Collaboration Enhances Fraud DetectionExperts Say Cyber-Intelligence Sharing is Key
Sharing information about cyber-attacks is making a difference in the banking sector, helping bring criminals to justice and curbing fraud losses. And other sectors should learn from banking's example.
See Also: How to Use Risk Scoring to Propel Your Risk-Based Vulnerability Management Program Forward
That was an key insight from bank executives and other information security leaders at this week's Fraud Summit, hosted by Information Security Media Group, where I served as a moderator and presenter.
Cyber-attacks affect numerous industries. The more information sharing these sectors can facilitate, the more effective fraud-fighting efforts will be.
It's important for information security professionals to continue their efforts to get senior executives to buy in to the need for cross-industry collaboration, said Rodney Joffe, senior technologist of online security firm Neustar.
Joffe, a presenter at the Fraud Summit, said informal sharing of cyber-intelligence has for years been a common practice among cybersecurity warriors in the trenches. This type of information sharing, however, often has gone on in the background without the knowledge of upper management. That's because many executives are fearful of revealing too much or sharing with competitors their security vulnerabilities.
But that attitude is, slowing but surely, changing, Joffe and other Fraud Summit speakers noted.
DDoS Changed the Tone
The wave of distributed-denial-of-service attacks that started targeting leading U.S. banking institutions in September 2012 taught the financial industry some valuable lessons about the value of information sharing. Now it's time for other industries to apply those lessons.
Joffe noted during his Fraud Summit panel discussion with Mitch Zahler of HSBC Bank USA and Michael Wyffels of bank holding company QCR that the insights shared about the DDoS attacks suffered during al-Qassam Cyber Fighters' four campaigns helped banks and credit unions of all sizes stave off outages. That's because the banks didn't have to learn lessons in isolation.
What's more, the intelligence the financial industry has gathered over the last 12 months about al-Qassam and other attackers was shared with law enforcement, government and others. In fact, much of the information federal investigators gather about cyber-espionage and cyber-attacks comes from the financial sector first, Joffe said.
Another summit speaker, Erez Liebermann, deputy chief of the criminal division within the U.S. Attorney's Office for the District of New Jersey, pointed out that public-private partnerships are helping federal prosecutors nab cybercriminals attacking the financial sector.
Those kind of partnerships are needed in other industry sectors as well.
The same collaboration theme carried over into a panel about payment card fraud, which included Greg Marrett of Capital One and Tim Webb of RBS Citizens Bank. Both emphasized how quickly connecting the dots back to a common source, through the sharing of information about fraud patterns, was helping banks and credit unions isolate card compromises sooner.
Webb's recommendation: When card issuers start to see anomalous activity that suggests a card compromise, pick up the phone and start calling other banks to learn what they're seeing. That one-on-one communication is more meaningful, and timely, than waiting for advisories issued by the card brands, Webb and Marrett said.
This type of timely, one-on-one communication can play an important role in fighting fraud in all business sectors. But communication facilitated through information-sharing groups, such as the Financial Services Information Sharing and Analysis Center, the National Health ISAC and the Multi-State ISAC, also is important.
Cyber-attacks affect numerous industries, from hospitality and retail to healthcare and government. The more information sharing these sectors can facilitate, the more effective fraud-fighting efforts will be.