The Key to Anticipating Cyber-AttacksInsights for Banking Institutions about Analyzing Intelligence
Security leaders also need a more formal process to inform the C-suite of cybersecurity risks, Garcia says during this interview with Information Security Media Group. "This needs to be done in such a way that the C-suite understands it needs to build cybersecurity risk into its strategies."
Of course, having the right intel to adequately address third-party and vendor-management risks also is a concern, Garcia says.
As the newly appointed executive director of the Financial Services Sector Coordinating Council for Critical Infrastructure Protection and Homeland Security, Garcia expects to see more emphasis placed on C-suite education and stronger investment in tools and solutions that help banking institutions ensure they can anticipate emerging risks.
"As long as there are changes in technologies and solutions, as long as we continue to innovate in our products and services, we will continue to have to innovate in our defenses against the exploits used to attack those technologies" Garcia says. That is the challenge year over year."
This is a point federal banking regulators have stressed in recent months (see FFIEC Cyber Assessments: What to Expect).
Looking ahead, Garcia says stronger information sharing among banks and credit unions will play a more prominent role in security.
During this interview, Garcia also discusses:
- The significance of the FSSCC appointing its first executive director;
- The role leading institutions play in information sharing, through the FSSCC and other groups;
- How his experience with Bank of America and the Department of Homeland Security have prepared him for this new job.
The FSSCC was established in 2002 to strengthen the resiliency of the financial services sector against attacks and other threats to the nation's critical infrastructure.
Before becoming the director of the council, Garcia worked as a business development and strategic partnership consultant and served as an adviser to the Financial Services Information Sharing and Analysis Center. He also served as the nation's first assistant secretary for cybersecurity and communications at the Department of Homeland Security, where he led the National Cyber Security Division, the National Communications System and the Office of Emergency Communications. Under his leadership, DHS helped to develop President Bush's Comprehensive National Cyber Security Initiative, the National Emergency Communications Plan and the precursor to what is now the National Cyber and Communications Integration Center.