Consisting of four basic strategies and two best practices, the framework could serve as a checklist for firms lacking cyber expertise
On 20 Nov 2024, a member-driven, not-for-profit organization specializing in financial system cybersecurity published a comprehensive framework for countering phishing scams.
While not limited to affecting only the financial industry, phishing scams typically involve the mimicking of supposed trusted sources to steal personal and financial information. Victims may face significant financial loss, while their financial service providers may be made to bear partial responsibility in some instances.
Recognizing the need for a cohesive solution designed to help financial firms of all sizes and maturity levels minimize phishing incidents, the Financial Services Information Sharing and Analysis Center (FS-ISAC) had worked with member firms to arrive at a framework comprising four essential actions.
The basic recommended actions are:
- Collect and share intelligence: Gather actionable intelligence from consumers, and disseminate it across the relevant departments
- Educate employees and customers: Develop education programs to heighten awareness of phishing tactics among both employees and customers
- Catalog communication channels:Maintain a catalog of telephone numbers used by the institution and third-party partners to prevent spoofing
- Leverage anti-phishing technology: Collaborate with solution providers to deploy anti-phishing solutions
The framework recommends two best practices to augment the four core actions:
- Establish a structured reporting intake process: Design a fraud-and-phishing intake process with clear, concise questions to gather actionable intelligence while minimizing the burden on consumers
- Build an infrastructure for incident reporting: Set up an “abuse box” infrastructure that enables consumers to report phishing attempts, resulting in the timely gathering and sharing of threat insights across internal stakeholders as well as the broader financial sector
According to Linda Betz, Executive Vice President, Global Community Engagement, FS-ISAC: “Phishing has become a global epidemic affecting millions, yet by working together, financial firms can develop highly effective defenses”, describing the framework as a strategic roadmap, “supporting firms in fighting phishing through shared knowledge and coordinated intelligence that can shift the balance against cybercriminals.”
Since the release of the anti-phishing framework, three major US banks have reported a more-than-50% reduction in text abuse incidents shortly after implementation.