Cyrus Vance Jr.: Information Sharing Will Thwart Cybercrime

Originally appearing on website for the Association for Financial Professionals:

NEW YORK — During a luncheon session Wednesday at New York Cash Exchange 2016, keynote speaker Cyrus Vance, Jr., District Attorney for New York County, weighed in on some of the most pressing cybersecurity threats to treasury and finance professionals.

Vance reiterated some of the comments he made at the CTC Executive Institute at last year’s AFP Annual Conference, stressing that collaboration across industries is essential in the fight to stop cybercrime. He also provided an update on the Global Cyber Alliance (GCA), which the New York County District Attorney’s Office, the City of London Police, and the Center for Internet Security founded in 2015. Vance even provided a theory on the origins of the SWIFT/Bangladesh Bank hacking.

“Sharing information of your intrusions with us is important,” he said. “I have gone to a number of financial institutions, asking them for their help to get us the data that relates to account takeovers and intrusions that they’ve experienced. We can scrub that data with our data analytics to find the point of incursion that occurred at the banks’ level and provide some kind some kind of exterior investigation to determine who committed the fraud.”

He noted that there are hundreds of thousands if not millions of incursions that happen every day, and a lot of information about those incidents still does not make its way to law enforcement. “It’s my job to reach out to you and find a way that we can get this information, so we can, with your partnership, utilize it to identify people who are hitting bank after bank after bank. Ultimately, with that kind of collaboration, we’re going to have a bigger impact on fighting cybercrime,” he said.

While there are many groups like the FS-ISAC that promote information sharing, what is needed is information sharing that is both cross-border and especially cross-sector, Vance stressed. For example, a bank may have the best cyber protection money can buy for financial services, but it should also be aware of what is happening in the transportation or aerospace sectors. “The criminals are in [all of those sectors] at the same time,” he said. “We need to collaborate—not just in smaller groups, but internationally. If you operate against cybercrime individually, it exercises the responsibility you have to have in terms of protecting your institution and answering to your board of directors. But cybercrime is just going to go up and up and up. So we need to work together.”

GCA update—and thoughts on SWIFT

GCA aims to create a collaborative group of businesses, municipalities and law enforcement agencies to address major cyberrisks. Vance’s office has committed $25 million to fund the GCA for up to five years.

The first area that the GCA is focusing on is phishing. While Vance acknowledged that phishing is fairly mundane, he sees it as the largest risk in cyberspace today. He noted if reports about the recent Bangladesh Bank/SWIFT incident are true, it likely began with a phishing attack. “The theory is that they got into that bank in Bangladesh by a phishing scam that enabled them to compromise the SWIFT communications and steal $81 million,” he said. “That hasn’t been verified, but it wouldn’t surprise me if that’s exactly what happened.”

The GCA is currently working with some of its members like Aetna, Bloomberg, Citi, RSA and Microsoft on a toolkit to address phishing in a corporate or municipal environment. Once it’s ready and tested, the GCA will share it with its 60 collaborative members.

“We are going to push these tools out, we are going to measure the results, and we are going to try collectively to reduce our cyberrisk working together,” Vance said. “We’re going to share the information we find, but this does not involve sharing client information from your institutions. What we’re looking for is the attack vector information—not the data from your clients.”