Information Sharing: A Turning PointWhy Fraud-Fighting Collaboration Is Gaining Momentum
It's good to see that banking institutions are focusing more attention on cyber-intelligence and information sharing.
See Also: Threat Horizons Report
Until recently, sharing information about cyber-attacks and fraud had been taboo in financial circles. Banks don't like to talk about security shortcomings, especially with their peers.
The only way we are going to defend ourselves is by enhancing our collaboration to stand against organized crime.
Too many organizations still have concerns about sharing too much data, Kathleen Moriarty, global lead security architect for security firm EMC, notes in a new report about information sharing. Organizations fear they'll somehow expose their intellectual property when they share with competitors the types of attacks and breaches they're suffering.
A Perfect Storm
But that perspective is changing, thanks to a perfect storm of events.
Over the last 12 months, targeted distributed-denial-of-service attacks aimed at U.S. banks and credit unions spurred the Financial Services Information Sharing and Analysis Center to encourage more threat-intelligence sharing.
That industry collaboration has helped banking institutions stave off online outages and adequately protect themselves, says Bill Nelson, president of the FS-ISAC.
"The valuable piece of it was, institutions, as they were being attacked, could report on what the attack looked like," he says. "We pushed out information about the characteristics of the attacks, and provided information related to what was working and what was not working."
Banking groups, such as the American Bankers Association, also have encouraged - and in many cases facilitated - more information-sharing among their banking institutions members.
And now, threat-intelligence vendors are offering assistance, by not only sharing with the industry the emerging attack trends they see but also by providing platforms for collaboration.
And vendor involvement needs to expand. Vendors gather more information about emerging threats than any individual banking institution. When they share that information with their bank customers, as well as with their competitors, the threat-intelligence view is broader and more meaningful.
Sharing Best Practices
This month, Guardian Analytics, which specializes in behavioral analytics, launched FraudMAP Connect, a platform for financial institutions to securely exchange information about attacks and fraud-prevention best practices.
Texas Capital Bank, an $11 billion institution based in Dallas, and Kitsap Bank, a $912 million community bank based in Port Orchard, Wash., were among the first institutions to test the platform. These two banks have been using FraudMAP Connect since May.
"From a fraud perspective, it's helped to see where the bad guys are trending, to understand how they are attacking accounts at our institution and others," says Trent Trimble, vice president and solutions architect for Texas Capital. "When I have posted things out there, around annual fraud tests, for instance, I've had a couple of different institutions respond."
Trimble says the FraudMAP Connect platform offers an informal and open venue for information sharing that differs from what FS-ISAC provides. "I can throw out a random question and then talk about a certain threat with other institutions," he says. "The hacking community is more than willing to share information about how they wage attacks; the only way we are going to defend ourselves is by enhancing our collaboration to stand against organized crime."
For Tim Cates, online support manager of Kitsap Bank, the platform has provided a venue for sharing information about suspicious IP addresses. "We pretty much log into it every day to make sure we are not missing anything out of the ordinary," he says. "It allows for faster communication. Through one post you can hit multiple people at one time. And from what I've seen so far, the community is pretty open to sharing what they see."
Tracking Emerging Threats
Meanwhile, ThreatMetrix, a cybersecurity and threat-intelligence firm, has spearheaded an information-sharing effort to forewarn banking institutions about emerging threats.
The company has developed the Persona Behavior Score, which provides banks and credit unions with predictions about user behaviors. These predictions are based on transaction data ThreatMetrix has collected from banking institutions worldwide. So the predictions it's able to push to its bank and credit union customers are not limited by geography.
This global perspective allows banking institutions to prepare for threats that have not yet hit their region, says Andreas Baumhof, chief technology officer of ThreatMetrix. "We can give a prediction about how a certain persona will most likely act in the future, based on the global history," he says.
And this same kind of information is being shared with law enforcement as well. "The interaction between the security community and law enforcement is much better than it ever was," Baumhof says. "We have more defined ways to interact to make sure that law enforcement is not swamped with information they can't consume."
That type of involvement from security vendors is a necessity. And the growing collaboration among all parties in the financial services sector in the fight against fraud and cyber-attacks is encouraging.