CybersecurityBanks collaborate to thwart cybercrime

The Financial Services Information Sharing and Analysis Center (FS-ISAC), a cybersecurity information sharing group, has teamed up with the Depository Trust & Clearing Corporationto form Soltra. Named after a series of fire signals that were used in Europe hundreds of years ago to warn against invaders, the organization alerts member banks of incoming or potential cyber threats. Its main software, Soltra Edge, due to launch on 2 December, gathers information about potential security threats from more than 100 banks, analyzes it in real time, and aims to inform banks before their networks become victims.

“We need to re-imagine cybersecurity and get beyond a siloed organization, disparate vendor mentality,” said Bill Nelson, president of Soltra and president and CEO of FS-ISAC, in a statement. Soltra Edge “will connect thousands of entities globally, enable them to communicate using a consistent language and help organizations take immediate action.”

According to Entrepreneur, banks have been victims of numerous cyberattacks in the past two years. Notably, J.P. Morgan Chase, lost personal information of roughly eighty million businesses and individuals to hackers earlier this year. Its CEO, James Dimon, has said he expects cyberthreats to only increase in the coming years. In April, he estimated that by year’s end, the bank will have spent $250 million on cybersecurity with approximately 1,000 people dedicated to the issue. “Cyber attacks are growing every day in strength and velocity across the globe. It is going to be a continual and likely never-ending battle to stay ahead of it — and, unfortunately, not every battle will be won,” Dimon wrote in his annual letter to shareholders. Dimon recommends the financial industry should increase collaborative efforts to fight cybercrime.

Will Ackerly, CTO and co-founder of Virtru, a digital privacy and security company, supports Soltra’s strategy of collaboration. “Often a possible threat can be upgraded to be a credible threat if certain activity is seen across two or more institutions. At the volumes of activity they see, being able to make these connections across institutions is critical,” he said. “If they do not share this information, then banks may not know that they should be on alert as these computers begin their targeted attacks.”

Mass collaboration, however, may have little effect when looking to prevent cyberattacks. John Prisco, president and CEO of Triumfant, a malware detection company, says that hackers create specific attacks for specific targets. “Scale will not help because sophisticated attacks are engineered just for the target company,” Prisco says. Instead, cybersecurity teams need targeted detection software that does not build off of prior knowledge. “That will give large as well as small institutions a fighting chance against ever evolving attacks,” Prisco says.

Taking cybersecurity a step further, Jeremiah Grossman, founder and CEO of WhiteHat Security, notes that cyber-criminals have been sharing intelligence for years, so it makes sense for the defenders to do the same. Grossman wants companies to take a more proactive approach to protecting their networks. “This Soltra appears solely reactive. Banks and financial institutions need to do a better job at securing their online web-based software, where the bulk of the attacks target, to prevent breaches before they happen,” he says.