Opening Cross: Data: Currency of the New Age (or "Quantum Dawn 2: Revenge of the Hackers")

It’s hard to believe we’re already halfway through 2013—which many thought would be a return to form for the industry. And while it has yielded a return for indicators like the Dow Jones Industrial Average and some banks that reported record profits, that isn’t trickling down to many divisions that keep the firms running.

In an electronic age, what keeps many firms running is security. In everyday life, security software safeguards our financial information when shopping online, to prevent identity theft, or hackers hijacking our email or computers. Capital markets are much the same, but with a lot more data and money at stake. Client data is sacrosanct, and it’s the potential harm someone can do with that information that offers a scary scenario for brilliant yet unscrupulous minds.

In a virtual roundtable in the first issue of IMD this year, I predicted serious impacts from cyber-terrorism events on major exchanges, and a regulatory “firewall” for real-time monitoring against any disruptive activity. And it seems that at least some of that prediction is coming true.

On July 18, the Securities and Financial Markets Association organized a cyber-security preparedness exercise—with the summer blockbuster-like title Quantum Dawn 2—involving 50 organizations, including financial firms, exchanges, utilities, the US Department of the Treasury, the Securities and Exchange Commission, the Department of Homeland Security, and the FBI, to test the industry’s crisis response and communications plans in the event of a “systematic cyber attack.”

The financial markets’ ability to withstand these attacks is not only a security requirement; it also has a big impact on the trust placed in its institutions by investors, which has already deteriorated in the US in the second quarter of 2013, according to Thomson Reuters’ TRust Index—possibly a result of concerns over quantitative easing and interest rates. Trust in Asian financial institutions also deteriorated, ostensibly due to fears about China’s “shadow banking” system and a liquidity crisis. But other factors are affecting the region’s trustworthiness: According to a report from Hollywood, Fla.-based Prolexic Technologies, a provider of Distributed Denial of Service (DDOS) attack protection, China is the largest source of DDOS attacks, which increased 33 percent over 2012, while duration increased 123 percent, and bandwidth utilized increased 925 percent.

While many attacks swamp organizations’ websites with traffic to force them offline, others are more sophisticated, designed to disrupt a company’s—or marketplace’s—operations, while others simply look for ways to steal data. For example, hackers compromised one of Nasdaq’s investor discussion forum sites last Monday, July 18. And Nasdaq isn’t alone. According to a report from IOSCO and the World Federation of Exchanges, 53 percent of exchanges surveyed experienced a cyber attack in the past year, including one on the National Market System that made corporate filing information unavailable, making securities illiquid and forcing a trading halt.

In the latest case, the hackers made off with investors’ login details to the forum—though not access any other Nasdaq systems—before the exchange detected the breach and alerted forum members. This data is useful if people use the same passwords elsewhere. But also, if you consider what precipitated the so-called Hash Crash, imagine hacking the Twitter feeds of influential investors who may lack the real-time oversight of the Associated Press: a fake tweet could exercise an disastrous amount of influence on sudden price movements. Sentiment analysis providers filter out unverified tweets, but can they handle fake—but credible—messages from a verified source?

As these sources of insight emerge as a new generation of market data, they bring new potential for market manipulation. Just as traders are seeking to find value from all and any information source to exploit the markets, others are doing exactly the same with illegally-obtained data to disrupt those same markets.