Sunday, December 9, 2012

Why Information Sharing is Key to Security?

In order to fight an attack, you have to know the attacker

Booz Allen Hamilton issued a list of the top 10 cyberthreat trends for financial services in 2013. Among the top trends: 

  • Information sharing will be more critical, as legislation could push industry standards to improve threat intelligence information sharing.
  • Vendor and third-party risks will pose security challenges for financial institutions of all sizes.
  • Boards of directors must create and embrace a culture that encourages information sharing across the industry.
  • Hacktivists and extremist groups will increasingly target institutions to disrupt services and destruct data.
  • Cyber-benchmarking will be used to show how banks stack up, from a security standpoint, to their competition.

The remaining five trends highlight the need for stronger identity and access controls, more focus on risk-protection processes and people, the need for predictive threat intelligence, and why reliance on the cloud and mobile is critical.

Underlying those 10 trends is the need for banking institutions to understand who's behind attacks waged against them, says Bill Wansley, a financial fraud and risk consultant for Booz Allen Hamilton.

Wansley's three-pronged approach to fighting cyberthreats:
Identify the attackers' capabilities, know their intent and appreciate the opportunities they have to do harm.
A distributed-denial-of-service attack, for instance, may not cause long-term damage to your infrastructure or compromise consumer privacy, but it definitely can do some damage to your reputation, depending on the intent of the attack and the actors behind it.

Hacktivists attack to damage reputation; criminals attack to commit fraud. Until you understand the actors, you can't adequately prepare for the threat. That's Wansley's key point, and it makes perfect sense. But I believe that the most critical step is information sharing.

The more we share about attacks - vulnerabilities and vectors - the more we will learn about how the attacks are waged, what they're after and who's behind them. Besides, that need for more information sharing supports, we need to understand the actors without that we can't adequately prepare for the threat.

Refer here to download the report.

No comments: