When a Breach is a 'Good Thing'
Weighing the benefits of certain data breaches.
In April, Waters is planning a comprehensive issue about cybersecurity and the technology, processes, and talent required to guard against what many CTOs now believe is their top operational risk.
The list of firms that have been hacked—either externally or internally—in the last year is lengthy, featuring some of the largest corporations in the world and at least a couple of mainstay investment banks as well.
Of course, when the topic is raised, many minds (including my own) visualize a malicious 'blackhat' actor holed up in a dark room somewhere halfway around the world, toying with systems and stealing information either for the fun of it, or because a state or quasi-state entity is paying them to do so behind some kind of ideological justification.
But particularly in finance, the job is often far more simple, and the reasons are sometimes much more benign.
For example, the theft of client data from Morgan Stanley's wealth management unit in December 2014 by a recently-promoted adviser at the firm had many hallmarks of a contemporary cyber event: a shadowy data-download service, even a request for payment in cryptocurrency. But as of yet, none of the typical reasoning.
Internal Leaks
Things can be simpler still, as this week's revelation of HSBC's Geneva office engaging in all sorts of lurid and tax-evading conduct surely suggests.
In this case, as The Guardian has reported, it was physically a matter of a systems engineer, Herve Falciani, prepping tens of thousands of client accounts right at his desk, fleeing to France (from where he, as a French citizen, can't be extradited) and downloading them to five hard disks. What's now being called the biggest bank leak in history was just that easy, and the standard maelstrom of condemnation and calls for investigation has followed.
To some extent, I suspect this style of threat—and not foreign hackers spoofing their location and IP eight times over—could become the norm for financial services. Indeed most technologists we speak to, particularly on the buy side, continue to argue that their greatest worry in terms of data security is their own staff either opening malware in an email without knowing it, or walking off with information they shouldn't be permissioned to because of a change of heart about the business they're in.
Fogginess
This danger, like the HSBC files, raises some interesting practical and even ethical questions—far more so than the Target or Sony hacks that have a clear antagonist, and were clearly avoidable.
To the former issue, locking down every last piece of data would make life for a typical investment management firm operationally difficult, if not impossible. All the more so if you're personnel-constrained or have aspirations to provide serious mobile functionality, as many do. It's a matter of expectations creep and technical lag.
While I'm not exactly as strong as Glenn Greenwald on the latter issue, far from it, from an ethical standpoint there might well be legitimate reasons, in very specific instances, to heist information from one's own firm and hand that data to governmental authorities or the press, as well. I doubt any CTO would admit to that priority being on his or her mind, quite the opposite actually, though deep down we can all imagine such circumstances.
Whether Mr. Falciani—who, like Edward Snowden, is a colorful character—had reasons rising to that level of compulsion is debatable. But the HSBC breach certainly adds a new twist to a topic that was already front-of-mind in 2015.
In any case, we look forward to examining this area, both with technical nuance and from a business standpoint, in April. Any firms looking to contribute their outlook should certainly give a shout, at timothy.murray@incisivemedia.com or on 646 490 3968.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@waterstechnology.com
More on Emerging Technologies
GenAI could connect ‘constellation’ of vital information technologies
At WFIC, Six Group’s Marion Leslie highlighted the opportunities and risks that the technology holds.
Why can’t we be friends?
The ABA vs most every regulatory. LSEG vs BBG. AI vs SaaS. Buy vs build. Lots of drama in the capital markets.
DORA will change the buy vs. build debate… maybe
Waters Wrap: With DORA’s deadline looming, trading firms are having to reassess their long-term tech strategies. Anthony wonders if that means more building and less buying.
JSE rolls out exchange data to cloud Marketplace, built with DataBP
The move—part of a broader cloud migration at the exchange—allows financial firms to connect and subscribe to JSE news, market data, and analytics via the cloud.
The SEC needs a hand with artificial intelligence
The SEC wants to take a tough stance on AI, but it has a talent problem… or a marketing problem. Or both…
This Week: Appital adds to book-building tool; SmartStream; TS Imagine and more
A summary of the latest financial technology news.
This Week: Startup Skyfire launches payment network for AI agents; State Street; SteelEye and more
A summary of the latest financial technology news.
Waters Wavelength Podcast: Standard Chartered’s Brian O’Neill
Brian O’Neill from Standard Chartered joins the podcast to discuss cloud strategy, costs, and resiliency.