James Rundle: Dark Alleys
![james-rundle james-rundle](/sites/default/files/styles/landscape_750_463/public/import/IMG/765/194765/james-rundle-580x358.jpg.webp?itok=KSqZWuPJ)
“Imagine you’re in a bad neighborhood, walking through a dark alleyway at three in the morning,” says one representative from a major US financial utility, speaking to me during a recent visit to London. “You’ll be a lot more aware of your surroundings than you would be in a city center during your lunch hour,” he says. “When it comes to cyberspace, most people involved in security tend to assume that it’s all dark alleys.”
Cybercrime has been at the top of the news agenda for several years now, in particular the mass-organized distributed denial of service (DDoS) attacks orchestrated by so-called “hacktivist” groups or movements like Anonymous. Outside of a political protest, though, DDoS and similar attacks have a serious undertone, and attacks against banks are worth millions of dollars to criminals every year.
Former White House cyber security advisor Richard Clarke, in formulating a manageable yet apt description conveying the threats that companies and governments face from the cyber arena, came up with the acronym CHEW—crime, hacktivists, espionage and war.
Extant Threats
For capital markets-focused institutions, it’s the last three letters of the acronym that really matter. Retail operations are susceptible to the crime element, but securities dealers, clearing houses, depositories and investment banks, given the complexity of the organizations, are likely to face a more sophisticated form of opponent. The designation of several well-known US bodies by the government as Systemically Important Financial Institutions (SIFIs) adds further weight to the level of preparation that needs to be undertaken by sell-side firms, giving a national security impetus rather than simple preservation of integrity.
From the technology perspective, it’s a tough challenge. Segregated systems, redundancy, back-ups, off-site datacenters and other tools have been used for years, but the introduction of new points of egress continue to introduce risks. Take mobile devices, for instance. While remote wiping is an effective way of controlling device proliferation, a determined intruder with a plan in mind potentially gains access through the back door to systems through a stolen device. Likewise, the internal threat from disgruntled employees, or—in the case of espionage and war—planted agents, becomes particularly difficult to defend against.
Cyber risk is rapidly becoming one of the key challenges in the modern era. And executives appear to be listening.
Taking Threats Seriously
The industry is taking this seriously, however, with a high degree of information-sharing between institutions, and the build-out of various systems to analyze, detect and act on threats. All of this is in the process of being fine-tuned, particularly as government regulations develop alongside the evolution of technology. One problem, as those familiar with compliance systems will empathize with, is the generation of alerts for possible intrusion or attack, and coping without drowning in false positives and erroneous determinations. The person I spoke to this month says his institution typically has hundreds of alerts in alarmingly short time frames, although he declines to say exactly how many.
Outside Focus
It is perhaps a sign of the times we live in that the stuff of cyberpunk and science fiction is a reality—or at least, is rapidly becoming one. While market risk, credit risk, operational risk, the greeks, and everything else related to trading and risk management, are intrinsic to the effective running of an investment operation, cyber risk is rapidly becoming one of the key challenges in the modern era. And executives appear to be listening. The person I spoke to likens explaining cyber security to business leaders, as a car’s seat belts—you never fully appreciate them until you’ve been in a car crash. Now, he says, the educational aspect is accomplished, and it’s the solution process that’s in full swing.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@waterstechnology.com
More on Emerging Technologies
This Week: IPC extends Google Cloud partnership, BlackRock/AIA, DTCC and more
A summary of the latest financial technology news.
Waters Wavelength Podcast: Deutsche Bank’s Boon-Hiong Chan
Boon-Hiong Chan from Deutsche Bank joins the podcast to talk about blockchain interoperability.
SocGen pushes data, analytics use cases for SG Markets
The bank is letting a handful of clients experiment with its proprietary data and models to inform their research.
Ace high or busted flush? Digital Asset’s mixed fortunes mirror DLT adversity
The vendor hoped to remodel post-trade using blockchain technology—and it still might—but its bumpy progress raises questions over the future of DLT in finance.
AI could cut time for money laundering checks by 99%
Leading crypto exchange rolling out large language model for enhanced due diligence checks.
Standard Chartered keeps faith with quantum experimentation
The bank is aiming to future-proof itself with the ability to adopt new technology at an early stage.
Waters Wrap: CME, Google and the pursuit of ultra-low-latency trading
CME Group and Google have announced Aurora, Illinois, as the location for the exchange’s new co-location facility. Anthony explains why this is more than just the next phase of the two companies’ originally announced project.
This Week: Genesis/Interop.io; S&P Global; Finos/OS-Climate and more
A summary of the latest financial technology news.