Banks as Cybercrime Fighters?SIFMA Exec Explains Why Expectations Are Changing
C-level executives at financial institutions should play a critical role in working with the government to enhance cyberthreat intelligence sharing, says Schimmeck, who oversees financial services operations at SIFMA, is a trade association for the U.S. securities and financial services industry.
"Cybersecurity is another risk that the firms need to manage," Schimmeck says. "Within the spectrum of risk and threats, fraud and IP [intellectual property] theft have always been two threats that we have always dealt with. Cyber, in those cases, is just another channel."
Security is a key issue for SIFMA, he says in an interview with Information Security Media Group. "We've been very involved since our founding on business continuity, and cyber is part of that," Schimmeck says.
Schimmeck declined to comment about reports that SIFMA is pushing for the formation of a cyber war council, which would bring together a committee of financial industry executives and deputy-level representatives from at least eight U.S. agencies, including the Treasury Department, the National Security Agency and the Department of Homeland Security, all led by a senior White House official, to help the U.S. government fight cybercrime.
But he acknowledges that financial institutions face increasing risks from cyber-attacks.
"You could have a nation-state causing a dislocation in the markets. ... So we are focused on understanding how can we work with the government to prevent those attacks from happening," he says.
Proactively addressing cyber-threats from nation-state actors and hacktivist groups has been a focus for the financial services industry since the fall of 2012, when distributed-denial-of-service attacks waged against some of the nation's leading banks first garnered attention (see What's Next for DDoS Attacks?).
And in recent months, banking regulators have stressed the critical role C-level executives play in information sharing and cyber-intelligence (New FFIEC Cyber Exams: What to Expect).
During this interview, Schimmeck discusses:
- SIFMA's role in helping protect the critical infrastructure;
- Why a more robust public-private partnership for cyberthreat intelligence is needed; and
- The role federal legislation could play in ensuring cyber-intelligence sharing does not adversely impact banks and credit unions.
Schimmeck is managing director of SIFMA's financial services operations, where he supports the association's work on technology, business resiliency, operational risk and cybersecurity issues. He has more than 15 years of experience in operations, technology, finance and risk management. Prior to joining SIFMA, Schimmeck held finance and operational risk positions at Goldman Sachs. He also formerly served as a captain in the U.S. Marine Corps.