Max Bowie: Phishing in the Liquidity Pools of the Capital Markets
In 2013, 53 percent of exchanges reported experiencing a cyber-attack, and Max would be shocked if that number has not already reached 100 percent.
It’s customary when beginning a new year to look forward to what we can expect or hope for from the next 12 months. But this year, as I look forward, I sincerely hope that what I expect to happen does not come to pass: a catastrophic hack on a financial institution or an exchange that manipulates the markets either for personal gain or merely to destroy wealth of corporations and individual investors.
In an unstable world, cyber-attacks represent a new age of warfare for terror groups and even rogue nation states. The infamous hack on Sony Pictures gave us some rare insights into what Hollywood celebrities and studio execs really think of one another in the form of leaked emails, while point-of-sale hacks at major retail stores have gleaned reams of customer credit card data. But these seem like small change compared to the lure of the trillions of dollars that change hands every day in the capital markets, and the potential of skimming some of that flow, or disrupting it and plunging the global financial markets into chaos.
Shocked
In 2013, 53 percent of exchanges reported experiencing a cyber-attack, and I’d be shocked if that number has not already reached 100 percent. That doesn’t mean that any actually succeed, but it does create a huge burden for firms and marketplaces to deal with. And inevitably, one such attack will eventually succeed. Then, given the interconnected nature of modern markets, an intrusion in one market could conceivably wind up in another.
At last month’s Waters USA conference, Charles Blauner, global head of information security at Citi, noted a constant shortfall in the number of IT security specialists—to the tune of around 200,000 professionals worldwide—while the ranks of hackers continue to swell and their techniques become ever-more complex. While a large portion of hackers’ efforts are targeted at retail investors, phishing for bank account information or looking to install malware or spyware on their computers, hackers are also using individuals as a way into corporations, assuming that someone is just as likely to click on a link or open an image file at work as at home. And to be sure, while human judgment is usually the weak link in the cybersecurity chain, hackers are also targeting non-critical but connected network devices such as printers as a back door into a firm’s network, rather than mounting a head-on assault on a firm’s customer portal or trading front-end.
Leaked emails and credit card data hacks must seem like small change compared to the lure of trillions of dollars that change hands every day in the capital markets.
Then there are more sophisticated types of “spoofing” attacks, where a hacker may try to overwhelm a wireless data signal with a stronger wireless feed of their own that introduces erroneous data—potentially causing the recipient to place disadvantageous trades that execute against stale or incorrect prices—or that subtly introduce incorrect timing data to confuse firms’ clock-synchronization systems.
Succeed Once
As Blauner said, for a hacker to be successful, they need only to succeed once in penetrating an organization or individual’s defenses. But for IT security professionals to be successful, they need to block 100 percent of hacking attempts. Facing such an uphill challenge, even with the latest technologies at their disposal, and the cooperation of other firms generally considered competitors and other industry bodies, such as exchanges participating and sharing information in the World Federation of Exchanges’ Global Cybersecurity Committee, it seems almost certainly a matter of when—not if—a malicious hack will bring an important global marketplace or a significant portion of the entire financial system to its knees.
So if you haven’t yet made a New Year’s resolution, make it this one: to safeguard your networks and internal and customer data. Because if you don’t value it enough to protect it adequately, there are plenty of people out there who value it enough to steal it.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@waterstechnology.com
More on Emerging Technologies
The Waters Cooler: Tidings of comfort and joy
Christmas is almost upon us. Have you been naughty or nice?
FactSet launches conversational AI for increased productivity
FactSet is set to release a generative AI search agent across its platform in early 2025.
Waters Wavelength Ep. 295: Vision57’s Steve Grob
Steve Grob joins the podcast to discuss all things interoperability, AI, and the future of the OMS.
S&P debuts GenAI ‘Document Intelligence’ for Capital IQ
The new tool provides summaries of lengthy text-based documents such as filings and earnings transcripts and allows users to query the documents with a ChatGPT-style interface.
The Waters Cooler: Are times really a-changin?
New thinking around buy-build? Changing tides in after-hours trading? Trump is back? Lots to get to.
A tech revolution in an old-school industry: FX
FX is in a state of transition, as asset managers and financial firms explore modernizing their operating processes. But manual processes persist. MillTechFX’s Eric Huttman makes the case for doubling down on new technology and embracing automation to increase operational efficiency in FX.
Waters Wavelength Ep. 294: Grasshopper’s James Leong
James Leong, CEO of Grasshopper, a proprietary trading firm based in Singapore, joins to discuss market reforms.
The Waters Cooler: Big Tech, big fines, big tunes
Amazon stumbles on genAI, Google gets fined more money than ever, and Eliot weighs in on the best James Bond film debate.