Friday, May 17, 2013

Cybersecurity for U.S. Banking Industry Must Be Driven by Industry, Not Big Government


Do cyberattacks need to cause a plane to go down before cybersecurity gets the attention it demands?

I often wonder. It seems a disastrous cyber-induced consequence is the only way cybersecurity will become a priority. And unfortunately, a plane crash is well within the realm of reality.

With the recent ATM cyber heist and Wall Street marketcrash caused by the AP Twitter account hack, we may see a twinkle of understanding of the escalating risks that cyberattacks pose to American industry.

Why?

The ATM cyber heists are particularly notable. They didn’t stop at their usual damage of defacing a website or disrupting an ATM for a few minutes. These cyber attackers hacked into high-level internal banking computer systems. They targeted, stole and modified customer data as they desired. Meanwhile, banks went about business as usual, oblivious to the secret hands hacking their vaults.

In light of the ATM cyber heist and Twitter-induced market crash, can you imagine the dangerous scenarios looming in our future? Key customer information was removed and used at will. Criminal or nation-state cyberattackers were able to perform banking functions remotely from a foreign country. False news was hacked into social media streams to influence business and consumer behavior.

This is not a guess. This is real. And this is now.

We’re way beyond 1984 here. The dangers in our future are flashing warning lights, and they’re getting closer.

America’s Cyber Safety Net (as described in “7 Trends Which Will Drive the Future of Cyberwarfare 2013-2015,” my current report available in the sidebar) is running out of time. Private enterprise can’t afford to wait for government agencies to one day take action toward cyber defenses. No, American industry must take the lead in developing its own cyber defenses. 

There are two recent examples that show industry initiative is superior to government action: First, the IRS’ misuse of personal tax information as a political tool. Second, the Justice Department’s unprecedented intrusion into AP reporters’ phone records without notice.

In light of these revelations, it could easily be argued that big government does not provide a trustworthy, responsible solution to American industry’s pressing cyber information and cybersecurity needs.

Critical U.S. industries (finance, utilities, communications, and transportation) must form cyber defense groups to deal with cyber threats facing their own industries.

The alternative? Wait for the government to muddle its way forward.    

Which option do you prefer?



("Chain With A Broken Link" image: David Castillo Dominici/FreeDigitalPhotos.net)

No comments:

Post a Comment