James Rundle: Dark Alleys
“Imagine you’re in a bad neighborhood, walking through a dark alleyway at three in the morning,” says one representative from a major US financial utility, speaking to me during a recent visit to London. “You’ll be a lot more aware of your surroundings than you would be in a city center during your lunch hour,” he says. “When it comes to cyberspace, most people involved in security tend to assume that it’s all dark alleys.”
Cybercrime has been at the top of the news agenda for several years now, in particular the mass-organized distributed denial of service (DDoS) attacks orchestrated by so-called “hacktivist” groups or movements like Anonymous. Outside of a political protest, though, DDoS and similar attacks have a serious undertone, and attacks against banks are worth millions of dollars to criminals every year.
Former White House cyber security advisor Richard Clarke, in formulating a manageable yet apt description conveying the threats that companies and governments face from the cyber arena, came up with the acronym CHEW—crime, hacktivists, espionage and war.
Extant Threats
For capital markets-focused institutions, it’s the last three letters of the acronym that really matter. Retail operations are susceptible to the crime element, but securities dealers, clearing houses, depositories and investment banks, given the complexity of the organizations, are likely to face a more sophisticated form of opponent. The designation of several well-known US bodies by the government as Systemically Important Financial Institutions (SIFIs) adds further weight to the level of preparation that needs to be undertaken by sell-side firms, giving a national security impetus rather than simple preservation of integrity.
From the technology perspective, it’s a tough challenge. Segregated systems, redundancy, back-ups, off-site datacenters and other tools have been used for years, but the introduction of new points of egress continue to introduce risks. Take mobile devices, for instance. While remote wiping is an effective way of controlling device proliferation, a determined intruder with a plan in mind potentially gains access through the back door to systems through a stolen device. Likewise, the internal threat from disgruntled employees, or—in the case of espionage and war—planted agents, becomes particularly difficult to defend against.
Cyber risk is rapidly becoming one of the key challenges in the modern era. And executives appear to be listening.
Taking Threats Seriously
The industry is taking this seriously, however, with a high degree of information-sharing between institutions, and the build-out of various systems to analyze, detect and act on threats. All of this is in the process of being fine-tuned, particularly as government regulations develop alongside the evolution of technology. One problem, as those familiar with compliance systems will empathize with, is the generation of alerts for possible intrusion or attack, and coping without drowning in false positives and erroneous determinations. The person I spoke to this month says his institution typically has hundreds of alerts in alarmingly short time frames, although he declines to say exactly how many.
Outside Focus
It is perhaps a sign of the times we live in that the stuff of cyberpunk and science fiction is a reality—or at least, is rapidly becoming one. While market risk, credit risk, operational risk, the greeks, and everything else related to trading and risk management, are intrinsic to the effective running of an investment operation, cyber risk is rapidly becoming one of the key challenges in the modern era. And executives appear to be listening. The person I spoke to likens explaining cyber security to business leaders, as a car’s seat belts—you never fully appreciate them until you’ve been in a car crash. Now, he says, the educational aspect is accomplished, and it’s the solution process that’s in full swing.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@waterstechnology.com
More on Emerging Technologies
The Waters Cooler: Big Tech, big fines, big tunes
Amazon stumbles on genAI, Google gets fined more money than ever, and Eliot weighs in on the best James Bond film debate.
AI set to overhaul market data landscape by 2029, new study finds
A new report by Burton-Taylor says the intersection of advanced AI and market data has big implications for analytics, delivery, licensing, and more.
New Bloomberg study finds demand for election-related alt data
In a survey conducted with Coalition Greenwich, the data giant revealed a strong desire among asset managers, economists and analysts for more alternative data from the burgeoning prediction markets.
How ‘Bond gadgets’ make tackling data easier for regulators and traders
The IMD Wrap: Everyone loves the hype around AI, especially financial firms. And now, even regulators are getting in on the act. But first... “The name’s Bond; J-AI-mes Bond”
Waters Cooler: AI tells it like it is… or does it?
A weekly round-up of stories from us and beyond. Plus, fun Scottish facts.
Google teams up with Linklaters on GenAI contract analysis project
While the large language model is unique to Linklaters and legal documents, Google believes financial services firms will also benefit from GenAI when it comes to contract analysis.
Man Group’s head of risk engineering doesn’t trust ChatGPT for managing risk
Risk managers have a duty to know how AI is being used within their firms. At a recent event, execs from Man Group and others discussed the benefits and pitfalls of AI in risk management.
Banks seemingly build more than buy, but why?
Waters Wrap: A new report states that banks are increasingly enticed by the idea of building systems in-house, versus being locked into a long-term vendor contract. Anthony explores the reason for this shift.