DTCC Connection

Sep 26, 2016 • DTCC Connection

It Takes a Cyber Community to Prevent Online Attacks

By Stephen Scharf, Chief Security Officer, DTCC

It Takes a Cyber Community to Prevent Online AttacksIn the wake of the September 2001 attacks, firms around the world turned their attention to enhancing physical security as part of a steadfast commitment to mitigating risk. At the time, many organizations established redundant data centers to protect against the potential for the loss of a physical location and to ensure continued business operations.

Fast forward to the November 2014 Sony Pictures hack, and cyber security was once again in the spotlight - gaining board-level attention and increased focus from risk management professionals around the globe. Many companies rushed to secure their firewalls and update their antivirus utilities as the significant financial and reputational damage at Sony became clear. Cyber perimeter defense was redoubled, and firms began to recognize the importance of sharing cyber-threat information.

Just two years later, the cybersecurity model continues to evolve. Today, it has moved beyond perimeter defense, with the monitoring of internal systems for anomalous behavior - be it malicious or simple lax practices by well-meaning employees - becoming increasing important.

Against this backdrop, Singapore has taken steps to ensure that government agencies, companies and even individuals in the city state have the best cybersecurity information and practices possible at their fingertips. In January 2014, the government announced the establishment of a National Cybersecurity R&D Laboratory at the National University of Singapore to undertake cybersecurity research and development in collaboration with industry or international partners.

This initiative will be backed by a Cyber Security Bill that will be tabled in 2017 to strengthen online defenses. If passed into law, network operators will be required to take proactive steps to implement cybersecurity basics and to report cybersecurity incidents when they occur.

Such government action, which parallels Hong Kong's Cybersecurity Fortification Initiative (CFI), has the potential to ensure a solid baseline of cyber security defense across major economies in the region. However, individuals and companies must continue to ensure that their own cyberhouses are in order.

Leaving physical security aside and focusing on cybersecurity, we are left with a trifecta of approaches that we consider to be best practice. To achieve a high level of cybersecurity, it is essential for companies to focus on:


  • Cybersecurity basics: While it can be tempting for companies to chase the latest cybersecurity solutions, even the most cutting-edge system will be of little use if the basics are not in place. We cannot overstate the benefits of robust implementation of "old-school" approaches, such as patch management, vulnerability management, separation of duties, identity management and access management.
  • Information sharing about cyber threats: A robust set of internal controls is a critical component of a cyber security strategy, but current complexities no longer allow firms to attempt to independently protect against the myriad of existing threats. Thus, information sharing has become a powerful cybersecurity tool. By quickly sharing details of a cyberattack with the wider community, any one company has the potential to quickly render a new attack ineffective. Essentially, information sharing serves as a foundation for the cyber equivalent of "herd immunity", inoculating the wider cyber community against the most virulent threats at any given time.
  • Monitoring network activity to identify anomalies: Network administrators have long recorded and analyzed daily system logs in order to identify anomalies that can arise from something as seemingly innocuous as opening a PDF file sent from an external network or clicking on a phishing link.

However, in recent years, the resource constraints of manual monitoring have given rise to an automated "behavioral intelligence" approach where internal networks are constantly monitored and compared to a baseline to raise real-time alerts of possible threats. The key benefit of real-time monitoring is that it can identify a potential attack the moment that it begins, dramatically reducing response time, minimizing operational disruption and potentially significantly reducing its impact.

At DTCC, we believe that when firms leverage these proven best practices, they provide a solid foundation for a robust cyber defense system. In our view, Singapore's proposed Cyber Security Bill recognizes that the implications of maintaining strong cybersecurity basics go well beyond any one company and have the potential to influence the wider cyber community's level of vulnerability to attack.

This article first appeared in The Business Times on September 21, 2016

dtccdotcom