Wall Street Teams Up to Try to Fight Hackers
Only the most nefarious threats bring intense competitors together in solidarity. Cyberwarfare is indeed an ominous enough threat to do just that.
Cybersecurity organization Soltra was formed as a joint venture between two financial services groups to create Soltra Edge, a software program that shares information about security threats between more than 100 banks.
Soltra was launched by the cybersecurity information sharing group the Financial Services Information Sharing and Analysis Center and the global financial services market infrastructure group The Depository Trust & Clearing Corporation. Named after a series of fire signals that were used in Europe hundreds of years ago to warn against invaders, the Soltra Edge software gathers information about potential security threats from multiple banks and analyzes it in real time with the goal of catching hackers faster than they could be if each bank were working to identify threats independently.
U.S. Bancorp and BB&T are both contributors to the launch of the Soltra Edge partnership, as are about 100 other banks and financial entities, according to Andrew Hoerner, spokesperson for the group. Other participating banks and organizations asked not to be named, Hoerner says. The software will be officially released on Dec. 2, according to a statement released by the group today.
“We need to re-imagine cybersecurity and get beyond a siloed organization, disparate vendor mentality,” says Bill Nelson, president of Soltra and president and CEO of FS-ISAC, in a statement. Soltra Edge “will connect thousands of entities globally, enable them to communicate using a consistent language and help organizations take immediate action.”
The development of Soltra Edge comes on the heels of some of the worst cybersecurity breaches in the financial sector’s industry. Banks have to find a better solution to security. For example, industry juggernaut J.P. Morgan Chase lost personal information of north of 80 million businesses and individuals at the hands of hackers earlier this year. And that’s J.P. Morgan Chase. If any company should be able to protect against a few rogue hackers, it should be the large, global banks, what with the billions upon billions the bank has access to and the global network of talent. But not only was J.P. Morgan Chase not able to protect its customer base from hackers, but chairman and CEO James Dimon says the threats from cybersecurity are only going to increase in coming years.
J.P Morgan Chase will have spent $250 million on cybersecurity with approximately 1,000 people dedicated to the issue by the end of this year, Dimon wrote in his annual letter to shareholders. “Cyber attacks are growing every day in strength and velocity across the globe. It is going to be a continual and likely never-ending battle to stay ahead of it — and, unfortunately, not every battle will be won,” Dimon says. One of the industry’s best defenses would be “intelligence fusion,” or teaming up with other industry leaders, Dimon says. Soltra Edge was not specifically named in Dimon’s letter.
Cybersecurity industry experts were conflicted as to whether banks collaborating would be help protect consumers from hackers. On one hand, if a suspicious computer is flagged across multiple banking systems, then the partnering organizations can better identify potential threats.
“Often a possible threat can be upgraded to be a credible threat if certain activity is seen across two or more institutions. At the volumes of activity they see, being able to make these connections across institutions is critical,” says Will Ackerly, CTO and co-founder of Virtru, a digital privacy and security company. “If they do not share this information, then banks may not know that they should be on alert as these computers begin their targeted attacks.”
Not only can banks team up to identify malicious computers but also to identify suspicious tools and hacking techniques, says Ackerly.
Another cybersecurity expert also said industry collaboration can only be helpful. “Cooperative sharing of hacking and fraud information between financial institutions is a very good thing as it increasing broad visibility of the threat,” says Jeremiah Grossman, founder and CEO of WhiteHat Security. “For years cyber-criminals already shared intel and cooperated extremely effectively, so it only makes that the defenders do as well.”
Grossman also said that without being able to investigate the Soltra Edge software specifically, it would be hard for him to make any definitive statement on the efficacy of the platform.
But, size might not matter. John Prisco, president and CEO of Triumfant, a malware detection company, says that more firepower is not necessarily better in cybersecurity because hackers create specific, nuanced attacks for specific targets. “Scale will not help because sophisticated attacks are engineered just for the target company,” Prisco says.
Rather, security officers need targeted detection software that doesn’t build off of prior knowledge. “That will give large as well as small institutions a fighting chance against ever evolving attacks,” Prisco says.
More than ganging together, the banking industry needs to shift its strategy from playing defense to offense in cybersecurity, says WhiteHat’s Grossman. “This Soltra appears solely reactive. Banks and financial institutions need to do a better job at securing their online web-based software, where the bulk of the attacks target, to prevent breaches before they happen,” he says.