Cyber security within financial systems needs to be front of mind.

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.globalbankingandfinance.com/cyber-security-within-financial-systems-needs-to-be-front-of-mind/

The security of physical buildings is no longer as important for
financial services. The truth is that in today's society the economy
and financial systems are of upmost importance and with the main
threat residing in the cyber world, ensuring economic operability is
top priority. This focus should be firmly integrated throughout
security operations.

Recent reports on cyber-attacks that reach deeper into the banking
system are increasingly raising concerns. Now criminals can not only
target individual customers to cause a temporary hiatus in banking
services, but they can manipulate the stock exchange and re-transfer
assets from multiple accounts at once. The banking and financial
sector, which has traditionally been acknowledged as the leading
industry in applying cyber security, is encountering new challenges -
challenges that could strongly impact consumer trust in the system,
which it relies on to function.

In addition to causing more financial damage than before, the recent
cyber-attacks show the devastating potential of economic damage on a
government's security. Government security is no longer only about war
or internal instability; instead it's about the security of society
covering all sectors, safeguarding functions vital to society.
Economic operability is one of those vital functions which is critical
to all of society.

Economic and security politics are closely entwined. Without a
functioning economy, there are no resources for security work. Without
security - and stability created by security - a blossoming economy
remains out of reach. In the era of global capitalism, economic and
financial networks constitute the basis on which to build a stable and
successful society. These networks are entirely dependent on the
global cyber infrastructure and therefore safeguarding the cyber
infrastructure to protect the operability of the economy and financial
system should be top priority for the government. This requires a
much-needed transformation from out-dated security thinking.

But preparing for cyber threats is a security task for everyone - the
government cannot do it alone. Firstly, it is not the job of the
government to become involved in the security issues of private
companies and citizens. Secondly, the government does not have all
necessary skills and tools required. Most of the critical
infrastructure, which the state is dependent on, is owned by private
entities and should be secured by private solutions. This applies to
the banking and financial sector alike. The role of security politics
is to ensure that there is good cooperation between different entities
and that exaggerated actions are avoided.

If there was a direct threat, the government could step in more
forcefully. But if society is prepared and has functioning defences,
as well as strengthened resiliency, direct threats should not occur.
Plus, there is an active conversation still continuing about where and
when large-scale cyber attacks could be interpreted as a declaration
of war or as an act of war. Currently the conditions under which an
attack qualifies as an act of war are defined by out-dated security
thinking - the number of casualties or volume of material destruction.
However, as the economy and financial system play an important role in
security, the government needs to re-consider this definition to also
measure the amount of damage to online infrastructure.

Recognising the security threat to the economy is not a new phenomenon
for global government. In 2012, in his keynote speech at the
Billington Cybersecurity Summit, the Estonian President Toomas Hendrik
Ilves noted that "to impoverish a country you can simply erase their
banking records". In Western society, this impoverishment of a
government is more of a security threat than military attacks. Like
President Ilves remarked: "Military is not the main target".

Information technology and cyber networks have inevitably changed the
world. Our understanding of security should adapt to these new
circumstances and recognise the priority of threats to the economy and
financial system.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

o()xxxx[{::::::::::::::::::::::::::::::::::::::::>
# InfoSec Builders, Breakers and Defenders - Time Square, New York City  18-21 November
# OWASP AppSecUSA 2013  -   http://www.appsecusa.org
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.