A Joint Approach to Cyber Threats

By Duncan Campbell

Now more than ever, the world is vulnerable to hacking, phishing, data breaches, malware attacks and denial of service attempts from bad actors and nation states who want to compromise individual identification data and wreak havoc on our economy. The banking industry is at the forefront of this battle, and we all share a responsibility to shore up our own individual security systems, which in turn will bolster the industry’s overall security posture.

Along with Doug Johnson, ABA’s SVP of payments and cybersecurity policy, I have the privilege of co-chairing a joint ABA/Alliance of State Bankers Associations Cybersecurity Working Group, consisting of senior ABA leaders and nine of my state association peers. This effort is just one example of how the ABA and state bankers associations work together to pursue strategic initiatives on behalf of our respective members.

The Cybersecurity Working Group was developed last fall to identify resources, information and solutions for state associations and ABA to better assist our members in dealing with cyber threats. Recognizing this goal, as well as the need for an industry-wide protective framework, we have worked diligently to provide resources to all state banking associations and their banks through membership with the Financial Services Information Sharing Analysis Center (FS-ISAC).

The FS-ISAC is a nonprofit information sharing forum, established by representatives of the financial services industry in an effort to facilitate the sharing of threat and vulnerability information. The Pennsylvania Bankers Association became an FS-ISAC member in 2014, seizing on an opportunity for members to access to critical cyber information.

Earlier this year, all state banking associations were invited to join the FS-ISAC for 2015 under a tiered pricing model that would be paid for by ABA. The services provided to the state associations include:

• Access to the FS-ISAC members-only website for four users.
• Crisis notifications: This automated emergency notification service allows the FS-ISAC to reach its membership in a matter of minutes via multiple communication channels (voice, email, pager, SMS text) in the event of a crisis.
• Alerts from government agencies, other FS-ISAC members and security firm partners.
• A customizable email notification system.
• 24/7 watch-desk access to security analysts.
• The ability to share information with the membership through anonymous and attributed submissions.
• The ability to submit topics of interest for member surveys.

Beyond the obvious benefits associated with membership, it is important to note that our regulators have embraced the FS-ISAC as a valuable source of threat and vulnerability information. The Federal Financial Institutions Examination Council has recommended FS-ISAC membership to financial institutions of all sizes. As we work to ensure a national information sharing framework for the financial services industry, I encourage all institutions that are not currently part of the FS-ISAC network to consider joining. The only way we can achieve industry-wide information-sharing is to engage all financial institutions. The small cost of membership is easily offset by the vast amount of information provided to FS-ISAC members. You can learn more by going to fsisac.com.

While information sharing is clearly a critical focus of the ABA/Alliance Cybersecurity Working Group, there are many other areas that grab our attention. We will continue to look at issues such as cyber incident response, cyber training and educational tools, and third-party risk management. If there are other issues of importance to you, please share them with your state associations and we will work to address them.

Cyber vulnerability is not going away. We need to work together, and stay vigilant and focused in order to protect ourselves and our customers. Thank you for realizing that cybersecurity is a shared responsibility, and one that requires everyone’s active engagement.

Duncan Campbell is president and CEO of the Pennsylvania Bankers Association.