Panel cites information sharing and the need for regulatory alignment as key priorities
迈克尔Bodson, 存 President & 首席执行官
What should be the priorities when it comes to protecting critical infrastructures, like the financial services sector, 从网络威胁?
迈克尔Bodson, 存总裁兼首席执行官, was among a panel of experts who addressed that question during the “Designing for Cyber-Resilience” panel at the World Economic Forum in Davos, 瑞士上个月.
在他的评论, Bodson said cyber attacks are always top of mind for him, adding that it is the risk most likely to keep him awake at night. “A cyber attack is the greatest threat facing the industry today,”他说. “Because of the interdependencies of the financial marketplace, an attack on any financial institution could potentially have a systemic effect resulting in a disruption to the global banking system.”
That concern is well founded when looking at a recent report from Verizon, The 2015 Data Breach Investigations Report, which found the financial services sector remains one of the most heavily targeted industries globally for cyber attacks, with roughly one-third of cyber attacks affect financial organizations.
“A key to winning the cyber war is automation and information sharing – a community defense model,”Bodson说. “We have to make it more expensive to launch attacks by limiting the cyber-criminals ability to re-use a particular virus or strategy.”
存’s joint venture with the Financial 服务 Information Sharing and Analysis Center (FS-ISAC) and industry volunteers produced Soltra 在2014年末. Its first product, Soltra EdgeTM, consumes large volumes of complex intelligence across industries and then standardizes, prioritizes and routes it to clients in real-time.
“Automation has enabled the industry to reduce the threat indicator analysis lifecycle and immediately shut off an attack,”Bodson说. “That gives criminals much less time to inflict damage.“
The panel also discussed how to work within the “patchwork of regulations” created to protect critical infrastructures. Bodson lamented that regulatory requirements related to protecting against cyber attack are problematic for two reasons: First, they are intended to solve yesterday’s challenges, 和第二, they are not harmonized globally.
“Many regulators follow an old checklist of requirements when performing an examination,”他说, “This forces financial institutions to put time and resources into ensuring compliance instead of protecting against current or new types of attacks.”
As an example, Bodson cited the CPMI-IOSCO consultative paper from November 2015 focused on Guidance on Cyber Resilience for Financial Market Infrastructures, which calls for full recovery from a cyber event within in two hours.
“When you are under a cyber attack, one of the worst things you can do is turn on machines too quickly,”Bodson说. “Yes, we must meet regulatory obligations, but at what price? By turning on the systems too quickly, you could promulgate that virus throughout the system.”