UAE Launches Threat Intelligence Sharing for BanksBut Are Banks Ready to Participate?
The UAE Banks Federation, which has 49 member banks, has launched the Cyber Threat Intelligence Initiative 2017 to create an information sharing platform in an attempt to better detect and respond to cyberattacks.
But are these banks ready to share information or report breaches? And will the initiative have value?
Some organizations fear their reputation will be hurt if they share threat data that illustrates their vulnerabilities.
H.E. Abdul Aziz Al Ghurair, chairman of UBF, is optimistic. He says that providing a robust platform for collection and sharing of cyber threat intelligence will allow banks to answer the "who, what, where, when, why and how" questions for immediate decisions and actions.
"Banks can then prevent and reduce sensitive data exposure and make better, more informed decisions around risk management and investment for cybersecurity," he says. "Such intra-sectoral collaboration will allow banking to become more cyber resilient, providing customers greater transaction security and peace of mind."
Sharing Information: Are Banks Ready?
UBF's effort to create a platform for a sharing cyber threat indicators, such as hackers scanning for open ports or brute-force scan attacks, is a step in the right direction. But overcoming some banks' resistance to information sharing could be challenging.
Some organizations fear their reputation will be hurt if they share threat data that illustrates their vulnerabilities. Plus, UBF needs to clarify how threat data will be aggregated and shared and what role it will play in the information sharing.
The new threat information sharing platform will help alert banks to techniques aimed at bypassing security controls or exploitation of a security vulnerability - such as through the use of Heartbleed or Shellshock bugs or via DNS tunnelling or domain fronting - while providing them with all relevant details of software security vulnerabilities including how the vulnerability was discovered and what its potential impact would be.
Furthermore, the sharing platform will make banks more aware of recent techniques and development attackers have used, empowering them to confront new and evolving threats.
Elsewhere in the region, Qatar's Ministry of Information and Communications Technology has initiated projects to scale up and integrate its threat intelligence services with the financial sector being the key target. It's developed in-house tools, including DNS log analysis and malware analysis, to help it issue early warnings on potential attacks and conduct post-incident investigations, says Khalid Al Hashmi, the ministry's assistant under-secretary for cybersecurity.
The Benefits of Information Sharing
The Washington-based Centre for Strategic and International Studies says improved information sharing is critical to effective cyber incident detection and response, reducing duplication of effort and enabling one organization's detection to become another's prevention.
The benefits of information sharing, the centre, notes, include:
- Enabling organizations to enhance cyber defenses by leveraging the capabilities, knowledge and experience of a broader community;
- Providing better situational awareness of threats, including a deeper understanding of threat actors, their tactics, techniques and procedures, and greater agility to defend against evolving threats.
- Improving coordination for a collective response to new threats and reducing the cascading effects across an entire system, industry or sector.
"Having workshops among practitioners, regulatory bodies and industry associations for promoting compliance with laws and regulations and evolving risk frameworks would a good move as part of information sharing mechanism," one security practitioner, who asked not to be named, tells me.
While governments in the region have specified information sharing as a key component of the cybersecurity program for critical sectors, UBF's new initiative should provide an important catalyst for the financial sector to protect its digital assets and infrastructure.