Combating cyber threats to the global financial industry
She said that another promising tool lies in the growing field of big data, which allows professionals to utilize data to proactively examine the threat stream. She added that the financial services industry must be a leader because their services “are truly at the heart of all business that is being done,” making them a “highly valued target.”
Petrie also emphasized the importance of securing not just a company’s computers, but the employees working behind the computers as well. Insider threats — both unintentional and malicious – make up a sizable percentage of the threats that companies face.
Conference panelists, including cybersecurity experts from a variety of businesses, governmental and academic institutions including the FBI, Deloitte, IBM, Barclays, AT&T and others, shared their opinions on similar issues.
The panel discussions were conducted under the Chatham House Rule, which is designed to encourage open discussion by allowing those in attendance to share information without commentary being specifically attributed to individuals.
“Cybersecurity is not a technology problem; it’s a people problem,” said one panelist of insider threats. The panelist explained that employees “may become disgruntled, upset, annoyed at their employers, annoyed with life.”
“That may lead them down a road that they never intended when they first joined an organization,” the panelist continued.
Another panelist explained that companies are beginning to utilize big data to identify employees who could present a security risk. The panelist calls these at-risk employees “falling stars.”
“A falling star is someone who is no longer getting tasks or information being pulled from seniors, so their position is being diminished in some way,” the panelist said. Falling stars also are, he noted, “not as active in communication with their peers, and the flow down of information to subordinates cools off, while communication patterns outside of the organization begin to grow.”
This is one way, the panelist said, that companies can implement preexisting in-house data to improve cybersecurity.
Panelists also provided practical advice to conference attendees seeking to stay ahead of the curve in what participant Craig Young, chief technology officer at the SWIFT Institute called, “an arms race between hackers and financial institutions.”
One panelist recommended the use of control frameworks, which allow IT auditors to assess various areas of company performance to determine strengths and weakness. Auditors can then recommend dozens of best practices to improve weak areas.
Another participant said that the most effective programs are those that bring an “organic art” to the problem, involving collaborations between IT professionals and employees with deep understanding of the company’s business, culture and networks.
In a session that focused on cybersecurity tools, the panelists agreed that one of the major obstacles facing the industry is the tools used to monitor and analyze the data don’t “speak a common language” and do not work well together.
Another noted that “security noise is the biggest problem we have,” explaining that a system can produce “hundreds of thousands of alerts per day,” of which only a few are important and worth notice.
All also agreed that cybersecurity tools could be made stronger by standardization of information across systems coupled with simple training and education. It was stated that phishing — an illegal attempt to gain sensitive information online, often for malicious purposes — accounts for 80 percent of cyberattacks and could be reduced dramatically just by making users aware of how to safely navigate the Internet.
Chairing the conference was Starnes Walker, founding director of the UDCSI and former chief technology officer for the U.S. Navy’s U.S. Fleet Cyber Command, director of research at the U.S. Department of Homeland Security and technical/executive director at the Office of Naval Research.
“The University of Delaware has the advantage of being located in the corporate capital of America and halfway between the commercial capital of New York City and the military and intelligence capital of Washington, D.C.,” Walker said.
“As such, UD’s Cybersecurity Initiative is uniquely positioned to be a bridge between our nation’s best experts from government, industry and academia.”
“Cybersecurity is not the next big industry; it is the industry,” Petrie said during her keynote speech. “We are all in it today, actively working together to figure out how to mitigate the threats that are coming at us each and every day.”
