Want to stop cybercriminals from hacking into banks and exploiting vulnerabilities? Make them try harder. David Schwartz, President and CEO of the Florida International Bankers Association (FIBA) is a passionate believer in how cyber-threat intelligence information sharing between banks and regulators can be a key component to stopping bad actors.
“In the cyber area, the first step in reducing cyber-breaches is sharing information, both typologies and methodologies,” Schwartz said. “If it has happened to your institution, it could happen to another, and there is a domino effect.”
Schwartz hopes that FIBA — a nonprofit international trade association dedicated to fostering the growth of international banking through education, advocacy, and networking — will be the forum for these discussions.
FIBA’s Commitment to Stopping Cybercriminals
FIBA boasts a membership list of more than 70 financial institutions from 18 countries, including the largest banks in Europe, the U.S., Latin America, and the Caribbean that are active in international trade and finance. Schwartz wants to get all of them talking about cybersecurity.
One way he is accomplishing this is by hosting the 33rd Annual Financial Cybersecurity Conference (CELEAS), October 29-30 in Miami. In addition to giving the Opening and Welcome remarks, Schwartz will moderate a panel titled, Cyberthreat Intelligence Sharing. And what better time to have this conversation than during the month of October, also known as National Cyber Security Awareness Month.
Upgrading Technology Platforms
While hackers are sophisticated and use a variety of tactics to attack financial institutions, their goal is simple. They want your data; including personal identifying information and your bank account information. In Latin America particularly, there are several basic vulnerabilities that cybercriminals are using as points of entry. “Cybercriminals are using, what I call, 22nd century technology to attack us,” Schwartz said. “In the region [Latin America], financial institutions are operating on 20th century technology.”
Sound a little like bringing a knife to a gun fight? That’s because it is. If you are trying to stay one step ahead of the bad actors, you can’t be behind in your technological capabilities. Schwartz points to recent attacks in Latin America such as the malware-powered cyberheist of the Bank of Chile which resulted in a $10 million dollar loss as evidence that Latin American banks need to upgrade their technologies and conduct risk assessments to understand where the vulnerabilities are. “A simple review and revision of platforms, both setup and access points, is a great place to start,” he said, further citing the 2016 Bank of Bangladesh super-heist as evidence that upgrades are critical. In that incident, cyberthieves got away with $81 million dollars by infecting the bank’s system with malware that disabled the SWIFT printer.
Strengthening Relationships and Sharing Intel
Financial institutions clearly would benefit from stronger relationships with regulators to help deter and respond to cyberattacks. Working in siloes will only further enable potential cyber-criminals to accomplish their main objective: stealing funds.
Schwartz has a continued goal of providing awareness and education to banks on these hot button issues, everything from defensive tactics to getting law enforcements perspective. “If we can share information, we can shut down their pathways into our systems, and with cooperation we will continue to shut the criminals out,” he said. “There are only so many avenues they can use.”
Some of the best ways to partner, according to Schwartz, is through initiatives by banking associations to create cyber-forums in Latin America. We need to bring everyone to the table from the smaller, community banks to the largest banks in the world and provide a space for them to sit down and exchange ideas, he said. Associations like FIBA provide forums and committees such as the Operations and Technology committee and the Legal and Regulatory Affairs committee.
“This is really the best place to start, particularly if banks can get together and meet,” he noted, adding then the next step is with the central banks and regulators such as with groups like the Financial Services Information Sharing and Analysis Center (FS-ISAC). “But the banks themselves have to be involved in the conversations and in the working groups.”
Learn More about Cybercrimes in Financial Services
If you are interested in learning more about cybercrime, follow the Legal Executive Institute’s Risk and Compliance page.
You can also download our whitepaper How Financial Institutions Can Best Safeguard Against Cyberattacks with Cybersecurity Expert Christina Ayiotis