Financial institutions need to focus on resilience and sharing information about cybersecurity, which should be treated seriously as a matter of national defense in the US, said experts and regulators at the Securities Industry and Financial Markets Association’s Annual Meeting in Washington, D.C., on Tuesday.
“We need national defense priority on cybersecurity,” just as with nuclear defense, because no company has the budget to battle sovereign nations launching cyberattacks, said Ronald Kruszewski, chairman and CEO of Stifel Financial.
Jim Rosenthal, chief operating officer of Morgan Stanley, suggested the Reserve Officers’ Training Corps, or ROTC, could train students toward careers in cybersecurity to help make up for the US’ talent gap in that area.
Treasury Secretary Jack Lew and Securities and Exchange Commission Chair Mary Jo White reiterated the need for companies to share breach-related information among one another and with the government. Doing so will help other firms detect wider patterns and defend against the kinds of breaches that have occurred to other organizations, Lew said. (read more…)
The financial-services sector needs to strengthen its information-sharing network to learn more quickly of threat data and thereby stay ahead of hackers, said panelists at the recent SmartBrief Cybersecurity Forum in New York City.
Cybercriminals are colluding and collaborating frequently, which creates a crucial need for the industry to work more closely together on a regular basis, said George Rettas, managing director and chief of staff, Global Information Security Department — Information Protection Directorate, Citigroup.
“You cannot beat a network without being a network yourself. You’re not going to do it alone,” Rettas explained.
Al Berg, chief security and risk officer of Liquidnet Holdings, said information shared by other organizations “can be a force multiplier for us, because we don’t have to redo that analysis.”
Karl Schimmeck, managing director of financial services operations for the Securities Industry and Financial Markets Association, said that his group and the industry has spent a decade developing relationships to share information through the Financial Services Information Sharing and Analysis Center, or FS-ISAC. (read more…)
Collaboration between the financial services industry and government entities has increased in response to rapidly evolving cybersecurity threats, but both sides agree there is room for improvement. Experts at the SmartBrief Cybersecurity Forum in New York City on Tuesday identified increased information sharing and the enactment of legislation already making the rounds on Capitol Hill as two ways to enhance the security of today’s financial markets.
Karl Schimmeck, managing director of financial services operations for the Securities Industry and Financial Markets Association, said cybersecurity initiatives undertaken by the Obama Administration earlier this year have spurred greater engagement from a host of government agencies. Schimmeck also cited the NIST Framework unveiled in 2014 as example of the government helping industry devise best practices that can be put to use by all firms – large and small.
Chris Feeney, president of the Financial Services Roundtable’s BITS technology policy division, said government could help by harmonizing state laws within the U.S. (read more…)
With cybersecurity front-and-center in the board rooms and executive suites of virtually every major corporation, it stands to reason that some of the thought leaders at the 2015 Milken Institute Global Conference would have a few things to say on the topic.
Companies are starting to understand the business community has reached a “new normal” when it comes to cybersecurity, according to Brunswick Group CEO Susan Gilchrist. CEOs are becoming more engaged and are understanding they need to invest.
Ray Rothrock, chairman and CEO of cyber defense firm RedSeal, said a great deal of spending has transitioned from prevention to incident response and recovery. However, Rothrock cautioned that the solution is more complex than just boosting cybersecurity budgets. Rothrock said JPMorgan Chase is a prime example: The firm spends hundreds of millions of dollars per year on cybersecurity and it still got hit.
There are many relatively inexpensive best practices that firms can deploy to improve their cybersecurity. (read more…)
We all have heard that one of the big culprits in the credit crisis was the collateralized debt obligation (CDO). CDOs are notes backed by baskets or cohorts of different types of receivables. The notes can be backed by residential mortgages, or commercial mortgages, or student loans, or credit card receivables or auto loans, etc (or a mixture of all the above). It is the cash flows from those receivables, not some end borrower, that services the CDO notes, i.e. pays interest and amortizes the principal on the notes.
I don’t want to go into the details about CDOs here or their role in the credit crisis because many other writers have gone into this exhaustively elsewhere. Suffice to say CDOs (or asset backed financing/securitizations) are actually very important and effective ways of financing certain receivables pools (of effecting what is known as ‘non-recourse’ finance). And yet there were fairly obvious issues with many CDO structures before the crisis: their excessive structural complexity (the notes were broken into too many tranches); the questionable credit quality of the underlying assets; the use of too many different types of underlying receivables; the fact that those rating the notes (the rating agencies) were effectively in bed with the originators of the notes; the overly aggressive selling methods of CDO tranches by swarms of brokers; etc. (read more…)