As cyber attacks continue hitting banks and financial institutions, the industry has found an unlikely ally: The federal government.
As attacks grow more frequent and sophisticated, even large financial institutions, notorious for wanting to keep their inner workings secret, are starting to turn to these public-private partnerships to put an end to the cyber crimes.
Interestingly, however, the government is working with smaller, less sophisticated financial firms to try and cut off cyber thieves at the most vulnerable parts of the network.
“Government efforts are definitely focusing at the small level because these firms are gateways into larger financial services infrastructures,” says Karl Schimmeck, vice president of financial services operations for SIFMA, a trade organization. “ A lot will connect into clearing firms and so they do have access, just one step removed.”
Private organizations from FS-ISAC—which still has its Financial Services Cyber Threat Level set to “high”—to the Department of Homeland Security (DHS) are teaming to share information when attacks happen. Part of this includes educational efforts to teach people how to combat “botnets,” systemic attacks by groups of computers taken over by hackers.
Smaller firms can access help by calling an FBI field office to report an attack. The bureau can offer additional avenues for a firm to find help in the cyber wars, including potentially recovering their data.
The White House has also thrown in its support, backing a private campaign, “Keep a Clean Machine,” (which offers basic advice from avoiding public Wi-Fi hotspots for business work, to not clicking on links from unfamiliar emails.)
Schimmeck says that small firms don’t have to spend a lot of money to use “basic hygiene,” in keeping their systems secure. At the very least they should be using the security offered on their platforms, which can include software protection from viruses, to creating strong passwords when creating log ins to websites.
Organizations are encouraging smaller firms to join in the effort; the FS-ISAC has tiered membership rates depending on a company’s size (http://www.fsisac.com/join/benefits/) and offers benefits, including the use of peer to peer sharing, to combat attacks. Membership rates start at $850 a year.
Firms should reach out to these organizations without worry that proprietary information will be shared, Schimmeck says. Hesitancy is understandable, however. During a session at SIFMA’s Cybersecurity Symposium last month in New York, at least one member asked how they can be assured their information was not compromised.
“From our experience, I think they’ve made every attempt to say to us, ‘Everything you’ve told us is in confidence,’” he says. “They know this is an area where firms only share with people they're comfortable with. All the federal agencies have made inroads to that effect, and they don't want to ruin that reputation.”