As we’ve seen with recent high profile data breaches, the threat of cyber-attacks has accelerated in the last 18 months and shows little sign of abating. Analysts believe that cybercrime costs American consumers and businesses upwards of $100 billion per year. While the media only reports on successful attacks, those of us charged with protecting consumers and their payment data know that tens of thousands of attacks are thwarted every day. However, we also know that maintaining and strengthening these safeguards requires a full arsenal of capabilities with one of the most important weapons being information sharing.
The Cybersecurity Information Sharing Act passed by the U.S. Senate is a significant step forward in protecting payment data networks as well as the personal privacy of our citizens. Sharing information about cyber attacks seems like a simple idea, but legal and practical issues have at times erected barriers to the free exchange of threat information – thereby impeding the ultimate goals of protecting data and minimizing breaches. Now that each branch of Congress has passed legislation addressing these issues, the process needs to move to final resolution so that the benefits of common sense cyber information sharing can be fully realized.
The payments industry is a long-time participant in information sharing networks within the financial services sector. Recently, we extended our information sharing capabilities through a partnership with FireEye to provide real-time threat information to merchants and banks so they can quickly protect themselves against the most critical cyber-attacks. We are also actively developing and driving the adoption of more secure technologies including EMV chip, encryption, and tokenization, to make payment data less useful to criminals and take merchants out of harm’s way. While today we have protections in place to help keep payment data safe, to keep it that way we need to enact robust cyber threat information sharing across industries. Where gaps exist, congressional action can fill these holes by fostering multi-industry sharing vehicles between the existing information sharing and analysis centers (ISACs) and other key federal departments and law enforcement.
It is impossible to overstate the threat posed by cyber attacks, and there is clearly a lot of work to do. The government and the private sector have a duty to work together. Success requires cooperation. However, goodwill and the best intentions are not enough. Across industries and the public sector, we need access to the most relevant and timely information to identify cyber trends and criminals before they do harm to consumers and our nation’s critical infrastructure. We simply have to change the way we do things, and that requires Congress and the Administration to take action.
As we rely more and more on digital networks, the number of cyber threats increases every day and the bad guys are only working harder. The House and Senate are finally moving in the right direction. Let’s continue to work together to finally get this done.