An article in the Wall Street Journal last week caught my eye. After being teased into thinking the feds may be going new school a few weeks back, I am tempted to think this move by the banks might truly be. Having spent some time in my career in this world, I can vouch that this is actually a pretty big deal. A quote from someone on the Bank of America team could have came straight out of The New School of Information Security:
“We realized that just as the fraudsters collaborate with each other, we as an industry must collaborate,” said Keith Gordon, a Bank of America senior vice president of security.
Reading the entire article tells you the industry still has a long way to go and there are a number of hold outs still believing secrecy and security religion are the best way to keep information safe. Despite these beliefs, I am genuinely encouraged by the approach being taken here by some of the largest financial institutions in the world. I hope this continues and expands. Information sharing doesn’t need to be an advantage for the fraudsters.
At HoneyApps, we are building out a set of tools and services that serve as a clearinghouse for some of this information, enabling our customers to get insight in an anonymous fashion. As I hope it’s obvious to readers of this blog by now, we are big believers in taking a quantitative, evidence-based approach to security. By sharing information we are all seeing, whether it’s threat activity, successful versus unsuccessful controls, or comparative metrics we can all not only understand what’s important but also raise the tide that lifts all boats.
If anyone has other stories about information sharing across companies that has lead to improvements in the industry, I’d leave to hear about them in the comments.