Max Bowie: Phishing in the Liquidity Pools of the Capital Markets
In 2013, 53 percent of exchanges reported experiencing a cyber-attack, and Max would be shocked if that number has not already reached 100 percent.
It’s customary when beginning a new year to look forward to what we can expect or hope for from the next 12 months. But this year, as I look forward, I sincerely hope that what I expect to happen does not come to pass: a catastrophic hack on a financial institution or an exchange that manipulates the markets either for personal gain or merely to destroy wealth of corporations and individual investors.
In an unstable world, cyber-attacks represent a new age of warfare for terror groups and even rogue nation states. The infamous hack on Sony Pictures gave us some rare insights into what Hollywood celebrities and studio execs really think of one another in the form of leaked emails, while point-of-sale hacks at major retail stores have gleaned reams of customer credit card data. But these seem like small change compared to the lure of the trillions of dollars that change hands every day in the capital markets, and the potential of skimming some of that flow, or disrupting it and plunging the global financial markets into chaos.
Shocked
In 2013, 53 percent of exchanges reported experiencing a cyber-attack, and I’d be shocked if that number has not already reached 100 percent. That doesn’t mean that any actually succeed, but it does create a huge burden for firms and marketplaces to deal with. And inevitably, one such attack will eventually succeed. Then, given the interconnected nature of modern markets, an intrusion in one market could conceivably wind up in another.
At last month’s Waters USA conference, Charles Blauner, global head of information security at Citi, noted a constant shortfall in the number of IT security specialists—to the tune of around 200,000 professionals worldwide—while the ranks of hackers continue to swell and their techniques become ever-more complex. While a large portion of hackers’ efforts are targeted at retail investors, phishing for bank account information or looking to install malware or spyware on their computers, hackers are also using individuals as a way into corporations, assuming that someone is just as likely to click on a link or open an image file at work as at home. And to be sure, while human judgment is usually the weak link in the cybersecurity chain, hackers are also targeting non-critical but connected network devices such as printers as a back door into a firm’s network, rather than mounting a head-on assault on a firm’s customer portal or trading front-end.
Leaked emails and credit card data hacks must seem like small change compared to the lure of trillions of dollars that change hands every day in the capital markets.
Then there are more sophisticated types of “spoofing” attacks, where a hacker may try to overwhelm a wireless data signal with a stronger wireless feed of their own that introduces erroneous data—potentially causing the recipient to place disadvantageous trades that execute against stale or incorrect prices—or that subtly introduce incorrect timing data to confuse firms’ clock-synchronization systems.
Succeed Once
As Blauner said, for a hacker to be successful, they need only to succeed once in penetrating an organization or individual’s defenses. But for IT security professionals to be successful, they need to block 100 percent of hacking attempts. Facing such an uphill challenge, even with the latest technologies at their disposal, and the cooperation of other firms generally considered competitors and other industry bodies, such as exchanges participating and sharing information in the World Federation of Exchanges’ Global Cybersecurity Committee, it seems almost certainly a matter of when—not if—a malicious hack will bring an important global marketplace or a significant portion of the entire financial system to its knees.
So if you haven’t yet made a New Year’s resolution, make it this one: to safeguard your networks and internal and customer data. Because if you don’t value it enough to protect it adequately, there are plenty of people out there who value it enough to steal it.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@waterstechnology.com
More on Emerging Technologies
Waters Wrap: Quants, CDOs, and the blending of job titles
Anthony explains how a quant at a massive bank taking on the CDO title hints at larger industry changes.
Caveat creator: GenAI giants’ pledges won’t pre-empt copyright suits
Tech vendors offer indemnities on generative output, but end-users need to check the fine print, warn IP lawyers
Capital markets firms wary of cloud overspend
Data architects highlight cost concerns as more and more institutions look to use the cloud for data storage and management.
This Week: ION/LuxSE, BNY Mellon, Nasdaq, and more
A summary of the latest financial technology news.
Nasdaq to market new options strike listing tech to other exchanges
The exchange operator is experimenting with emerging technologies to determine which options strike prices belong in a crowded market, with hopes to sell the tech to its peers.
Former Goldman analyst aims to blend GenAI and synthetic data with start-up
Synthera.ai is taking a novel approach to calculating risk. While promising, industry observers are skeptical.
Waters Wavelength Podcast: Bloomberg’s Tony McManus
Tony McManus, global head of enterprise data division at Bloomberg, joins the podcast to talk about the importance of data in the context of AI and GenAI.
Devil’s Bargain: Closed architecture systems will derail AI ambitions
Rob Flatley explains why closed-off systems will fall flat when it comes to AI adoption.
Most read
- IMD & IRD Awards 2024: All the winners
- Waters Wavelength Podcast: Bloomberg’s Tony McManus
- Most innovative market data project—Tradeweb