Interview

Knowledge sharing puts finance sector among best for cybersecurity

Richard Hummel, NetScout’s threat intelligence lead, points to FS-ISAC as a model of good knowledge sharing for cybersecurity in conversation with Stu Robarts.

Richard Hummel

The culture of knowledge sharing for cybersecurity within financial services has made it among the most digitally secure, according to NetScout’s threat intelligence lead. 

Speaking to Retail Banker International, Richard Hummel, who has spent over six years in the security division of the major network visibility platform provider, says he believes the industry is second only to government for its digital security – and that necessity as a result of handling money is not the only major factor for that. 

“One of the reasons I firmly believe that they are like that is not just because of the money because these guys share knowledge,” he says, referencing finance, banking, commercial banking and insurance specifically. “FS-ISAC, right? It's a great resource, and most of the major players in the banking industry are part of FS-ISAC. They freely share all of this information. ‘Hey, we saw this threat. It's coming in this way. Here's the network. Here's the details. Here's the characteristics. Here's the analysis’. 

“And it's a group-think, and it's shared knowledge so that everybody knows what's out there and what's impacting them. And that in turn, translates to better security postures for a lot of these organisations.” 

Hummel's comments are particularly pertinent given the recent revelation that 50% of UK businesses and 70% of large UK businesses were the victims of cyberattacks during 2023. 

Despite that, GlobalData's recent Thematic Intelligence: ESG Sentiment Polls Q1 2024 found that only 8.8% of businesses believe that cybersecurity is the theme that will affect them the most over the next 12 months. High inflation (36.2%), geopolitical conflict (35.9%) and digitalisation (10.5%) are all viewed as more pressing issues.  

Responding to Hummel's comments, a Financial Services Information Sharing and Analysis Center (FS-ISAC) spokesperson tells Retail Banker International: “We are glad to see FS-ISAC’s resources and contributions to the sector are well-utilised and appreciated. 

“We firmly believe intelligence and knowledge sharing is critical to the advancement of cybersecurity and resilience of the financial system, so it is important that our members and the industry at large know that FS-ISAC is a community of collaborators working together to protect the industry and strengthen security and resilience of each organisation while maintaining customers’ trust in the global financial system.” 

FS-ISAC is an international not-for-profit membership organisation with the stated aim of “reducing cyber risk for the sector through intelligence sharing.” 

It is headquartered in the US has offices in the UK and Singapore and has member institutions in around 70 countries globally – among them banks, exchanges, fintechs and investment and securities firms. 

Of its impact on the industry, the spokesperson adds: “FS-ISAC diligently works to advance cybersecurity and resilience in the global financial system, and we have played a key role in protecting the sector for 25 years. Cyber threat intelligence sharing is a key component of how we achieve this goal. By coordinating with member financial firms across regional and industry segments, we are able to source and share a wide array of tactical, operational, and strategic intelligence and analysis both on a round-the-clock basis and during active incidents, providing real-time support and offering mitigation guidance. 

“Moreover, FS-ISAC assesses long-term threats that may impact the financial sector, offering industry guidance and frameworks as well as exercises and playbooks to strengthen cyber resilience. 

“As new technology emerges and the threat landscape evolves, FS-ISAC works with the sector to adjust its prevention, defense, and mitigation strategies to ensure the security of our member financial firms and uphold trust in the global financial system.” 

Noting that there are ISACs for various other industries, Hummel says of their value more broadly: “You can see that the maturity level of a lot of these security professionals that are part of these things is much higher than those that are not because [the latter are] not benefiting from that group-share. I think that plays a big role. This reeducation process, making sure that everybody's aware of what's happening out there, there definitely are tiers of who's prepared.” 

Despite the value of such knowledge sharing, Hummel subscribes to the now-widely-held view that organisations should expect to be compromised regardless of how well protected they are. 

“Now, the conversation in security is not necessarily prevention as the cornerstone, but visibility,” he says. “What we want to try to do is detect a threat as soon as possible. If you can detect that before they compromise you, awesome, right? Do it. If you can't, you need to detect them the moment they enter or very soon thereafter. You also need to have forensic evidence. If they do compromise you, what did they do afterwards? How do they pivot laterally? Did they exfiltrate anything?” 

By way of summary, Hummel adds: “You have to be able to understand adversaries and what they're doing.”