The Fraud Blog with Tracy Kitten

Know Thy Attackers

Why Information Sharing is Key to Security

Everyone is coming out with year-end predictions, but here's a list that caught my attention.

Booz Allen Hamilton issued a list of the top 10 cyberthreat trends for financial services in 2013. Among the top trends:

See Also: The Cybersecurity Swiss Army Knife for Info Guardians: ISO/IEC 27001

  • Information sharing will be more critical, as legislation could push industry standards to improve threat intelligence information sharing.
  • Vendor and third-party risks will pose security challenges for financial institutions of all sizes.
  • Boards of directors must create and embrace a culture that encourages information sharing across the industry.
  • Hacktivists and extremist groups will increasingly target institutions to disrupt services and destruct data.
  • Cyberbenchmarking will be used to show how banks stack up, from a security standpoint, to their competition.

The remaining five trends highlight the need for stronger identity and access controls, more focus on risk-protection processes and people, the need for predictive threat intelligence, and why reliance on the cloud and mobile is critical.

Underlying those 10 trends is the need for banking institutions to understand who's behind attacks waged against them, says Bill Wansley, a financial fraud and risk consultant for Booz Allen Hamilton.

Wansley's three-pronged approach to fighting cyberthreats: Identify the attackers' capabilities, know their intent and appreciate the opportunities they have to do harm. A distributed-denial-of-service attack, for instance, may not cause long-term damage to your infrastructure or compromise consumer privacy, but it definitely can do some damage to your reputation, depending on the intent of the attack and the actors behind it.

Hacktivists attack to damage reputation; criminals attack to commit fraud. Until you understand the actors, you can't adequately prepare for the threat. That's Wansley's key point, and it makes perfect sense.

But I believe that the most critical step is information sharing. The more we share about attacks - vulnerabilities and vectors - the more we will learn about how the attacks are waged, what they're after and who's behind them.

Besides, that need for more information sharing supports Wansley's notion: In order to fight an attack, you have to know the attacker.

"Today, everybody gets attacked, so it's not such a bad thing to say someone attacked you," Wansley says.

I agree. And really, the industry has already proven this point. Institutions embraced the need for more information sharing during the Izz ad-Din al-Qassam Cyber Fighters DDoS attacks that ran from mid-September to mid-October. Banks and credit unions took that information and addressed internal and external infrastructural concerns.

Zions Bank spokesman Rob Brough, in response to a DDoS attack that targeted the bank in early November, said it best: "What I can tell you is that we were well-prepared because of the other incidents. When we recognized that it was a DDoS attack, we had plans in place."

Information sharing, of course, can always improve, and new cybersecurity legislation will likely demand it - particularly between government and critical infrastructure entities, such as financial institutions. So more sharing will happen naturally as banks and credit unions get more accustomed to reporting attacks and communicating with regulators, banking groups and peers.

But banking institutions also need to make information sharing part of their culture. As Booz Allen notes in its top-10 for 2013, the need for information sharing requires buy-in from the top down in order to be effective.

That's my take. I'd like to know yours. What trends have you or your organization identified for 2013?

If information sharing and knowing your attacker aren't atop the list, what is?

About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by, ABC News, and MSN Money.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.