NY Fed: Capital Markets Must Be More Wary of Data Cyber Threats
Thetford told attendees that the profile of cyber-attacks has changed from lone hackers in their basements or activist groups seeking to cause reputational damage or disruption, and the biggest threat to data security is now nation states and insiders intent on deeply infiltrating firms' data architectures for financial gain.
In fact, the primary driver for this new breed of adversaries is often commercial because there is "money to be made" from cyber-crime by selling sensitive data on the black market. Information is very lucrative," Thetford said, adding that today's cyber-terrorists have unlimited time and resources to bury their claws deep within firms' architectures, and are willing to be patient in the pursuit of monetary gains. "They are much more willing to take their time and find multiple back doors before ‘exfiltrating' [infiltrating and extracting] data. If they move in, it's because they want to stay," he said.
For example, cyber criminals could steal non-public data, economic data or client information from financials firms, then sell that data on the black market for profit, he added.
To help capital markets firms using commercial-grade technology to fight military-grade attacks, Thetford encouraged firms to build simple technology stacks and flexible architectures that can be compartmentalized so that bugs can be fixed on the fly. In addition, firms should layer their security protection at every point where data is exposed, such as desktops, devices and servers.
A mature information security program also needs to have a greater focus on threats from within─such as disgruntled employees or criminal "insiders" placed within organizations with the express purpose of committing espionage by terrorist groups or nation states. "The technology to monitor insiders is lagging. There's this idea that once you're in, you're trusted-but that's not enough," Thetford said, adding that firms should consider more background checks and additional monitoring of employee activity.
In addition, firms must pay special attention to external consultants as well as outsourcing service providers. "I'm not saying bring it all in-house, but you need to think more about what you're giving them access to and whether they have the right controls and contracts in place to tell you about any data losses," Thetford said. "When it comes to outside service providers, there is very little transparency around their security controls. That scares me for you," he added.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@waterstechnology.com
More on Emerging Technologies
Waters Wavelength Ep. 295: Vision57’s Steve Grob
Steve Grob joins the podcast to discuss all things interoperability, AI, and the future of the OMS.
S&P debuts GenAI ‘Document Intelligence’ for Capital IQ
The new tool provides summaries of lengthy text-based documents such as filings and earnings transcripts and allows users to query the documents with a ChatGPT-style interface.
The Waters Cooler: Are times really a-changin?
New thinking around buy-build? Changing tides in after-hours trading? Trump is back? Lots to get to.
A tech revolution in an old-school industry: FX
FX is in a state of transition, as asset managers and financial firms explore modernizing their operating processes. But manual processes persist. MillTechFX’s Eric Huttman makes the case for doubling down on new technology and embracing automation to increase operational efficiency in FX.
Waters Wavelength Ep. 294: Grasshopper’s James Leong
James Leong, CEO of Grasshopper, a proprietary trading firm based in Singapore, joins to discuss market reforms.
The Waters Cooler: Big Tech, big fines, big tunes
Amazon stumbles on genAI, Google gets fined more money than ever, and Eliot weighs in on the best James Bond film debate.
AI set to overhaul market data landscape by 2029, new study finds
A new report by Burton-Taylor says the intersection of advanced AI and market data has big implications for analytics, delivery, licensing, and more.
New Bloomberg study finds demand for election-related alt data
In a survey conducted with Coalition Greenwich, the data giant revealed a strong desire among asset managers, economists and analysts for more alternative data from the burgeoning prediction markets.
