Security Incidents Forge A Band of Brothers

Print
Email
Reprints
Comment
Twitter
LinkedIn
Facebook
Google+

Recent cyber attacks on banks - from religious Middle Eastern groups and Russian hackers, among others - have brought former competitors together in a way that may be unprecedented.

In the security sphere, there's a community of people within banks and other companies who are willing to share information with each other off the record, and even fly out to visit one another at a moment's notice to offer security expertise, with nobody seeking any credit or recognition. Banks that are targets of, say, the latest distributed denial of service attacks, are talking with their cohorts at competing banks and sharing what happened to them, their defensive measures and what has and hasn't worked.

"As soon as you find out you're under attack, you're part of this group that's sharing intimate details," says William Nelson, president and CEO of FS-ISAC, which also gathers and shares security and threat information and issues alerts.

These networks of communicators are small and carefully chosen. "It's important to have the right people on the call, even internally within the company," Nelson says. "You don't want 400-500 people on the call, you won't be able to get anything done. When you're in the throes of a crisis, you need to respond quickly and adjust your response as circumstances change."

Anti-DDOS tactics, techniques, and mitigation strategies have all been shared, to the benefit of all. A DDOS attack in late November was considered completely repelled by the large banks in this cadre.

This is a change from the often hypercompetitive, everything's-a-state-secret approach in many areas of financial services. At a recent small business banking conference, speakers and attendees discussed how impossible it would be to get banks to agree on standard size categories of small business customers.

In spite of the potential benefits of being able to share certain industry metrics, it was recognized that not only would the banks be unwilling to change the way they've always done things, but they consider the way they define their small business customer to be a competitive advantage.

In times of shared difficulty, some competitive fervor falls away and the strengths of being able to pool information and work together against a common enemy become clear. Those bonds can hold even after the danger passes.

JOIN THE DISCUSSION

SEE MORE IN

'Dodd-Frank Is Like the TSA': Comments of the Week
American Banker readers share their views on the most pressing banking topics of the week. Comments are excerpted from reader response sections of AmericanBanker.com articles and from our social media platforms.

(Image: iStock)

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments:
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.
Already a subscriber? Log in here
Please note you must now log in with your email address and password.