James Rundle: Dark Alleys
“Imagine you’re in a bad neighborhood, walking through a dark alleyway at three in the morning,” says one representative from a major US financial utility, speaking to me during a recent visit to London. “You’ll be a lot more aware of your surroundings than you would be in a city center during your lunch hour,” he says. “When it comes to cyberspace, most people involved in security tend to assume that it’s all dark alleys.”
Cybercrime has been at the top of the news agenda for several years now, in particular the mass-organized distributed denial of service (DDoS) attacks orchestrated by so-called “hacktivist” groups or movements like Anonymous. Outside of a political protest, though, DDoS and similar attacks have a serious undertone, and attacks against banks are worth millions of dollars to criminals every year.
Former White House cyber security advisor Richard Clarke, in formulating a manageable yet apt description conveying the threats that companies and governments face from the cyber arena, came up with the acronym CHEW—crime, hacktivists, espionage and war.
Extant Threats
For capital markets-focused institutions, it’s the last three letters of the acronym that really matter. Retail operations are susceptible to the crime element, but securities dealers, clearing houses, depositories and investment banks, given the complexity of the organizations, are likely to face a more sophisticated form of opponent. The designation of several well-known US bodies by the government as Systemically Important Financial Institutions (SIFIs) adds further weight to the level of preparation that needs to be undertaken by sell-side firms, giving a national security impetus rather than simple preservation of integrity.
From the technology perspective, it’s a tough challenge. Segregated systems, redundancy, back-ups, off-site datacenters and other tools have been used for years, but the introduction of new points of egress continue to introduce risks. Take mobile devices, for instance. While remote wiping is an effective way of controlling device proliferation, a determined intruder with a plan in mind potentially gains access through the back door to systems through a stolen device. Likewise, the internal threat from disgruntled employees, or—in the case of espionage and war—planted agents, becomes particularly difficult to defend against.
Cyber risk is rapidly becoming one of the key challenges in the modern era. And executives appear to be listening.
Taking Threats Seriously
The industry is taking this seriously, however, with a high degree of information-sharing between institutions, and the build-out of various systems to analyze, detect and act on threats. All of this is in the process of being fine-tuned, particularly as government regulations develop alongside the evolution of technology. One problem, as those familiar with compliance systems will empathize with, is the generation of alerts for possible intrusion or attack, and coping without drowning in false positives and erroneous determinations. The person I spoke to this month says his institution typically has hundreds of alerts in alarmingly short time frames, although he declines to say exactly how many.
Outside Focus
It is perhaps a sign of the times we live in that the stuff of cyberpunk and science fiction is a reality—or at least, is rapidly becoming one. While market risk, credit risk, operational risk, the greeks, and everything else related to trading and risk management, are intrinsic to the effective running of an investment operation, cyber risk is rapidly becoming one of the key challenges in the modern era. And executives appear to be listening. The person I spoke to likens explaining cyber security to business leaders, as a car’s seat belts—you never fully appreciate them until you’ve been in a car crash. Now, he says, the educational aspect is accomplished, and it’s the solution process that’s in full swing.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@waterstechnology.com
More on Emerging Technologies
An AI-first approach to model risk management
Firms must define their AI risk appetite before trying to manage or model it, says Christophe Rougeaux
Waters Wavelength Ep. 297: How to talk to the media
This week, Tony and Wei-Shen discuss the dos and don’ts for sources interacting with the media.
The Waters Cooler: Tidings of comfort and joy
Christmas is almost upon us. Have you been naughty or nice?
FactSet launches conversational AI for increased productivity
FactSet is set to release a generative AI search agent across its platform in early 2025.
Waters Wavelength Ep. 295: Vision57’s Steve Grob
Steve Grob joins the podcast to discuss all things interoperability, AI, and the future of the OMS.
S&P debuts GenAI ‘Document Intelligence’ for Capital IQ
The new tool provides summaries of lengthy text-based documents such as filings and earnings transcripts and allows users to query the documents with a ChatGPT-style interface.
The Waters Cooler: Are times really a-changin?
New thinking around buy-build? Changing tides in after-hours trading? Trump is back? Lots to get to.
A tech revolution in an old-school industry: FX
FX is in a state of transition, as asset managers and financial firms explore modernizing their operating processes. But manual processes persist. MillTechFX’s Eric Huttman makes the case for doubling down on new technology and embracing automation to increase operational efficiency in FX.