerned about emerging attacks, they've historically been less concerned about identifying the threat actors who wage the attacks. That's mainly because banks don't have access to intelligence that would help them link attacks to certain groups or nation-states, Nelson says.
Today, however, institutions, with the help of the federal government, are putting more emphasis on attribution, he adds. The government is increasingly helping the financial services industry attribute attacks to nation-states or specific crime rings, Nelson says.
"Our government now is more willing to give attribution to these types of attacks, and we've seen that with some indictments against some senior officers in the Chinese military, and the Sony attack being attributed to North Korea."
Attacks from All Angles
Banking institutions are worried about destructive malware, disruptive attacks linked to distributed-denial-of-service and ever-evolving account takeover schemes, such as business email compromises, Nelson says.
"We have seen some changes in the ways accounts are hijacked," he says. "We are seeing more of the business email compromises, where the customer is receiving an email from a [spoofed] vendor (see 'Masquerading': New Wire Fraud Scheme).
Nelson says the Federal Bureau of Investigation estimates that U.S. businesses are losing hundreds of millions of dollars per year to business email compromises.
During this interview, Nelson also discusses:
- How the FS-ISAC's information sharing platform, Soltra Edge, is being used;
- Why the government is more willing to share information about the threat actors that wage cyber-attacks; and
- Why destructive malware is a big concern for the financial services sector.
Before joining the FS-ISAC, a non-profit association dedicated to protecting financial services firms from physical and cyber attacks, Nelson was elected vice chairman of the ISAC Council, a group dedicated to sharing critical infrastructure information. From 1988 to 2006, he served as executive vice president of NACHA - The Electronic Payments Association. While at NACHA, Nelson oversaw the development of the ACH network into one of the largest electronic payment systems in the world. He also oversaw NACHA's rule-making, marketing, rules enforcement, education and government relations programs.