Competing banks are cooperating more than ever before to beat cybercriminals.
As the number and sophistication of cyberattacks jumps, financial firms are sharing more threat intelligence with each other, according to the Financial Services Information Sharing and Analysis Center, a nonprofit group that facilitates the exchange of cybersecurity intelligence.
This collaboration has thwarted a number of attacks in the past year, bank executives say.
In September 2020, Santiago, Chile-based Banco Falabella became concerned it would soon come under attack by hackers. Distributed denial of service attacks, which flood servers with traffic to shut down websites and applications, were rippling across the financial sector as part of a long-running extortion campaign. Meanwhile, certain criminal gangs were besieging Latin American companies in particular with ransomware attacks.
Juan Carrasco, the bank’s head of cybersecurity, turned to others for help. He began researching attack patterns and technical data from 16,000 banks, payments providers, insurers and other financial firms shared via FS-ISAC’s intelligence-sharing platform.
“We noticed a pattern on FS-ISAC’s Intelligence sharing platform where the threat actor methodically targeted Brazilian organizations, then moved on to target Argentinian firms, which meant that Chile would likely be next,” Carrasco said.
He compared information on how these hackers broke into other companies with his own systems’ defenses, he said, closing gaps that could have led to successful attacks.
The increased cooperation among banks represents a marked shift for an industry that has occasionally struggled to build trust among competitors. Previous attempts to launch information-sharing platforms stalled, including an FS-ISAC-sponsored product named Soltra Edge, which shut down around two years after its 2015 launch.
On the current FS-ISAC platform, activity has increased by 60% in the past 12 months, with companies from 70 countries, the organization said.
The increase reflects the heightened risk, cadence, and sophistication of attacks, said FS-ISAC chief executive Steve Silberstein. Companies are also being more open, he said, sharing experiences of cyberattacks with each other to determine methods of defense.
Fred Gibbins, chief information security officer at American Express, said that the quality of the information being shared, not just the quantity, has also improved. In addition to cybersecurity, he said, participants such as AmEx are also using and sharing information for other purposes.
“It kind of goes beyond cybersecurity now, the intelligence feeds into fraud and anti-money-laundering, privacy and other trends, as well,” he said.
Whereas in the past the information shared was technical data such as indicators of attacks, information now being shared includes categories such as geopolitical data for more expansive views of risk, he said.
Silberstein said that over the next 12 months, he would like to see small and medium-size participants increase their usage of the information provided by other companies, and to contribute their own. Likening FS-ISAC and similar organizations in other sectors to a global sensor network, he said, the nonprofit’s efficiency and usefulness increases as more participate.
Write to James Rundle at [email protected]
This article was published by Dow Jones Newswires