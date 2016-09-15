It’s one of the great dilemmas of 21st century life: The technologies that make our lives easier also open us up to vulnerabilities we may never have otherwise imagined, but the private and public sectors can work together to share information and deal with threats.

Those were a few of the broad themes underlying a conference on cybersecurity hosted Tuesday at the Federal Reserve Bank of Boston. Presented by the Massachusetts Office of Consumer Affairs and Business Regulation (OCABR), Tuesday’s event represented a broader trend on the part of regulators to respond to the issue of cybersecurity not with wrist-slapping and prescriptive measures, but by encouraging collaboration between the private and public sectors.

In particular, OCABR wanted to reach the financial services sector, often a desirable target for cyber attackers.

OCABR Undersecretary John C. Chapman laid out some startling facts and figures at the top of the conference:

In 2015, cybercrime costs rose 19 percent globally with a hack costing companies $7.7 million on average (Ponemon Institute).

50 percent of global companies with revenue over $500 million do not feel prepared for a cyberattack (KPMG).

The average number of days a hacker stays dormant in a network before detection is about 200 (Microsoft).

“It’s one of the great paradoxes of our time that the very technologies we rely upon personally in all the sectors of business to do good can also be used to undermine us and do tremendous harm,” Chapman said.

Kevin Swindon, a supervisory special agent with the FBI, also spoke at the event, differentiating between types of cyber attackers, outlining the roles of various government agencies in pursuing cybercrimes and discussing several cases of American businesses hit by crackers and ransomware.

Long gone are the days when “hacker” meant a bored teenager tinkering around with his parents’ old modem. Swindon identified four different types of attackers – crackers, insiders, terrorists and nation states – and stressed that those different attackers can all feed each other information and resources about possible targets.

Whenever he’s asked which of those types of attackers frighten him the most, Swindon said insiders and nation states vie for that spot. And insiders, he told his audience, know everything about your organization.

He also shared a few security tips. Never use your smartphone to conduct sensitive business on a public WiFi network, consider security software to detect malware, and don’t always accept the default settings on every app you download.

“Businesses are getting better, but bad guys are getting smarter,” he reminded his audience.

“Cyber criminals go for the low-hanging fruit, the path of least resistance,” said Kevin Greenfield, director for bank information technology at the OCC’s operational risk policy division.

Greenfield also outlined some common weaknesses and emphasized incident management and the risk posed by third parties.

“Third parties are part of your infrastructure,” he said.

New products and services also mean new vulnerabilities, and bankers should carefully consider those before rolling out new products and services, Greenfield said.

Once upon a time, the best control against potential fraud was an experienced bank teller who could spot a fake check, he said. Now, as payments get closer to real time, the financial services industry has to ensure that its safeguards keep pace with technology and customer expectations.

And Don L. Anderson Jr., the Boston Fed’s chief information officer, highlighted a threat information sharing program launched by the Boston Fed a few years ago. Today, 60 organizations participate in the program, he said. The interconnectedness of the system today means it behooves banks to put aside competitive differences and work together toward the common goal of cybersecurity for all.

“We really want people to share openly and build those relationships,” he said. “It really has helped. We have had banks in our network that, this group has helped protect them from attacks. We built this network that didn’t exist before, so people are able to pick up the phone and talk to somebody who’s traditionally been their competitor.”

