As financial services firms contemplate their responses to the growing cyber-security threat, it’s clear they can’t take on this monster alone. The problem requires a global response to show perpetrators that the industry is seriously taking on cyber-crime.
On an individual level, banks such as JP Morgan, Citigroup, Bank of America Merrill Lynch and the Bank of England are searching for people to fill cyber-security intelligence roles, according to a recent story in trade publication Financial News. The story details how these firms want new staff to monitor, review and reassess cyber-attack threats as part of a mission-critical level strategy.
These A-List firms, according to the report, are considering hiring people from the military realm because they cannot find cyber detectives from among their own ranks. Banks now need experienced cyber detectives who can proactively foresee and prevent threats and respond via a command and control structure. Banks also need to fend off threats from nation states, so-called hacktivists and “geopolitically motivated organizations.”
In the meantime, trade associations such as SIFMA have been calling for a “cyber-war council” of sorts as Bloomberg recently reported. Late last month, when the 9/11 Commission Report argued that cybersecurity is a “key area of focus for U.S. security,” Kenneth E. Bentsen, Jr., SIFMA president and CEO, recommended that Congress move forward with cyber-security legislation that would allow private companies to work in unison with the government to counter cyber threats.
Cyber-security is “a top priority for the financial services industry, which is dedicating significant resources to protect the integrity of the financial markets,” Bentsen said in a statement.
SIFMA also wants this “robust public-private partnership” approach to encompass legislation to provide “important liability protections and enhanced coordination to empower the industry to best protect its clients and the financial markets,” Bentsen says. SIFMA also wants its members to develop best practices and to conduct “simulated attack exercises” to bolster response protocols. “Complacency is not an option, and we encourage policymakers to make cybersecurity legislation a key focus.”
Yet the extent and severity of the issue will require a global response and better coordination among nations because cyber-threats ignore all boundaries. This became painfully clear last week when Hold Security revealed at the Black Hat network security convention that allegedly a group of Russian hackers has stolen 1.2 billion usernames and passwords from 430,000 websites. If the claim is true, then it represents a milestone for cyber-security. While many within the IT industry have since voiced skepticism about the company’s claims and the way it revealed the information, it’s not beyond the realm of possibility that a well-organized group of hackers could achieve such a stunning breach of security undetected.
As pointed out in a recent Wall Street Journal story, there is “no international cyber police force” available to uncover or crack down on such a threat. There is some coordination between the FBI and Interpol but mostly for credit-card data theft and related breaches. In addition, more international collaboration is needed to counter fraud schemes that stretch across borders.
Cyber-security laws exist for the U.S., the U.K. and throughout Europe but there is a lack of consistency that enables hackers to find geographies that lack tough legal mandates against their crimes.
This overall lack of cohesion needs a global approach that consists of domestic and international cyber-cops working together, a global set of laws with sanctions against nations that fail to enforce cyber-security protections, and coordinated legislative and regulatory actions that might give the industry a fighting chance against what will be an unprecedented disaster.
Need a Reprint?
Leave a Reply