UK banks urged to share more intel on cyber-threats

News by Doug Drinkwater

Cyber security and banking experts say that British banks and other financial institutions must share intelligence on threats if they are to beat cyber-criminals and protect critical assets.

Just two weeks after JPMorgan Chase detailed how hackers had compromised 83 million records following a phishing attack on a company employee, the US investment firm's Canary Wharf offices played host to a conference entitled: ‘Cyber Resilience in the financial sector – defending our core markets' , held in London on Wednesday.

The event – was hosted by not-for-profit organisation CSARN (City Security and Resilience Networks) – saw several high-profile keynote speakers tackle the threat facing financial institutions and what the industry must do to counter it.

And despite 18 months of groundbreaking initiatives such as Waking the Shark II, the creation of CBEST and a more recent Europol agreement with the European Banking Federation (EBF) and its 21 associated banks, experts warned that threat intelligence and other data needs to be shared openly between the financial services community.

One delegate compared today's cyber security market to the advent of terrorism after the 9/11 terrorist attacks on the Twin Towers in New York.

“9/11 created a huge change in the security industry and really brought a challenge to all standards and methodologies used up until that point,” he said, before noting that terrorist activity was at that time seen as ‘unpredictable, difficult to detect, and hard to define' – points which he added could now be made on cyber-crime.

“We then looked to improving intelligence of the threat between the government, companies and the police. That led to better understanding of the threat and improved the countermeasures.”

The speaker added that a better understanding of the threat and what information sharing entails is needed, but he believed that the industry is “now at the point that everybody would like to do this – including the government”.

“I think we need to deepen the engagement with the government to deepen the knowledge of what's going on.”

Another speaker detailed how the UK government has started sharing previously top-secret intelligence with critical infrastructure facing cyber-attacks. Working together, he said, is essential in this space.

Meanwhile, one speaker from a UK business group outlined some of the partnerships in recent times, such as the Information Sharing Framework for Collaborative Cyber Situational Awareness, as well as continued work around CBEST, Cyber Essentials, IS27034 and other standards that are applied in financial services.

He noted too how the number of CERTS across Europe has risen from 42 in 2011 to 222 last year, representing a 400 percent increase and showing more governmental involvement.

But a spokesman from another cyber intelligence firm put it most succinctly:  “Adversaries collaborate against you, so why you don't you collaborate against the adversaries?”

However, audience members later added that some financial services companies are cagey about how much data they share – especially when it is proprietary, leaving the speakers to urge these companies to start by sharing a “little data” to help get the wheels turning on industry collaboration.

Collaboration is a topical issue in the financial services sector at the moment, with sources telling SC that the Waking the Shark II exercise last year saw some vendors not initially want to share intel on threats and attacks. Other analysts have noted in recent times how some of these firms also see cyber down-time at their rivals as a competitive benefit.

Speaking after the event, Paul Nguyen, president of global security solutions at CSG Invotas, told that the financial services sector is learning to share intelligence, particularly in the US with the FSISAC, but added that knowing about threats is ‘only half the battle' in a Big Data age.

“We really become paralysed by data if we don't process it fast enough.”

He added that efforts are being made to bring FSISAC across Europe – as well as the STIX language and TAXII communication protocol that it recommends. Nguyen says that a common shared language is critical.

“The problem with data is that it's useless unless it's in a standard format,” he said, adding that STIX format delivers content in XML, with TAXII used as the transportation protocol.

He says that an issue at the moment is that various cyber-intelligence firms are delivering multiple feeds to companies, who in turn are eager to have as much data as possible – resulting in spreadsheets with ‘thousands of columns'. As a result, Nguyen says that some firms have to develop a custom field to analyse all this collected data.

“They have thousands and thousands of rows of data and no-one can get through it,” he told SC.

On the proposal that firms do not wish to reveal proprietary data, he said that standards could dictate this and ask companies only to provide small details like a digital footprint – an IP address or a hash of malware - which is anonymised to the ‘level that it becomes usable'.

However, he admitted that there's a ‘fine line' between sharing data and losing a competitive edge and suggested that this is unlikely to change so long as these remain voluntary and not as part of some wider regulation.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews