Other industries could learn from the experiences of banks in sharing data on cyber-criminal activity with each other, delegates heard at the SC Congress.
During a panel discussion, titled "An attack on one is an attack on all", panelists Panellists Cheri McGuire, CISO Standard Chartered bank; Mandy Haeburn Little, CEO Scottish Business Reslience Centre; Sharon Barber, CISO Lloyds Bank; Maria Vello, CEO Cyber Defence Alliance explained how banks share attack intelligence, and what other industries might choose to adopt.
Maria Vello, CEO of the Cyber Defence Alliance, said that criminal organisation attacking at scale "means that you have to work together".
Detailing how the framework of cooperation between banks works, Vello said that there is a "focus on preventing problems before they happen".
"One bank sees an issue and relays this to others," she said. "They can share information that doesn’t get into the media."
Sharon Barber, CISO at Lloyds Bank, said that there is a lot of collaboration between financial institutions. "We have a lot of informal conversations, we ask if anyone needs helps."
To transfer this experience to other industries, there has to be a commitment to sharing intelligence between organisations.
"You have to have something to share; to have a place to share," said Cheri McGuire, CISO at Standard Chartered Bank. She added that it is best for such groupings to start with a small core of members. "It’s to their advantage to work together".
McGuire added that to advance past the ad hoc stage of cooperation, these groups of organisations need formal arrangements, agreements and frameworks in place.
"You have to check to make sure you have legal coverage and the framework is set up to ensure that the right information is being sharing properly."
Barber added that within these information sharing groups, people have to "contribute to gain trust".
"Information needs to flow both ways. You share something and three or four months later you get something back," she said.
The role of regulators
When asked about the role of regulators within such information sharing networks, Vello said that regulators have to be careful to recognise they too have to earn the trust of banks. She said there is a "concern that regulators will regulate more", after becoming aware of the threat landscape.
McGuire said that regulators are "quite supportive of most of the information sharing initiatives". She pointed to the Bank of England as a good example of a regulator supporting such networks.
"There is a genuine recognition that sharing information contributes to the stability of the banking system," she said.
Translating the experience of banking to other industries
The panel said that their experiences of sharing information on threats is easy to translate to other industries. Vello said that many industry sectors have regulators and are bound by GDPR.
"It is absolutely doable," she said. "Criminals don’t stay in one lane. We all have to work together."
Barber said that lots of threats are standard across many industries.
"You have to have the courage to go first and share," she said. "When you find people that you can trust, then it starts to grow."
Summing up the key points of the panel, Mandy Haeburn Little commented: "The first was the very high level of collaboration that exists, not just with the main banks, but with the wider financial community...some really good examples of best practice, sharing of intelligence, looking after the customer and putting the customer first.
"Second was the ongoing need for agility, and being able to respond to threats really quickly as they emerge and I think the banks sometimes operate in very difficult regulatory regimes as well."
"Where other industries are going, the banks have been before, so quick often they do set the pace, they have very good models of how they work, how they share together ...being able to work as a team... summed it up very well."