fs-isac monthly newsletter march 12, 2015 1 newsletter contents
TRANSCRIPT
c90 m10 y95 k30r0 g121 b62
c100 m30 y0 k70r0 g57 b93
c70 m40 y0 k0r78 g136 b199
FS-ISAC Monthly Newsletter March 12, 2015
1
Information Sharing WorkshopBangalore, India | March 18
Register here
Member MeetingUnited Kingdom | March 19
Register here
Cyber Threat Intelligence TrainingVirginia | March 23-27
Register here
New Account Fraud - Understanding Fraudsters Behavioral PrintsBioCatch | March 30
Register here
Monitoring for Network SecurityThousandEyes | March 31
Register here
Newsletter ContentsFS-ISAC Webinars .......................................1
Upcoming Events .........................................1
Annual Summit Approaching ........................1
Webinar: Introduction to FS-ISAC Alerts ......1
Webinar: fTLD Registry Webinar Featuring ..1
2015 CEO Update and Member Newsletter .2
Upcoming Events
FS-ISAC Webinars
Escape the Cold – Join Us in Miami Beach for the Annual Summit• Compelling member sessions on topics including: sessions on data breaches and
lessons learned, utilizing cyber intelligence to augment your security operation and defenses, case studies of security awareness practices, reviews and predictions of security trends and threats.
• 13 panels of members and industry thought leaders on a variety of topics, including Apple Pay, Third Party Risk management, collaboration between Retailers, Payment Processors, and Financial Institutions, detection of insider threats, cyber defense strategies and many more.
• Interact with hundreds of senior executives, including CISOs and industry thought leaders from the world’s top financial services organizations.
The brochure offers full session descriptions and agenda at a glance.Visit the hotel page to make your reservation.Register here.
continued on next page
Information Sharing WorkshopSingapore | March 25
Register here
Advanced Threat Technical ExchangeWashington DC | April 13
Register here
Webinar: Introduction to FS-ISAC Alerts, Basic Filtering TechniquesFS-ISAC’s number one goal is to get you the threat intelligence you need, when and how you need it. While it may feel like there are many emails coming into your inbox (new members especially experience this), there are ways to manage and filter alerts so you get what you need. This session will review the best practices around formal alerts, discuss high volume distribution lists and their purposes, and how to make informed decisions to manage intelligence provided by FS-ISAC.
Date: March 24, 2015US and Europe: 11am EST (8am PST, 3pm GMT, 4pm CET)APAC: 9:00pm EST (9am SGT, 10am Tokyo, 12AM AEDT)(save the date and watch for a portal announcement for the link)(This Webinar is for Premier and above members. We’ll hold another version specific to Basic, Core and Standard Members in a few weeks)
The Power of Community DefenseSan Francisco | April 22
Register here
Webinar: fTLD Registry Webinar Featuring .Bank TLD Key Business ValuesLearn about fTLD Registry Services (fTLD) and the .bank gTLD. While this webinar will focus on .bank, many discussion points will also apply to .insurance. Attend and learn:
• What services fTLD provides
• How to use .bank to establish higher levels of trust with clients and customers
• Enhancements to use in .bank to mitigate risk and build a high-trust environment
• Costs associated with registration and implementation, including registration fees, security controls, and awareness and education programs
• Expected long-term value and savings to institutions and consumers from this high-trust .bank gTLD.
March 30, 2015; 12:30 pm ETRegister Now
Information Sharing WorkshopMalaysia | March 23
Register here
c90 m10 y95 k30r0 g121 b62
c100 m30 y0 k70r0 g57 b93
c70 m40 y0 k0r78 g136 b199
FS-ISAC Monthly Newsletter March 12, 2015
2
2015 CEO Update and Member NewsletterMarch, 2015
Dear FS-ISAC Members,
2015 truly is the year for Information Sharing. From President Obama’s recent Executive Order “Promoting Private Sector Cybersecurity Information Sharing” to the recent Ramnit botnet takedown activities, Information Sharing is now front page, headline-grabbing news. FS-ISAC and our members have never been in a better position to take advantage of the trust we have developed (both member to member and collectively) over many years of sharing. And we stand ready to do even more. I wanted to provide a summary of just a few of our key accomplishments during 2014 as well as focus areas for 2015.
Achievements in 2014
• 173% increase in dues paying membership. The largest growth came from new International members as well Basic and Core due to a focus on community institutions and smaller firms. We also added a new role: Business Relationship Manager, to help members maximize their use of FS-ISAC resources.
• Partnerships leading to memberships & action. We collaborated heavily with FFIEC regulators, SIFMA, CUNA Mutual, the PA Bankers Association and ABA to amplify the value of joining FS-ISAC. We partnered with the NCCIC to notify FS-ISAC member institutions of malware infections detected by DHS.
• New Security Operations Capabilities. FS-ISAC invested in a new 24x5 Security Operations Center (SOC) operation with IBM in Poland to support all members globally and better align with regional and time zone needs.
• New Sharing Forums, Communications. Members enthusiastically joined new European and APAC bi-weekly threat calls. They exceeded attendance expectations at the first European Summit. They also provided positive response to the new Community Institutions Weekly risk report. Our bi-weekly threat calls experienced a 176% increase in attendance.
• Next Generation of Intelligence Sharing. In partnership with DTCC, FS-ISAC launched Soltra, the joint venture to deliver a security automation solution called Soltra Edge. 900 companies downloaded Soltra Edge within 60 days of launch. FS-ISAC also deployed Soltra Edge as our central repository.
• Exercises & Workshops Continue to Grow. Over 1000 financial institutions participated in this year’s CAPP Cyber Simulation Exercise. FS-ISAC also participated in US government exercises. 20 regional workshops in nine countries were held during 2014 as well as 255 speeches and webinars. And, we added a highly lauded Members Technical Forum to our Summits.
• Strong Working Group Engagement. Existing groups experienced a 60% increase in participation. We added Asset Manager and Broker-Dealer groups and an Insider Threat Working Group. We also activated Europe-specific working groups and committees including Joint Working Group Initiative and the European Threat & Strategy Committee (ETSC). In Asia Pacific, we helped form the Singapore Threat Intelligence Group amongst other regional activities
• Global Outreach Continues. FS-ISAC led in-person outreach to hundreds of members and potential members in Australia, Brazil, Canada, Germany, Japan, Italy, Spain, Switzerland, the UK and more. FS-ISAC also matured its liaisons with regional law enforcement and cybercrime-related external relationships.
A Strong Start to 2015
• Botnet Takedown. FS-ISAC collaborated with Microsoft and other technology providers as well as appropriate law enforcement on a 4th takedown operation, this time against Ramnit-related botnet resources.
• Influence to Presidential Executive Order. Through Soltra, FS-ISAC participated in recommendations to help influence the Presidential EO on information sharing. Our key message: FS-ISAC is in place and working, so let’s build off of what works well.
• Media response to Carbanak Hype. A technology vendor released a report that hyped the impact of Carbanak. FS-ISAC worked with ABA to respond to media claims with a fact-based approach.
c90 m10 y95 k30r0 g121 b62
c100 m30 y0 k70r0 g57 b93
c70 m40 y0 k0r78 g136 b199
FS-ISAC Monthly Newsletter March 12, 2015
3
• An Updated Portal. We have just rolled out an enhanced Secure Portal with features and capabilities our members have often asked about.
Looking Ahead
• Membership Growth & Support. FS-ISAC projects the addition of 1000 new members in 2015 and continues to improve the onboarding and engagement process for members.
• New Products and Services focus. We have put in place a strategic initiative to identify the next generation of products and services that our members need, have created a roadmap to deliver these products and services and added key executives to support these efforts.
• New Resources, Staffing. The Executive Staff and Board have done a comprehensive analysis of the staffing needs for FS-ISAC to support the current and future needs of the membership. We are undergoing a productive re-organization to align around this plan, while also identifying and hiring highly qualified new resources. We will have resources dedicated to Community Institutions as well as Global Business Services.
• Expansion of Exercises, Training. FS-ISAC is planning a European-specific CAPP exercise as well as evaluating a potential APAC exercise. We are now also offering a new series of comprehensive hands-on Cyber Threat Intelligence training sessions and continue to evaluate additional training offerings.
• Additional Automation Solutions. FS-ISAC and DTCC continue to collaborate on Soltra and are deepening the Soltra solutions roadmap. We are already seeing traction well outside the financial services sector and are looking for ways to leverage the potentials of cross-sector sharing. We are also working closely with vendor partners to deliver a complete set of integration adapters for Soltra Edge.
• Enhanced Partnerships. FS-ISAC executive staff continues to collaborate with regulators to recommend membership, work with industry associations and utilize partners in specific regions and countries to help achieve our membership goals.
• Helping Other Sectors Succeed in Sharing. FS-ISAC has been approached by multiple other ISACs to help apply our lessons and best practices to other sectors. We continue to evaluate how we can best help others while also maintaining our commitment to innovation on behalf of our members. We believe that any work we do with other sectors will directly result in improved cross-sector sharing.
It’s All for You
We undertake all these activities and investments on behalf of our members in order to improve the efficiency and efficacy of cyber and physical risk and threat prevention and response. We are deeply appreciative of your active support and engagement.
And don’t forget to get even more involved, and get your colleagues involved:
• Utilize your circles of trust to share information and take action on it• Sign up for our Annual Summit May 17-20, Miami Beach Florida• Volunteer and participate in a working group. Start with Cyber Intel. Try the Software Automation Working Group. Engage with the
Payments Risk Council. Join the Community Institution Council. FS-ISAC working groups shape the future of this organization.• Attend the Bi-weekly Threat calls, a regional workshop or an upcoming webinar.
Thanks for being a critical part of FS-ISAC. Looking forward to working with you 2015 and beyond.
Best Regards,
William B. NelsonPresident/CEOFS-ISACPresident, Soltra