Wall Street IT executives are hammering home the point that hacking and cyberterrorism is a mounting threat best fought by the private sector and government through creation of a centralized way of alerting and disseminating information about attacks – most likely via a private Web site.
Stephen Clifford, managing director of interactive marketing at Salomon Smith Barney Holdings Inc. in New York, echoed the concerns of countless IT managers when he told attendees at the Security Industry Association’s Internet Trends & Strategy Conference here: “What keeps me up at night is security and keeping up with the hackers out there.”
A panel made up of representatives of the U.S. Secret Service, the National Infrastructure Protection Center and the Financial Services Information Sharing and Analysis Center (FS/ISAC) pressed attendees at a cyberterrorism workshop to work toward a common goal of sharing information about probes and attacks on their technology infrastructure.
The FS/ISAC, a New York-based private organization, charges companies a minimum US$7,000 annual fee for alerts and access to information about hacking and cyberterrorism threats.
Stanley Jarocki, vice president of IT security engineering at New York-based Morgan Stanley and chairman of the FS/ISAC, said there is a marked difference between hackers – who play games – and cyberterrorists, who are supported by governments and have almost unlimited resources to do damage to the financial services’ communities infrastructure.
Jarocki said companies must either join the FS/ISAC’s service or create a secure, central Web site on which they can share information anonymously.
C. Warren Axelrod, director of information security at the Pershing Division of Donaldson, Lufkin & Jenrette Securities in New York, also pointed out that the biggest cyberterrorism threat comes from “someone infiltrating your organization and using that power to do damage.”
“The ways firms can protect themselves is to share the information with each other without broadcasting it,” Axelrod said.
Bob Weaver, an agent with the U.S. Secret Service’s New York Electronic Crimes Task Force, agreed. He said almost 70 per cent of the more than 900 people the agency has arrested in New York in connection with intranet attacks, “are insider threats.”
Weaver recommended that companies adopt background checks for employees based on the sensitivity of the position within the organization.
“On the backside of this is negligence suits by insurance companies, based on the fact that you didn’t have due diligence or best practices in place,” he said.