Incident & Breach Response , Information Sharing , Security Operations
Information Sharing: A Powerful Crime-Fighting Weapon
Law Enforcement, Government Agencies Stress that Threat Intelligence is CriticalIn October 2015, collaborative efforts to take down hackers linked to the notorious banking Trojan known as Dridex paid off for law enforcement.
See Also: JAPAC | Secure Your Applications: Learn How to Prevent AI-Generated Code Risk
Operation SAMBRE was a global cybercrime investigation into the theft of billions of dollars from banks throughout the world, with top-tier banks in the U.K. and U.S. hit particularly hard. The cooperation of law enforcement officials in the U.S., U.K. and other nations resulted in the arrest of three individuals, two of whom are now serving jail time.
It was a massive undertaking, one that hinged on a mix of good old-fashioned detective work and technical savviness, Jason Tunn of the Metropolitan Police Service in London said in his keynote address at our Fraud & Breach Prevention Summit on Nov. 9.
Authorities arrested the two men now serving jail time after surveilling their apartment in London, awaiting just the right moment to nab them after they stepped outside to take a smoke break, Tunn explained.
But Operation SAMBRE wasn't just about good detective work. It also was about strong cyber threat intelligence and information sharing that hinged on trusted relationships with banks willing to share their fraud and attack details with police.
Banks Have to Be Willing to Share
Without banks' willingness to proactively share information with law enforcement, Operation SAMBRE would not have been a success.
Information sharing may sound cliché. Since the emergence of the Financial Services Information Sharing and Analysis Center, which got a significant boost in global recognition in the wake of the 2012-2013 distributed denial-of-service attacks waged against leading U.S. banks and financial firms, the term "information sharing" has been overused and, some might argue, diluted.
What does "information sharing" really mean? Tunn's description of Operation SAMBRE provides the perfect definition: communication of the details about cybercrime and fraud activity among financial institutions and, ultimately, with law enforcement.
I walked away from the London Summit reminded of just how critical information sharing is, especially when it comes to financial cybercrime.
And I got the sense that sharing information with law enforcement is less common in the U.K. than it is in the U.S. What's more, up until recently, it's not been very common for U.K. banks to share much among themselves, either.
GDPR Provides a Boost
But information sharing in the U.K. could get a substantial boost from the General Data Protection Regulation, which takes effect in May 2018.
The GDPR sets requirements for reporting data breaches or cybersecurity incidents in Europe. In the U.K., that means notifying the newly created National Cyber Security Centre of a cyber incident within 72 hours of its occurrence.
The purpose of the GDPR is to ensure more transparency with the government on cybersecurity incidents, as well as to protect consumers' privacy.
While "information sharing" is not an explicit requirement of GDPR, the more accustomed banks and others get to sharing cyber threat details with each other and law enforcement, the easier GDPR compliance will be.
And despite the U.K.'s plans to exit the European Union, British businesses are still required to comply with GDPR. Cybersecurity attorney John Salmon, a panelist at the summit, says U.K. organizations need to start moving forward with GDPR compliance plans now and start getting used to working with the NCSC.
Another panelist at the summit, Paul Simmonds, CEO of the Global Identity Foundation, says he's glad to see the formation of the NCSC, the new lead agency for cybersecurity and incident response and investigation in the U.K. One of its first tasks is to work with the Bank of England to come up with guidelines for managing cybersecurity within the financial sector.
But Simmonds argues that the formation of NCSC comes too late. The government is stepping in to ensure more collaboration many years after cyber threats reached a tipping point, he claims.
Many of the attendees at our summit had not yet heard of the NCSC, which was just launched on Oct. 31. So when it comes to information sharing, there's clearly a need for more awareness - and lot more action.