On Main Street


A Second Cyberdefense

By Noah W. Wilcox, Grand Rapids State Bank

Information is the new coin of the realm, and financial information is the most widely prized. Today protecting rapidly escalating volumes of faster-moving information has become one of the most pressing technology challenges for businesses and other organizations. Nowhere is this more consequential than in the cybersecurity undertaken by the nation’s financial sector, including community banks.

Every day a toxic new cyberattack or malware mutation seems to infect the digital bloodstreams of our country’s interconnected financial and commercial networks. As community bankers, we’re learning more firsthand every day how swiftly sharing accurate, actionable and high-quality information has become our best defense in combating cybercrime. The faster our institutions receive technically relevant information, the more effective we are in taking the specific countermeasures that each new threat requires.

Certainly, sharing information on cyberthreats across the financial industry doesn’t happen yet in real time today. For more than a decade, however, working with government agencies and nongovernment entities such as the Financial Services Information Sharing and Analysis Center (FS-ISAC), our financial industry has improved its information-sharing capabilities and systems considerably to fight cybercrime. Working with our technology service providers and third-party vendors, our industry is getting faster, more efficient and smarter in meeting the challenge, but more progress is needed. Most important, in addition to establishing classified data clearances and faster briefings, the nation’s 6,500 community banks need to be mobilized as a frontline intelligence-gathering and countermeasure deployment resource.

However, as the huge data security breaches at numerous large retailers have shown, the financial services industry cannot address today’s cybersecurity threats as its own island. As an integral player in the payments system, the retail industry needs to adopt data protection standards as rigorous as those required of the financial industry, a key issue I know ICBA is actively addressing with Congress. But it’s also increasingly apparent that effective and consistent standards directing how and when retailers share information about cyberbreaches with financial institutions are needed. Unfortunately, the retail and merchant industries don’t have such federal information-sharing standards, and it needs them.

Relatively simple, practical steps can and should be taken by retailers and government agencies, including widely disseminating IP addresses associated with cyberattacks. But achieving thorough standards will require working through a patchwork of legal, technical and trust-related issues. Clarifying legal uncertainties for merchants over anti-trust laws and data privacy liabilities are necessary and could require congressional action. Another issue is building a trusted working relationship among government agencies, merchants and the financial sector to achieve cross-sector coordination, which will take experience and time.

In the end, however, the quality and timeliness of information about cyberattacks that retailers, government agencies and interested private parties share with financial institutions will significantly determine how much serious damage these threats can do. Strong preventive cyberdefenses are essential, but effective information sharing is a second defense that is becoming almost as important. This is a new imperative for everyone involved with maintaining strong cybersecurity.

Noah W. Wilcox is president, CEO and chairman of Grand Rapids State Bank in Grand Rapids, Minn.