News

10:15 AM
Connect Directly
RSS
E-Mail
50%
50%

Being Proactive and Cooperative Still Keys to Foiling Cyber Threats

The industry may be trying to face down an economic crisis, but that still doesn't mean the old specter of security isn't looming over financial services executives' heads.

According to Patrick Peck, SVP, Booz Allen Hamilton (McLean, Va.), managing cyber security and how to protect the enterprise is still front and center on the minds of his clients. During a presentation yesterday called "Cyber: Are You Ready for What's Next?," Peck told attendees of the annual SIFMA Technology Conference & Exhibit in New York that the threats still exist and they'll only worsen. Ultimately, the key to succeeding against them is to establish a three-way cooperative between industry, government and academia to intercept threats more quickly.

At one point, Peck showed a video of Michael McConnell, an SVP at Booz Allen and the former director of national intelligence under President Bush. McConnell noted that if the 9-11 terrorists had instead chosen to hack into a major bank and destroy all the data in that bank, the global damage would have far exceeded the tragedies of the World Trade Center, Pentagon and Flight 93.

"The global financial system is not based on a gold standard," McConnell noted. "It's based on confidence." Once that confidence is shaken, there is a cascading effect, as has been illustrated throughout this financial crisis.

To properly address cyber threats to the banking system and the nation's infrastructure, he said companies have to remember to look beyond technology solutions at policy, culture and the company's operating profile.

Peck followed this up with an example of a simulation Booz Allen performed that involved taking 230 leaders from industry, government and society (such as academics, the media) and watched how they reacted to the simulated cyber threat. What really struck Peck was that people couldn't clearly understand the lines of authority in an emergency. "People didn't know who to go to, where policy was coming from," he explained. "We recommend establishing a single voice around cyber education."

He noted this is what President Obama is doing with the establishment of a cyber authority within the Dept. of Homeland Security. "Cyber is too complex for one authority to handle alone," he said. There is a growing array of state and nonstate members seeking to attack American government and commercial interests—including financial institutions. "The nation must act quickly to protect our national infrastructure," Peck commented.

Co-presenter Scott Kaine, also from Booz Allen, suggested banks and others be mindful of the threats from within as well as outside of the organization, since 80 percent of risk is from insider threats. "You need the basic blocking and tackling and the key is training—from the C-level down to customer services reps," he noted.

A continuous risk process that is revisited regularly is required if a financial institution is to protect itself from cyber threats, both current and future, Kaine said. This starts with the budget process. The funding for IT and security should not be relegated to the bottom like it often is. Banks are trying to cut costs. If money is shaved off the IT security budget, how much risk is being introduced to the organization? "You have to know this," he said. "Do a risk assessment more than once a year and allocate the budget according to those risks."

Something that might encourage this practice is a bill being floated in the Senate that would require businesses to adhere to the same security standards as government agencies. "Do your IT folks know about this?" Kaine posed to attendees. "They're going to need to know the ramifications of this policy."

Regardless of whether the Cybersecurity Act of 2009 is passed, information security people at banks need to act first. They need to use the technology at their disposal to look outside the organization so that when patterns of illicit cyber activity emerge in other parts of the world, they are forewarned and better able to repel the threat once it reaches their organizations' borders. "Work with your ISP, managed security players and government," Kaine said. "Your role is to be proactive."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.