SINGAPORE (May 12): As Covid-19 catalyses the digitalisation of the twenty-first century economy, financial institutions are increasingly exposed to cybersecurity threats. They all maintain that they take security seriously but with the rapidly-growing volume of digital transactions done online and so much confidential data floating around, cyber criminals are always tempted to give it a go.

“The first half of 2019 saw a 50% increase in attacks by mobile banking malware compared to 2018. This malware can steal payment data, credentials, and funds from victims’ bank accounts, and latest versions are made available for widespread distribution to anyone that’s willing to pay the malware’s developers,” notes a report by cybersecurity firm Checkpoint Research. FS-ISAC found that phishing attacks on financial institutions have surged by a third during the pandemic, while there has also been a spike in fake domains with a financial theme as online scammers seek to prey on the public’s need for capital amid the present state of economic uncertainty. 

Greater US-China rivalry post-pandemic could also see increased prevalence of cyberattacks related to such great power contestation, a good example being attacks associated with the contentious South China Sea dispute. “[Advanced persistent threat] groups that target governments in the region are frequently interested in topics related to the South China Sea. And they are increasingly active during times of heightened political tension or transition,” noted a report by Fireye Threat Intelligence on the Southeast Asian cyberthreat landscape. 

It is in this context that the Financial Services Information Sharing and Analysis Center (FS-ISAC) has launched the FS-ISAC intelligence exchange to help members keep up to date about the latest cybersecurity threats to financial institutions. FS-ISAC is a US-based non-profit industry consortium dedicated to reducing cyber-risks in the global financial system, providing 7000 member firms across 70 countries with cyber threat intelligence, resiliency resources and a trusted peer-to-peer network to discuss and combat cybersecurity threats. 

“The pandemic has caused a wholesale shift in financial services operations in an extremely short time. Employees are now working from home all over the world, and many customers are using digital services and tools for the first time. With many of these changes set to alter the financial services cyber threat landscape well beyond the immediate crisis, the need for the industry to stay alert, apprised and connected has escalated to a new level,” says Brian Hansen, who serves as Executive Director of FS-ISAC’s APAC operations based in Singapore. 

The Intelligence Exchange is developed based on the principle that firms are more secure if they cooperate against cybersecurity threats rather than facing them alone. It consists of two main applications - Connect and Share. While Connect provides a secure environment for members to discuss common cybersecurity challenges together, Share is a portal for members to post cybersecurity threats they may be facing to raise awareness among other members. 

“The first group of FS-ISAC members onboarded to [Connect] in early April was the COVID-19 group, which is utilizing the secure chat for communication specific to COVID-19 related intelligence, cyber threats and industry developments,” said a FS-ISAC fact sheet. Other examples of communities of interest that have been onboarded include Merger, Acquisitions & Divestitures,Threat Intelligence, Fraud as well as global and regional Cyber-intel. 

Share, on the other hand, includes regular updates on potential cyber-risks faced by the consortium’s members. Updates are categorised into easily-accessible channels that are filtered bespoke channels to allow users to access the most relevant updates. Information is submitted by individual members for the FS-ISAC to process, analyse and enrich for publication to other members. The consortium also includes a “doc library” to share content from members' events to ensure the information sharing and foster community-building within the industry to spread best practices and useful information within the FS-ISAC community. 

To encourage the sharing of such sensitive information, FS-ISAC relies on a “Traffic Light Protocol”, which allows members to control the degree of access or details divulged about a particular piece of information or intelligence. While information labelled “white” is subject to unlimited disclosure, those labelled green, amber and red are subject to varying degrees of restricted dissemination. Hansen also pointed out that the closed membership structure and two decade-long track record of FS-ISAC also assures clients that their confidentiality will be upheld.

“What I find very useful when talking with members here in Asia-Pacific that they have noticed...is that capability to rapidly use what we are already using as a tool - our mobile device whether it be a tablet or a phone or some other form of small computer - and being able to quickly gather that information and exchange it from a small firm in Australia all the way over to another firm in Germany or a company in the United States,” said Hansen. He notes that small firms stand to benefit from membership, as they can piggy-back on threats picked up by larger firms with more robust cybersecurity infrastructure. 

Such intelligence gathering is spearheaded by the Asia-Pacific Threat Intelligence Committee, which consists of fifteen FS-ISAC members that meets every fortnight to actively share cyber threats and challenges they have faced. Members also receive a weekly watch report to update them about key cyber threats that firms are facing. Such efforts are especially important in the unique conditions presented by Covid-19, with Hansen highlighting these intelligence sharing efforts as crucial in helping the finance community better understand Covid-19-specific threats. 

Similar services are not unheard of. Fireye’s Intelligence Portal, Control Risks’s Core+Cyber provide cybersecurity threat portals while Zoom and Google Hangouts are emerging as the business communication channels of choice under Covid-19.

FS-ISAC believes, however, that their comparative advantage is their industry-tailored service and their community-driven approach to cyber threat analysis, though it also also works with affiliate partners such as threat intelligence providers and vendors (and law enforcement agencies and regulators too) to share intelligence. 

“What makes us different from...any other platform is that we are not for profit and mission-driven,” remarked FS-ISAC Chief Communications Officer Adriana Villasenor. “So everything we do is focused at delivering on the mission of safeguarding the global financial system by reducing cyber risk. Finally, this new tool was built with our membership in mind, so the communities of interest are specific to our industry.”

FS-ISAC hopes to expand Asian operations by reaching out to countries. Besides inviting prospective clients to some of its events, the consortium also seeks to share some of its intelligence with non-member firms, which it sees as part of its mandate to strengthen cybersecurity awareness within the financial community at-large. While FS-ISAC primarily works in English, it also actively translates offerings in non-English-speaking societies like Japan. 

Ultimately, Hansen noted that the most significant cybersecurity risk in the Asia-Pacific is a lack of awareness about potential cyberthreats to their businesses.

“For some of the countries that potentially have less experience when it comes to cybersecurity or less mature markets...just being able to help them understand there is quite an uptick on Covid-19-related threat,” he commented, “Covid-19 happens to be the current threat globally, but bad actors, hackers or state-supported actors...will take advantage of what that threat happens to be.”