The Financial Sector’s Battle with Cyber Crime

by securedatamgt | 05 Nov 2014

Cyber Crime Word Cloud

The World Federation of Exchanges has recently announced plans for the creation of a cyber-security committee, The Cyber Security Working Group, which will be chaired by Mark Graff, Chief Information Security Officer (CISO) at Nasdaq.

The committee will aim to protect global capital markets from hackers and cyber criminals. Whilst the committee’s formation has been hailed by financiers, its creation is long overdue and many in the financial sector have acknowledged for decades now that their industry is a target for cyber-attacks and data breaches.

Why Greater Protection is Needed in the Financial Industry

There has not recently been any instance of hacking directly affecting trade, although hackers have managed to grab the media’s attention on several occasions in the past years. However, there are precedents of market manipulation and disruption. In January 2011 the European Union’s carbon market was infiltrated by hackers and 7 million euros worth of carbon credits were stolen from the Czech Republic, trading had to be temporarily suspended which severely disrupted the market.

Policy makers and regulators will often refer to these anomalies to demonstrate the possible damage a cyber-attack could inflict on the global financial system.

The growing threat of cyber crime to the market was aptly demonstrated by a report published by the International Organization of Securities Commissions, the foremost body for security regulation. The report stated that almost half of the exchanges had been forced to fend off attempted cyber-attacks last year.

Whilst cyber-crime is a growing threat to every industry, the exchange is particularly at risk as it is commonly viewed as critical economic infrastructure by hackers. Despite the exchange most commonly being associated with the iconic trading platform it is in fact exchange websites that are most defenceless against hackers.

In the past criminal cyber gangs have targeted retail banks with the ambition of absorbing customer funds however now gangs are increasingly looking to manipulate the market instead. It is not only gangs who are looking to manipulate the market but hacktivists too, hackers who are socially or politically motivated.

Hacktivism was put on the map by the Anonymous movement which emerged in 2008 when a Church of Scientology website was attacked and the movement has become reinvigorated since the Snowden leaks. Hacktivists tend not to target corporations but rather the life lines that support them such as the exchange platform. If this wasn’t reason enough for the WFE to take action, the U.S security operation Quantum Dawn 2 certainly would have certainly put the industry on high alert.

“White hat” hackers were used in the July operation which was conducted by the Securities Industry and Financial Markets Association (SIFMA) in order to expose the liabilities of equity markets to infiltration. Whilst no cyber-attack has actually been known to have threatened the New York stock exchange this exercise was certainly necessary in revealing the damage that could be potentially inflicted on the highly liquid equity markets.

To learn about what other threats your business faces this year check out our post: Data Breaches are a Major Threat in 2015

The Drive for Better Security in the Exchange Market

Cyber-crime on the world exchanges tends to be more disruptive than more conventional types of financial crime such as theft. Fortunately, exchanges are well aware of the disruption a cyber-attack could cause. 93% of exchanges have disaster recovery plans in place and all exchanges claim to be able to recognize a cyber-attack within 48 hours.

However, it is still believed in the industry that not enough money has been spent defending against cyber-attacks and that exchange CEO’s are not sharing enough information with each other on the issue. Following this the world’s leading exchanges have decided to come together to form a committee which will aim to encourage more open discourse on cyber security. The committee will also encourage homily between the financial sector and policy makers.

Mark Graff, Chairman of the committee stated:

We are tasked with a significant goal: to build universal best practices and partner with third-parties to combat systemic cyber abuse to ensure the resiliency and strength of our capital markets.

The fact remains that the financial industry, according to PwC’s 2014 Global Economic Crime Survey, is the most likely to be affected by cybercrime. 39 % of respondents in the financial industry stated that they had been a victim of cyber-crime compared with only 17% of respondents in other trades.

The financial sector will have to continue looking for ways to protect their valuable data in order to ensure the continuity of their trade.