Collaboration - the key response to cyber-security threats

Last month the International Monetary Fund (IMF) published a blog calling for greater levels of collaboration, and intelligence sharing across borders to be as fast and globally integrated as the criminals and groups carrying out the attacks.

Operation Taiex, the global operation to arrest the gang leader behind the Carbanak and Cobalt malware attacks on over 100 financial institutions across the globe, serves as a great example of law enforcement agencies from seven jurisdictions and numerous private sector firms coming together to stop a group operating in at least 15 countries.

This level of collaboration, the IMF says, is hugely positive but there is more to do. They focus on four areas for improvement:

  1. Develop a greater understanding of the risks and how they might impact financial stability
  2. Improve collaboration on threat intelligence, incident reporting and best practices in resilience and response
  3. Regulatory approaches need to be harmonised and consistent
  4. Countries and organisations need to be aware of attacks and know how to respond to them through well practiced response plans

The recommendations chime with the work that UK Finance is undertaking through the operationalisation of the Financial Sector Cyber Collaboration Centre (FSCCC), a cross sector initiative aimed at improving the cyber resilience of the sector.

The FSCCC will seek to identify threats and disseminate information to the sector so that financial institutions of all sizes are able to act on that information and harden their security posture. In some cases, the information will be specific to a particular sub-sector or size of organisation (e.g. firms which own ATMs in the event of an ATM cash-out campaign) or it will be an urgent blanket communication to reach as many firms as possible. Consistent in this will be the National Cyber Security Centre's CiSP platform so that all firms can have access to the outputs.

Although driven by the sector for the sector, this is a truly public/private partnership, with support from government agencies and law enforcement. UK Finance has also been working with the financial authorities. Fundamentally the FSCCC will not act as a regulatory reporting function, it will seek to reduce the regulatory reporting burden on firms in the heat of a cross-sector event or incident - allowing firms to prioritise protecting and hardening their defences.

While our focus is clearly the UK, we do not ignore the reality that many of the financial institutions operating here also operate in other countries. It is therefore crucial that the FSCCC cooperates at an international level to provide a route for information that needs to get from foreign agencies to firms in the UK finance sector. Much work has been undertaken to ensure there are connections with organisations in the USA and across Europe. As the FSCCC develops, UK Finance will continue to build connections with other organisations to establish this global network and secure the sector against attackers.

UK Finance will be working with our members and international organisations including the IMF to explore means to further support international collaboration and improve the flow of information across borders. We also recognise the interdependencies between strong cyber security and preventing cyber enabled crime, so are working closely with our economic crime colleagues who are engaging with FATF and others to also promote cross-border information sharing. 

If you would like to know more about the FSCCC please get in touch. We would strongly recommend that firms that are not members of CiSP register - UK Finance is happy to act as your organisation's sponsor.