Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.


By David Poole, Business Development Director at myPINpad

On 18 December 2015, President Barack Obama signed into law the US budget, and amongst its 2,000 pages was the US Cybersecurity Information Sharing Act (CISA) of 2015. The Act allows companies to consensually share information about cybersecurity threats with the U.S government, in an effort to improve public and private cybersecurity efforts.

With high-profile cybersecurity breaches at organisations such as Sony Pictures, Home Depot and the Office of Personnel Management, it isn’t surprising that cybersecurity is becoming the focus of government policy. This is part of an overarching strategy to fight online fraud, cyberterrorism and other criminal activities.

The Act is designed to facilitate information sharing between private and governmental entities regarding a potential hostile cyber-attack, without breaching data confidentiality regulations.

Sharing information as a defensive measure

While many will be concerned about the privacy implications of such legislation, it’s important to remember that such information sharing can aid governments and organisations when combating cyber threats.

In 2012, Bank of America, BB&T and Wells Fargo, among others, fell victim to cyber-attacks which caused them day-long slowdowns and left them sporadically unreachable for many customers.[1] The cyber-attack was a Distributed Denial of Service (DDoS) attack that flooded the banks’ online systems with fake information, preventing customers from using basic online banking services.

Whilst the attack was well reported at the time, it was only later, at a cybersecurity symposium in the University of North Carolina at Charlotte, that the executives from the affected companies fully discussed its ramifications. It was quite interesting to see that, when recounting the event and how it affected their business, each of the companies had made different observations and analysis at the time of the attack.

The Bank of America had focused on the large scale of the attack, BB&T on the many locations the attack was emanating from and Wells Fargo on the real time changing of the code during the attack.[2] Clearly, each company had focused on a different aspect and that alone didn’t provide them with enough information to combat the attack. Even though having a full picture would have helped the organisations fight against it quicker and more efficiently, this was prevented by various data sharing regulations.

This is what the CISA is aiming to facilitate, and by doing so, help to prevent and tackle such cyber-attacks. The CISA now allows entities to share and receive indicators and defensive measures with other entities or the federal government”[3], to share threats, solutions, analysis and best practices.

Such “cyber threat indicators” allow the relevant entities to form an early diagnosis of a potential cyber-attack and in turn, put in preventative measures before it is too late. These are also essential in building a system with clues on how to look for such cyber-attacks in the future.

Privacy VS Security

Although such voluntary information sharing between organisations and governments appears to be a very effective remedy in the fight against hostile cyber intrusions, there is still much opposition from both consumers and global technology giants.

Companies such as Apple, Wikipedia and Google have already publicly opposed the CISA as they are concerned that it will make their users less reluctant to share their personal information.[4]

Concerns have also been raised about how the government intends to store and, more importantly, keep secure all the information it collects. Senator Ron Wyden, who has been a big opponent of the bill, voiced his opposition to President Obama, “There is a saying now in the cybersecurity field, Mr President: if you can’t protect it, don’t collect it. If more personal consumer information flows to the government without strong protections, my view is that’s going to be a prime target for hackers.”[5]

How beneficial is the CISA?

The lack of information sharing between private companies and governmental entities is undoubtedly preventing both private and governmental entities from being able to protect themselves in the most effective way. This is an issue that is effecting companies worldwide.

The UK has already adopted similar provisions in the form of the Cybersecurity Information Sharing Partnership (CiSP)[6], which was introduced in 2013 to increase overall situational awareness of cyber threats. The CiSP allows members from across sectors and organisations to exchange cyber threat information in in real time, on a secure and dynamic environment that protects the confidentiality of the shared information.

However, the CiSP does not appear to have made individuals in the UK more reluctant to share their information with companies. In addition to the CiSP, the European Commission has proposed a new regulation that brings significant benefits to the payments ecosystem, but also demands greater sharing of consumers’ information. There have yet to be any major concerns on behalf of consumers over these proposals, suggesting that any worries may be over stated.

The second EU Payment Services Directive (PSD2) will bring about significant changes to the European payments landscape, by providing Access to Accounts (XS2A) and introducing Account Information Service Providers (AISPs). PSD2 will mandate more information sharing for consumers while providing them with increased levels of security, in the form of mandatory strong multi-factor authentication whenever consumers access their accounts or initiate transactions.[7]

Updates to regulation present new possibilities for improvements to systems and practices. Those businesses able to maximise these without disrupting customers, will likely be the most successful. Technology providers, such as myPINpad and others, are great examples of bridging legacy systems with the new regulatory standards to further the innovation journey securely for their partners.

Although the CISA is still suffering from imperfections it is definitely a step forward in the fight against fraudsters and hackers. The benefits of such an information sharing regulation is apparent, and businesses across the technology and financial sectors are starting to see the huge opportunity that this creates.

Continue Reading

Why pay for news and opinions when you can get them for free?

       Subscribe for free now!

By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Posts