Large-scale cyberattacks on critical financial infrastructure are a major threat to the safety and stability of the global economy. To mitigate the systemic consequences of such an attack, we must increase the focus on response and recovery so firms are prepared to detect problems and recover from them as efficiently as possible.
At DTCC’s 2018 Fintech Symposium, a group of cybersecurity experts offered their collective insights on the strategic shifts and leading practices in cyber response and recovery in financial institutions and fintech’s impact on cybersecurity.
The panel discussion, entitled “Recovery and Resilience in a Digital World,” was moderated by Stephen Scharf, DTCC Managing Director and Chief Security Officer. Panelists included Russell Fitzgibbons, Director of Risk, Financial Systemic Analysis and Resiliency Center; Paul Mee, Partner, Digital and Financial Services, Cyber Platform Lead, Oliver Wyman; and Javier Pérez-Tasso, Chief Executive Americas & UK Region, SWIFT.
In March, DTCC and Oliver Wyman issued a white paper calling for increased cross-industry coordination around response and recovery mechanisms as essential to mitigating the systemic consequences of a large-scale attack.
READ THE WHITE PAPER: Large-Scale Cyber-Attacks on the Financial System
The impetus behind the white paper, Mee said, was to identify if the financial services industry has the right practical preparations in place to respond and recover from a cyberattack.
While there are a number of things that firms can do to prepare, there are also things that can be done at the industry level. The questions that need to be answered are: What level should we focused on? And what issues should we be looking to solve? In a complex and interconnected marketplace, one firm is part of a bigger ecosystem, and that interconnectedness is going to impact others who are part of the process.
“That is why it has to be a collaborative effort,” Fitzgibbons said. “It starts at the firm level, to insure they’ve got all of the appropriate requirements. But then it needs to be collaborated within the industry.”
In December 2017, SWIFT came out the SWIFT Customer Security Program which aims to improve information sharing, enhance SWIFT-related tools for customers and provide a customer security control framework.
Perez-Tasso agreed that cybersecurity needs to be handled at the industry level, but, he added “the starting point is at the end-point, at the customer level, meaning the customers that connect to your platform are secure.”
The topic of end-point protection is particularly relevant for distributed ledger technology. “The most widely used effort we see right now is around bitcoin and most of the bitcoin attacks are end-point attacks,” Scharf said. “They’re hacking someone’s PC and stealing their wallet.”
Fintech and Cyber
The panel continued its focus on fintech and cybersecurity by revealing the results of a poll in which the audience was asked to rate the impact innovation and fintech have on cyber defense and resilience. An overwhelming majority (82%) said it makes the challenge harder while 17% said it makes the challenge easier. The remaining 1% said it has no impact.
Perez-Tasso said that there’s two sides to fintech’s impact. On one hand, financial institutions continue rolling out new digital services, giving cyber criminals a growing number of entry points through which they can access customer data and systems. He added that the best approach is to account for cybersecurity when it comes to designing new digital products.
But on the flip side, he added, there are some great technologies that are helping the industry address cybersecurity from detection, remediation and forensics.
“It’s also about using artificial intelligence in a smart way to identify when these attacks come through to quickly alert the right parties so they can take their own counter-measures,” Mee said.
The panelist drilled down to how specific innovations can be leveraged to help address cybersecurity challenges.
Perez-Tasso said that while blockchain holds promise, end-point security needs to be handled as well. “At the end of the day it’s about making sure that you have the right levels of end-point security for prevention and detection,” he said, adding that enhanced detection and prevention campaigns through information sharing is also important.
Fitzgibbons pointed to blockchain’s potential to help expedite recovery after an attack as a key way to utilize the technology. “One of the biggest issues we run into is how do you get back to the state of known good,” he said. “The adversary comes in and they’ve corrupted data so you just don’t know. Blockchain might be something that will help expedite that.”