The financial-services sector needs to strengthen its information-sharing network to learn more quickly of threat data and thereby stay ahead of hackers, said panelists at the recent SmartBrief Cybersecurity Forum in New York City.

Cybercriminals are colluding and collaborating frequently, which creates a crucial need for the industry to work more closely together on a regular basis, said George Rettas, managing director and chief of staff, Global Information Security Department — Information Protection Directorate, Citigroup.

“You cannot beat a network without being a network yourself. You’re not going to do it alone,” Rettas explained.

Al Berg, chief security and risk officer of Liquidnet Holdings, said information shared by other organizations “can be a force multiplier for us, because we don’t have to redo that analysis.”

Karl Schimmeck, managing director of financial services operations for the Securities Industry and Financial Markets Association, said that his group and the industry has spent a decade developing relationships to share information through the Financial Services Information Sharing and Analysis Center, or FS-ISAC. (read more…)

Collaboration between the financial services industry and government entities has increased in response to rapidly evolving cybersecurity threats, but both sides agree there is room for improvement. Experts at the SmartBrief Cybersecurity Forum in New York City on Tuesday identified increased information sharing and the enactment of legislation already making the rounds on Capitol Hill as two ways to enhance the security of today’s financial markets.

Policy Enhancements

Karl Schimmeck, managing director of financial services operations for the Securities Industry and Financial Markets Association, said cybersecurity initiatives undertaken by the Obama Administration earlier this year have spurred greater engagement from a host of government agencies. Schimmeck also cited the NIST Framework unveiled in 2014 as example of the government helping industry devise best practices that can be put to use by all firms – large and small.

Chris Feeney, president of the Financial Services Roundtable’s BITS technology policy division, said government could help by harmonizing state laws within the U.S. (read more…)

With cybersecurity front-and-center in the board rooms and executive suites of virtually every major corporation, it stands to reason that some of the thought leaders at the 2015 Milken Institute Global Conference would have a few things to say on the topic.

Companies are starting to understand the business community has reached a “new normal” when it comes to cybersecurity, according to Brunswick Group CEO Susan Gilchrist. CEOs are becoming more engaged and are understanding they need to invest.

Ray Rothrock, chairman and CEO of cyber defense firm RedSeal, said a great deal of spending has transitioned from prevention to incident response and recovery. However, Rothrock cautioned that the solution is more complex than just boosting cybersecurity budgets. Rothrock said JPMorgan Chase is a prime example: The firm spends hundreds of millions of dollars per year on cybersecurity and it still got hit.

There are many relatively inexpensive best practices that firms can deploy to improve their cybersecurity. (read more…)

We all have heard that one of the big culprits in the credit crisis was the collateralized debt obligation (CDO). CDOs are notes backed by baskets or cohorts of different types of receivables. The notes can be backed by residential mortgages, or commercial mortgages, or student loans, or credit card receivables or auto loans, etc (or a mixture of all the above). It is the cash flows from those receivables, not some end borrower, that services the CDO notes, i.e. pays interest and amortizes the principal on the notes.

I don’t want to go into the details about CDOs here or their role in the credit crisis because many other writers have gone into this exhaustively elsewhere. Suffice to say CDOs (or asset backed financing/securitizations) are actually very important and effective ways of financing certain receivables pools (of effecting what is known as ‘non-recourse’ finance). And yet there were fairly obvious issues with many CDO structures before the crisis: their excessive structural complexity (the notes were broken into too many tranches); the questionable credit quality of the underlying assets; the use of too many different types of underlying receivables; the fact that those rating the notes (the rating agencies) were effectively in bed with the originators of the notes; the overly aggressive selling methods of CDO tranches by swarms of brokers; etc. (read more…)

President Barack Obama traveled to the heart of Silicon Valley on Friday to lay out his vision for improved cybersecurity in a digital age that has seen high-profile cyberattacks make headlines in recent weeks. Joining leaders from various industries at the White House Summit on Cybersecurity and Consumer Protection at Stanford University, Obama stressed the importance of enhancing the public-private partnership already in its infant stages.

“We are just getting started,” Obama explained. “We are only 26 years into this internet age. We’ve only scratched the surface.”

Obama marked the event (scroll down for full video) by signing an executive order that calls for the establishment of industry hubs and a common set of information standards to facilitate greater collaboration in combating cyberthreats. Obama also outlined the four basic principles he sees as paramount to success in the fight against cyberthreats:

  1. Shared Mission – Government cannot perfect cybersecurity on its own, nor can the private sector.
  2. (read more…)