Greater involvement by banks in the nonprofit Financial Services-Information Sharing and Analysis Center — founded in 1999 — to communicate threats is a given in the current security environment. But effective sharing among such a large slice of companies (7,000 members are in the group), technological complexities and regulatory hurdles pose challenges.
Banks increasingly now are forming their own subgroups within the FS-ISAC — including one reportedly formed by the eight largest banks and several others — to focus sharing among cliques of peer institutions with common security concerns. Meanwhile, new technology offers hope of banks being able to communicate threats more efficiently to each other, and there is hope for better information-sharing between banks and the government.
“Generally speaking, there’s a willingness to share [cyberthreat information among financial institutions],” said Jason Witty, chief information security officer at U.S. Bank. “There was a realization a long time ago that we don’t compete on safety and soundness. Sharing threat data with each other so that it doesn’t affect the other guy is really quite common.