How the financial sector is learning lessons from forests to counter cybercrime.

When a tree in a forest comes under attack – such as from an animal eating its leaves – it releases hormones and pheromones alerting others to the danger. These can trigger changes in the composition of sap in surrounding trees to make it less appealing to the predator.

The forest works as a collective. It recognizes a threat against one is a threat against all, so information is shared accordingly.

It’s a valuable lesson and one the financial sector is learning in its fight against cybercrime. According to research from the Financial Services Information Sharing and Analysis Center (fsisac.com), 60% of firms increased intelligence sharing between August 2020 and 2021.

The cyber pandemic

They are responding to a threat landscape which went into overdrive during the pandemic. Threat surged by as much as 400% according to some sources. More than six in ten companies were subject to ransomware attacks. The average cost of these attacks topped $2.1million.

Cybercrime is evolving. Criminals know no borders; they operate around the world and are always evolving and scaling their operations. To counter this threat, financial institutions need to participate in active information sharing between a community of trusted peers.

The benefits are mutual. In an interconnected world, in which firms are increasingly working with third parties, security is a common issue. As good as your own infrastructure might be, weaknesses in the defences of your partners can have create risks for you. For example, Trojan horse malware placed in software providers can breach the security of their clients.

Alternatively, if attackers are hitting financial firms in a certain region or sector, sharing intelligence can help others identify when they are likely to be hit and where the threat will come from. This puts them on alert, helps them to build their defences and makes it that much more difficult for cyber criminals to find vulnerabilities.

In many cases cyber criminals succeed by taking firms by surprise or relying on mistakes from individual employees, such as clicking a link. If people know attacks are coming, they are much less likely to make the mistakes which could cause a breach in the meantime.

It's good to share

To meet this threat, all relevant stakeholders should be willing to participate in information sharing and collaboration arrangements with networks of trusted partners.

A number of measures are already in place. The Euro Cyber Resilience Board for Pan European Financial Infrastructures created the Cyber Information and Intelligence Sharing Initiative (CIISI-EU), which facilitates sharing of information within a trusted community of public and private entities.

The UK government has created guidelines on sharing information on cyber threats outlining the principles of cyber threat sharing and the steps companies should take.

In a world which is more connected everything is linked. An attack against one company represents a threat against the sector as a whole. However each attack creates data and offers lessons to be learned. By sharing this data, businesses of all sizes can be better prepared for the next wave of attacks.