Cybersecurity is a growing concern for many public and private sectors. More and more sophisticated cyber attacks happen every week, and various large enterprises—including within the financial industry—are falling victim to fraudulent activities. One particular concern banks are facing is ‘banking malware’, which targets their Internet banking customers.
In this post, I want to share how we established Japan’s first financial industry cybersecurity cooperation group to share information in an effort to bolster our individual cybersecurity efforts in the sector.
It all started in 2011, when I was a member of the cybersecurity team at a large Japanese bank. My priority was to focus on cybersecurity activity strategically. In this role, I quickly realized that we needed to form relationships with other banks’ cybersecurity teams to allow us to all share information on cybersecurity issues.
I discussed this my colleague Mr. Takagi who said, “It might be difficult to get them to agree because banks and other financial companies are reluctant to share information, but it’s worth trying.”
Building a community from the ground up
For several weeks, I met cybersecurity people from seven different banks to discuss recent cybersecurity trends and concerns that they were having. They were wary of my sharing objectives but could see the benefit could outweigh the risk associated with the increase in security incidents they were facing.
An outcome from these meetings was an agreement to post general information about cybersecurity, as well as some incident related information, on an open mailing list. We also organized face-to-face meetings every two months.
After several meetings, people started posting more information to the mailing list and more banks were interested in having their staff attend and interact with the community. By 2013, over 50 people from 20 different banks were regularly attending the meetings.
This posed a problem: operating a meeting with 50 people is very difficult because there were many different topics they were interested in talking about – DDoS, cybersecurity trends, and how to manage vulnerabilities, to name a few.
To meet the needs of attendees, we discussed the possibility of becoming an official membership-based organization, which would help organize and fund more specific meetings. The other thing we needed to consider was expanding our “financial community” and inviting people from insurance, security and credit card organizations.
Establishing Japan’s first Financial Services Information Sharing and Analysis Center
When establishing our organization, we referred a lot to Financial Services Information Sharing and Analysis Center (FS-ISAC) in the USA; they had established a very active and strong information sharing community within financial institutions.
On 1 August 2014, we launched 金融ISAC (Financials ISAC, Japan) as a vehicle of cybersecurity information sharing among Japanese financial institutions. We started with 25 member companies and seven steering committees from major financial institutions.
To accommodate the various needs for discussion, we launched the following six working groups (English name is unofficial):
- Incident Handling
- Cybersecurity Exercise
- Cybersecurity Intelligence
- Global Information Sharing
- Anti Banking Trojan
- Education and Training
Today, we have more than 90 members from the Japanese financial industry who actively share news and articles to build awareness of international cybersecurity trends. We exchange information related to any type of security incidents such as malware, DDoS, vulnerabilities, C&C IP, phishing and targeted email. We also exchange information about “Best practice” or “Incident Response Guideline” documents.
We have added a new working group (Best Practice WG) and also developed two cybersecurity training courses: a one-day “Introduction to Linux” course and a two-day “IT basics for security operation” course. In June, we held our first annual conference with around 300 participants.
With only two full time staff running the organization, all of these efforts have been made possible because of the passionate members who volunteer their time because they recognize the importance of company external relationship for having better cybersecurity capability in each company.
Tips to drive community
Based on our experiences we believe the following is important to drive community:
- Place more emphasis on resource sharing rather than information sharing
- Find people who are passionate to drive the community
- Focus on industry driven activities
- Build trusted relationships
- Develop and implement a clear and easy information handling policy
If you’d like further information on our organization, please leave a comment below.
Keisuke Kamata is Regional Director for FS-ISAC, Japan and also a Board Member of Financials ISAC Japan. Mr Kamata has been a cyber security professional over 14 years. He has previously worked for Japan Computer Emergency Response Team (JPCERT/CC) and the Bank of Tokyo Mitsubishi UFJ. He specializes in cybersecurity operations such as Incident Response, Vulnerability Handling, and Network Monitoring.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.