September 11 2018 Strength in Sharing Cyber Intel for Financial Services Individuals Small Groups Sponsored or Nation States There are two kinds of big companies in the United States There are those whove been hacked by the Chinese and those who dont know theyve been hacked by the ID: 1046005
Download Presentation The PPT/PDF document "Magdiel Rodríguez mrodriguez@fsisac.com" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
1. Magdiel Rodríguezmrodriguez@fsisac.comSeptember 11, 2018Strength in Sharing – Cyber Intel for Financial Services
2. Individuals / Small GroupsSponsored or Nation States“There are two kinds of big companies in the United States. There are those who've been hacked by the Chinese and those who don't know they've been hacked by the Chinese.” --FBI Director, James Comey, on CBS’ 60 MinutesOrganized Crime“By the end of 2010, organized crime world-wide was making more money from Internet crimes, than from narcotics.” --FBIWho Are The Bad Actors?
3. Budgets Shrinking, Breaches GrowingDespite greater awareness of cyber security incidents, globally, information security budgets actually decreased 4%. It costs much more to remediate cyber incidents than prevent them, so it seems counterintuitive that organisations would choose to invest less overall. –PwC How are Global CorporationsResponding to the Threats?
4. Protect and enable through exceptional execution of essential information security practicesPurposePage 4Accomplished by delivering on four primary objectives:Proactively mitigating information security threatsIdentifying and managing information security risk across the enterpriseSupporting the business by securing and enabling emerging products and marketsMaintaining industry and regulatory compliance within the information security program
5. Cyber Security – What is ‘Cyber’?Cyberspace includes digital devices which may be networked together.Cyber security covers the interaction between people and cyberspace. Cyber security is primarily associated with defence against large scale or targeted cyber attacks.Cyber security is the protection of information and systems in cyberspaceAttacker determinationAttacker sophisticationAccidentalMalware/ InsiderLone Hacker/ hobbyist‘Script kiddy’Disgruntled Ex-employeeDisgruntled customerDisgruntled Ex-IT AdminHacktivismHacker collectivesOrganised crimeState sponsoredCyber attacks can be designed to:Collect corporate informationDisrupt IT systems Steal fundsCause adverse publicityManipulate personnelA successful cyber attack depends on:Exploitation of human, technology or process vulnerabilitiesA determined and skilled attackerCyber security is focussed on defending against sophisticated targeted attacks
6. The Threat Evolution* Numbers are illustrative to depict the relative differences between attack vectors* Numbers are illustrative to depict the relative differences between attack vectors
7. Cyber Security – Why it is criticalCyber security protect nations, companies and individualsIntellectual Property or Personal data lossFinancial lossReputational damage Disruption or catastrophic failureFurther cyber attacksHigh profile cyber attacks in recent years continue to have significant impact201420152013Carbanak – global banks and financial services targeted accounts and ATMs with individual losses ranging $7-10m Cyber security is critical as attacks will occur amongst respected targetseBay – 145 million user accounts were affected in a cyber attack that required users to reset their passwordsTarget – retailer suffers cyber attack loss of 70 million customer records, POS malware attackReduced revenueShare Price dropRegulatory finesLitigationCEO resignationLoss of key customer relationshipsCustomer complaintsContractual compensationStaff redundancies
8. Cyberattacks Against Financial Services Companies Are in the NewsTLP Green
9. EncryptionPatch managementSecure buildsSecurity architectureRemove legacy systems Data Loss PreventionIntrusion DetectionLog collection and monitoringPenetration testingSecurity policy & standardsSecure access controlEmployee screeningThird party complianceTraining & AwarenessIncident ResponseForensic investigationCommunicationRecovery Problem managementCyber Security – ProtectionA multi-layered approach is required to reduce the risk of major impactA cyber security framework can maintain effective protection
10. Phases of Information SharingStartupEarly GrowthExpansionOptimizedGeneral indicators sharedTraffic light protocolFew members share mostly anonymouslyMembers start to build trust 1:1Specific IndicatorsVulnerabilities sharedCircles of TrustIncrease in sharing, some attributionRegional sharingSolution provider partnershipsRegional coalitionsDeeper analysis (cyber, physical, geopolitical)Communities of interestMany members shareGlobal sharingExercises & playbooksGovernment & local partnershipsCross sector sharingAutomated machine to machine sharingStrategic resilience efforts in addition to core sharingPublic-private exercisesRegional resources addedTLP Green
11. Information Sharing: A Virtual Neighborhood WatchReasons to Share:Increasing Attack ComplexityRising Breach CostsGrowing “Noise” of threat indicatorsMore focus from regulators on participation in info sharing Benefits of Sharing:Get real-time threat intelligenceCyberPhysicalGeopoliticalVulnerabilitiesJoin communities of interestDefine appropriate defense & response based on riskComply with regulations, supervisory expectationsTLP Green
12. RelevantInformation SharingEducation and TrainingIntelligence and AnalysisSummits and EventsCrisis Response and ExercisesTLP Green
13. Regional ModelAmericas (NA-Focused)Threat Intelligence CommitteeBusiness Resiliency CommitteeEMEAThreat Intelligence CommitteeEMEA Strategy CommitteeBusiness Resiliency CommitteeAPACThreat Intelligence CommitteeAPAC Strategy CommitteeMain Activity:UK +IESW Europe N. EuropeE. EuropeGulfSouth AfricaMain Activity:SingaporeJapanAustraliaMalaysiaMain Activity:Canada USABrazil ColombiaChile
14. EMEAAPACAssociations and agenciesLaw EnforcementCERTsRelationships – Members, Partners, StakeholdersAmericasTLP GreenLiaison Placed Onsite
15. Information SecurityPhysical SecurityBusiness Continuity/ Disaster ResponseFraud InvestigationsPayments/ RiskMember CommunicationsCERTsFS RegulatorsLaw EnforcementInformation SourcesCross Sector (other ISACS)Open Sources (Hundreds) GOVERNMENT SOURCESCROSS SECTOR SOURCESFS-ISAC 24x7ISAC Analysis Team (IAT)AlertsMember SubmissionsThreat Intelligence ProvidersPRIVATE SOURCESVulnerability AlertingMalware ForensicsPS Incidents & AnalysisAfter hours IAT supportFS-ISAC Information FlowTLP Green
16. FS-ISACSharing in ActionTLP Green
17. Responded to SWIFT-Related AttacksTracked incident updates; sent/received updates w/ members regularly via FS-ISAC Intelligence Analysis Team (IAT) Shared indicators of compromise (IOCs) and SWIFT software updates with membersHosted technical SWIFT briefing conference call for over 2,900 membersPublished paper: “Security of Payment Network Access Points: Risk Mitigation Recommendations Related to Recent Payment Account Takeover Attacks Against Banks Leveraging the SWIFT Network”TLP Green
18. Physical Security BriefsFS-ISAC produces a number of physical security productsContinued investments in physical security and business resiliency FS-ISAC now employs full-time physical and geopolitical analystsTLP Green
19. Helped Secure the 2016 Rio Olympics 2016 Olympics in Rio de Janeiro, Brazil required months of cyber planning and preparations Dozens of organizations participated in an information sharing email listUsed Traffic Light Protocol to properly share information amongst manyFocused on both physical and cyber risks that could impact the gamesProvided real-time threat intelligence to prevent financial and physical crimes or attempts to disrupt gamesTLP Green
20. ConclusionThreats are becoming more frequentTechnologies used by adversaries are more complicated, intended to prevent detectionFIs must have a plan to respondBecome active in the sharing communityIncrease awareness of emerging threats and vulnerabilitiesTLP Green
21. Creating a “WIN-WIN” scenarioBalance customer ease of use with strong securityUsing people, processes and technology is keyCollaboration across the globe means you’re not aloneDon’t just rely on your own data and threat intelligenceWork with vendors, partners, public sector law enforcement for broader visibility
22. So how much are your cards worth?
23. ContactThank you for your partnership!Magdiel Rodríguez, mrodriguez@fsisac.com +1-786-441-8502