The Fraud Blog with Tracy Kitten

Incident & Breach Response , Information Sharing , Managed Detection & Response (MDR)

Information Sharing: A Powerful Crime-Fighting Weapon

Law Enforcement, Government Agencies Stress that Threat Intelligence is Critical
Information Sharing: A Powerful Crime-Fighting Weapon
Jason Tunn of London Metropolitan Police Service

In October 2015, collaborative efforts to take down hackers linked to the notorious banking Trojan known as Dridex paid off for law enforcement.

See Also: The External Attack Surface Is Growing and Represents a Consistent Vulnerability

Operation SAMBRE was a global cybercrime investigation into the theft of billions of dollars from banks throughout the world, with top-tier banks in the U.K. and U.S. hit particularly hard. The cooperation of law enforcement officials in the U.S., U.K. and other nations resulted in the arrest of three individuals, two of whom are now serving jail time.

It was a massive undertaking, one that hinged on a mix of good old-fashioned detective work and technical savviness, Jason Tunn of the Metropolitan Police Service in London said in his keynote address at our Fraud & Breach Prevention Summit on Nov. 9.

Authorities arrested the two men now serving jail time after surveilling their apartment in London, awaiting just the right moment to nab them after they stepped outside to take a smoke break, Tunn explained.

But Operation SAMBRE wasn't just about good detective work. It also was about strong cyber threat intelligence and information sharing that hinged on trusted relationships with banks willing to share their fraud and attack details with police.

Banks Have to Be Willing to Share

Without banks' willingness to proactively share information with law enforcement, Operation SAMBRE would not have been a success.

Information sharing may sound cliché. Since the emergence of the Financial Services Information Sharing and Analysis Center, which got a significant boost in global recognition in the wake of the 2012-2013 distributed denial-of-service attacks waged against leading U.S. banks and financial firms, the term "information sharing" has been overused and, some might argue, diluted.

What does "information sharing" really mean? Tunn's description of Operation SAMBRE provides the perfect definition: communication of the details about cybercrime and fraud activity among financial institutions and, ultimately, with law enforcement.

The closing day panel, "We've Been Breached. Now What? How to Effectively Work With Law Enforcement," included, from left, Peter Yapp of the National Cyber Security Centre, Jason Tunn of the Metropolitan Police Service, John Salmon of Hogan Lovells and Paul Simmonds of the Global Identity Foundation.

I walked away from the London Summit reminded of just how critical information sharing is, especially when it comes to financial cybercrime.

And I got the sense that sharing information with law enforcement is less common in the U.K. than it is in the U.S. What's more, up until recently, it's not been very common for U.K. banks to share much among themselves, either.

GDPR Provides a Boost

But information sharing in the U.K. could get a substantial boost from the General Data Protection Regulation, which takes effect in May 2018.

The GDPR sets requirements for reporting data breaches or cybersecurity incidents in Europe. In the U.K., that means notifying the newly created National Cyber Security Centre of a cyber incident within 72 hours of its occurrence.

The purpose of the GDPR is to ensure more transparency with the government on cybersecurity incidents, as well as to protect consumers' privacy.

While "information sharing" is not an explicit requirement of GDPR, the more accustomed banks and others get to sharing cyber threat details with each other and law enforcement, the easier GDPR compliance will be.

And despite the U.K.'s plans to exit the European Union, British businesses are still required to comply with GDPR. Cybersecurity attorney John Salmon, a panelist at the summit, says U.K. organizations need to start moving forward with GDPR compliance plans now and start getting used to working with the NCSC.

Another panelist at the summit, Paul Simmonds, CEO of the Global Identity Foundation, says he's glad to see the formation of the NCSC, the new lead agency for cybersecurity and incident response and investigation in the U.K. One of its first tasks is to work with the Bank of England to come up with guidelines for managing cybersecurity within the financial sector.

But Simmonds argues that the formation of NCSC comes too late. The government is stepping in to ensure more collaboration many years after cyber threats reached a tipping point, he claims.

Many of the attendees at our summit had not yet heard of the NCSC, which was just launched on Oct. 31. So when it comes to information sharing, there's clearly a need for more awareness - and lot more action.

About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by, ABC News, and MSN Money.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.