“All for One and One for All”

… So chanted the Three Musketeers. One of my main issues with cybersecurity risk management is that organizations seek to secure their own systems, data and networks, hoping that attackers will move on and attack more vulnerable victims. I have h… Continue reading “All for One and One for All”

Majority of CISOs plan to ask for an increase in cybersecurity investment

Most CISOs of financial institutions (73 percent) plan to ask their organization’s CFO for an increase in cybersecurity investments in the next year, according to the Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry con… Continue reading Majority of CISOs plan to ask for an increase in cybersecurity investment

What differentiates the strongest cybersecurity programs from the rest

Financial institutions spend an average of around $2,300 per full-time employee on cybersecurity annually, reveals a survey released by Deloitte and the Financial Services Information Sharing and Analysis Center (FS-ISAC). According to the report, &#82… Continue reading What differentiates the strongest cybersecurity programs from the rest

How the U.S. might respond if China launched a full-scale cyber attack

The U.S. financial and energy sectors are no strangers to foreign government hackers, from Iranian denial-of-service attacks on American banks to Russian reconnaissance of industrial control systems. Less familiar territory, however, is how companies would work with the U.S. government to respond to a cross-sector cyberattack during a geopolitical crisis. About 20 private executives and ex-government officials gathered last month in Washington, D.C. to take a stab at that question. A tabletop exercise hosted by the Foundation for Defense of Democracies (FDD), a think tank, hashed out what companies and federal agencies might ask of each other in the 72 hours after a disruptive series of computer intrusions. The fictional scenario involved a confrontation between the United States and China in the Taiwan Strait, which was followed by a cascading cyberattack on multiple U.S. critical infrastructure sectors. The former defense and law enforcement officials in the room discussed with their private-sector counterparts – executives […]

The post How the U.S. might respond if China launched a full-scale cyber attack appeared first on Cyberscoop.

Continue reading How the U.S. might respond if China launched a full-scale cyber attack

As ransomware hobbled Atlanta, banks drilled for next iteration of attacks

As the Atlanta city government struggled to recover from March’s ransomware attack, cybersecurity personnel from U.S. banks huddled two miles from city headquarters to practice dealing with the same type of disruptive malware. The exercise, which assembled 18 financial institutions and the industry’s threat-sharing center, simulated a bank’s computer network and tasked participants with defeating “WannaCry-like” ransomware, according to ManTech International Corp., the cybersecurity company that hosted the drill in April. Participants, including big U.S. banks, connected to ManTech’s Advanced Cyber Range Environment (ACRE), a computing facility that can test network defenses against various strains of malware. Some participated from the Federal Reserve office in midtown Atlanta, according to ManTech spokesman Jim Crawford. In this case, exercise planners mimicked the WannaCry ransomware, which struck more than 300,000 computers in 150 countries last year. The company already had practice using that virus for ACRE training “when it was still in the wild,” Brett Barraclough, a ManTech […]

The post As ransomware hobbled Atlanta, banks drilled for next iteration of attacks appeared first on Cyberscoop.

Continue reading As ransomware hobbled Atlanta, banks drilled for next iteration of attacks

Inside ‘Project Indigo,’ the quiet info-sharing program between banks and U.S. Cyber Command

A secret information sharing agreement between the Financial Services Information Sharing and Analysis Center (FS-ISAC) and U.S. Cyber Command reveals the blurring line between the country’s public and private sectors as the U.S. government becomes increasingly receptive to launching offensive hacking operations. The pilot program, codenamed “Project Indigo,” recently established a confidential information sharing channel for a subunit of FS-ISAC known as the Financial Systemic Analysis & Resilience Center (FSARC). That subunit shares “scrubbed” cyberthreat data, including malware indicators, with the Fort Meade-based Cyber Command, according to current and former U.S. officials. Project Indigo also provides data to the Department of Homeland Security and U.S. Treasury. However, those agencies were already getting data from the banks, which is narrowly leveraged for defensive measures. The broad purpose of Project Indigo is to help inform U.S. Cyber Command about nation-state hacking aimed at banks. In practice, this intelligence is independently evaluated and, if appropriate, […]

The post Inside ‘Project Indigo,’ the quiet info-sharing program between banks and U.S. Cyber Command appeared first on Cyberscoop.

Continue reading Inside ‘Project Indigo,’ the quiet info-sharing program between banks and U.S. Cyber Command

FS-ISAC releases API for safer data sharing

An association of banks and financial technology companies has released a tool that it hopes will help financial institutions securely share data about consumers across the online financial tools that they use. The Financial Services Information Sharing and Analysis Center (FS-ISAC) is releasing an application programming interface (API) in order “to foster universal adoption of a more secure and robust data sharing framework,” according to a statement released on Tuesday. “Over a lifetime, consumer data may be scattered throughout several financial institutions,” the FS-ISAC says, which creates a need for consumers to log into multiple accounts to manage loans, deposits, payments and investments. The new API tokenizes sensitive user information, which the association says facilitates and secures the transfer of data from company to company. “Creating a standard API for secure data sharing benefits everyone in the data aggregation ecosystem,” FS-ISAC Chief Operations Officer Eric Guerrino said in a release. […]

The post FS-ISAC releases API for safer data sharing appeared first on Cyberscoop.

Continue reading FS-ISAC releases API for safer data sharing

What CISOs prioritize in order to improve cybersecurity practices

In a new study by the The Financial Services Information Sharing and Analysis Center (FS-ISAC), CISOs weighed in on the most critical cyber-defense methods, frequency of cyber-preparedness reporting to their respective boards of directors as well as th… Continue reading What CISOs prioritize in order to improve cybersecurity practices

Financial institutions launch their own cyber range to train defenders, test tools

Banks, insurance companies and other financial institutions are banding together to design and build a series of cyber ranges — computer environments where defenders can exercise, train and test tools to defend their real computer networks against online attackers. The initiative, by the Financial Sector Information Sharing and Analysis Council, or FS-ISAC, has already built out the first range and will stage the first exercise on it at the end of November at the Federal Reserve Bank of Boston, according to Shaun Brady, a consultant with FS-ISAC. “Some will be there physically, others will take part remotely,” Brady told CyberScoop on the fringes of the Integrated Cyber Conference staged by the John Hopkins University Applied Physics Lab as part of DC CyberWeek. The sector “does a great job with table top exercises,” said Brady, but those are more policy and management orientated. There was a dearth of “hands-on-keyboards” style war games, he said. Eventually, […]

The post Financial institutions launch their own cyber range to train defenders, test tools appeared first on Cyberscoop.

Continue reading Financial institutions launch their own cyber range to train defenders, test tools