For the last two days, the leadership of the Financial Sector has met in Miami to discuss and learn how to improve their cyber security posture. The FS– ISAC hosted a conference that brought in key players from one of the most mature of the U.S. Critical Infrastructure Sectors and matched them up with a wide array of tech-related experts to address cyber security.
I had the privilege of talking to one of the group’s general sessions about the need for and promise of continuous monitoring as a way to reduce cyber risk to a more acceptable level. Other speakers addressed the need for data base security (very critical for the financial sector operations) and growing attack profiles that they will face. There were pure techies, policy types and researchers. The group looked at threats and at solutions but all had one purpose: help the financial sector leadership recognize the need in this area and offer suggestions on how industry can help them. The first day, the speakers were the heads of several large firms who addressed the larger policy and leadership issues that must be wrestled with not by CIOs and CISOs, but by CEOs. This is a critical aspect that seemed to resonate with the attendees.
The financial sector is frankly one of the most lucrative targets available to cyber criminals and other miscreants. The first reason is obvious, and one only has to apply the “Willie Sutton Rule.” Asked why he robbed banks, the renowned crook famously answered, “That’s where the money is.” The potential return from lucrative cyber crime is so great that going after the financial sector is a no-brainer for criminals.
There is another factor at work that might make it a target from others as well. For a nation like ours, which is built on democratic capitalism, what sector carries more symbolic value than the financial sector? Usama Bin Laden recognized this, and his choice to target the Twin Towers on 9/11 was based on a desire to strike a blow against our economy – right at Wall Street. Might not cyber terrorists or rouge nations try to do the same through cyber means?
Fortunately, as mentioned, the financial sector, led by the FS-ISAC, has a mature and robust view of the threat and the possibilities for addressing it effectively. The conference in Miami is a good indicator on their seriousness and hopefully of their potential for success.
