The Business of Security Podcast Series #37 – Leveraging Information Sharing To Protect Your Organization

In this episode, guest Bill Nelson, CEO of the Global Resilience Federation (GRF), talks about the GRF’s mission to help organizations in myriad industries share critical security threat information so they can all better defend themselves.

Bill lays out the history of GRF – how it emerged from the work he did at FS-ISAC, where he grew membership from 170 banks to 7,000. Bill led a team that was tasked with helping other industries set up their own security information sharing programs, based on what FS-ISAC was doing, leading to the creation or support of ISACs and ISAOs for legal, oil & gas, retail, energy, and healthcare.

You’ll also learn how the Uniform Commercial Code, article 4, in its description of “commercially reasonable” security, and who’s financially liable after a breach, drove banks to take security controls like anomaly detection, MFA, and DDoS prevention a lot more seriously.

GRF’s newest security information exchange, K12SIX, aims to protect K-12 schools, which have become the newest targets for ransomware, with attacks ballooning from 10 per year just a few years ago to more than 400 in 2020, and ransoms increasing from $20k to an astonishing $40M.

Bill Nelson is the Chair and CEO of the Global Resilience Federation (GRF). GRF is a non-profit association dedicated to helping ensure the resilience and continuity of critial and essential infrastructure and organizations against threats, incidents and vulnerabities. Before joining GRF in 2019, Mr. Nelson was the President and CEO of the Financial Services Information Sharing & Analysis Center (FS-ISAC) from 2006-2018. While at FS-ISAC, he grew the membership from under 200 to over 7,000 organizations in 50 countries. He was Executive Vice President of NACHA, The Electronic Payments Association from 1988 to 2006.

Global Resilience Federation (GRF) is a non-profit hub for support, analysis, and multi-industry intelligence exchange between information sharing and analysis centers (ISACs) and organizations (ISAOs), which facilitate cyber and physical security intelligence sharing for specific sectors.