On a panel of private sector and government representatives, the Data Security and Cybercrime session of the conference offered a fresh look at an increasingly complex problem and what is being done. The first panelist, Toni Gillich, from the Government Accountability Office (GAO), spoke to the merits of recent legislation on cyber crime delineation and prevention, including the 2014 Cyber Provision to the National Defense Authorization Act (NDAA) and the 2013 Cyber Security Strategy Report.
Then we heard from Mike Benardo, from the Cyber Fraud and Financial Crime division of the FDIC. Mr. Benardo discussed cyber threats to both US FIs and non-US FIs. Included in the ever-growing list of threats are cyber-attacks as a form of terrorism and the exposure of vulnerabilities in the global supply chain. He also addressed the increased presence of organized crime syndicates in cyber threats. The takeaways from Mr. Benardo remarks were the FDIC’s attempts to gain Classified and Top Secret Classification clearance for both the public and private sector so that classified data can be shared with the proper channels and a collaborative process can take place.
After Mr. Benardo, Glenn Dinetz from Dun & Bradstreet discussed cyber security’s role in the private sector. Four separate types of threats were described:: “Hacktivists”, one of the more ‘benign’ risks as they are more likely out to expose vulnerabilities than for financial gain; Fraudsters, who are criminals solely out for monetary gain; Nation/State sponsors engaged in cyber warfare, disruption, intelligence, and counter-intelligence; and Cyber Terrorists, out for disruption and destruction. There has also been a shift in the focus of attacks from large FIs to “soft targets”, i.e. third party vendors and those with greater vulnerabilities. Also of note in Mr. Dinetz’s presentation are the institutions focusing on cybercrime: (ISC)^2, International Information Systems Security Certification Consortium that educates and certifies information security professionals, and Infragard, a collaboration between the FBI and the private sector focused on information and intelligence sharing, and ISACA, the Information Security Access and Control Association.
The final speaker of the Data Security and Cybercrime panel was Charles Beard, a principal in the Forensics Practice department of Price Waterhouse Coopers. He pointed out, as a wise warning, that many of his clients move from being a victim to being a defendant because the security breach happened due to a vulnerability that they either knew about or should have known about.
The future of data security is a pressing concern. The commitment needed to handle such a complex issue is going to require a large amount of resources and man-hours to not only catch up to where the cyber threats are coming from, but also to predict where the future threats are hiding.
Sean Huber is a second-year graduate student earning his MA at MIIS with a specialization in Trade, Investment, and Development. He focuses on cross-border capital flows and the implications, both good and bad. He is taking the CFCS examination in April.