The Devil is in the Data
![james-rundle-waters james-rundle-waters](/sites/default/files/styles/landscape_750_463/public/import/IMG/283/261283/james-rundle-waters.jpg.webp?h=4a6b0616&itok=EjSrsvc6)
Imagination dictates a scenario where banks of people, lit by the gently glowing screens of ultra-powerful computers, talk animatedly into headsets while flashing runes on a central terminal relay attack vectors for the cyber-perps. There's probably a general somewhere, too. Either way, the sky above the port is most definitely the color of television, tuned to a dead channel.
I suppose the naming conventions can't be given too much stick, even if they are a little grandiloquent. Events dubbed Moderate Sunrise and Hangover Fish probably wouldn't engender the same muscular urgency among their target audience. But it's a good thing that they're being held. And even more encouragingly, it looks as if banks and financial-market infrastructures are beginning to harden their defenses against digital penetration.
Maginot Lines
Indeed, the Bank of England (BoE) report from the event makes, on the whole, for pretty decent reading. Communication is good, responses are good, technicals are good. All systems go, captain. The problem seems to be more with the exercise itself, in that it needs to more accurately reflect the world's market environment, and possibly not be four hours long next time.
In my reporting on the story last week, I quoted David Porter, head of fraud analytics and SAS UK & Ireland, who had a few interesting things to say about detecting and preventing cyber-attack. Important to the whole piece is an understanding of data, naturally. Further quotes not in the story talked about how an institution may not know that it is under attack until said assault is fully underway, or it's already happened.
That, I think, is the key to understanding cyber prevention. If somebody wanted to rob a bank a century ago, they'd bust in, guns blazing. Or, if they had a degree of intelligence, they might sneak in and take the cash from the safe, and the bank wouldn't be any the wiser until the next morning, when it came to shift money that wasn't there. So, we invented closed-circuit television cameras, laser tripwires for alarm systems, pressure detectors for sensitive areas, and any number of devices aimed at preventing physical intrusion. Most of it relied on a team of security guards who were able to respond to threats as they occurred.
Important to the whole piece is an understanding of data, naturally. Further quotes talked about how an institution may not know that it is under attack until said assault is fully underway, or it's already happened.
Impossible Protection
In the cyberspace arena, we have firewalls and segregated systems, but that's a bit like putting a dozing guard on the door of the vault. He can be bypassed. Over the past few years, we've become more advanced, particularly with distributed computing and fail-over techniques, and in a sense, we've begun to install the cameras and anti-theft technology, just in the digital realm. The only difference is that, without an understanding of networks, system environments and the data that flows through them, we don't have that team of chaps in the control room.
I'm saying ‘we' a lot, but I've neither worked in a bank, nor in cybersecurity. However, the principles are easy to grasp. The devil is in the data, after all.
And besides, the one thing that all of these different periods of time and environments have in common, regardless of how low or high-tech the security might be, is that they all share one, single attack vector that presents a threat greater than a revolver or a botnet.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@waterstechnology.com
More on Data Management
Insurers deny cyber premiums are rising
Contrary to banks’ complaints, underwriters and brokers claim current market for policies is soft.
Cutting through the hype surrounding the FDTA rulemaking process
A bill requiring US regulators and institutions to adopt a machine-readable data framework for reporting purposes applies to entity identifiers, but not security identifiers, in a crucial difference, writes Scott Preiss, SVP and global head of Cusip Global Services.
The IMD Wrap: Quality drivers—the sticks and carrots accelerating the data quality race
Like a Formula One Grand Prix, data management is a race that can be won or lost. And just as each race is part of a larger F1 championship that pays large sums of TV money to the winning team, winning or losing one race can contribute to winning or losing an endgame with much more at stake.
Northern Trust offers internal fund accounting, data tools to clients
Regulations and a mandate to enhance quality and transparency in a bid to improve the investor experience are pushing buy-side firms to have more oversight of their third-party providers.
$135.6m fines prompt Citi to modernize infrastructure, controls
The bank was hit with a combined $135.6 million fine on Wednesday for failing to resolve “longstanding internal controls and risk issues,” amid continued internal work across the enterprise.
SocGen pushes data, analytics use cases for SG Markets
The bank is letting a handful of clients experiment with its proprietary data and models to inform their research.
Finra clears hurdle with CAT launch, but several others remain
Two major components of the consolidated audit trail are now in place. But wrangling over the CAT’s future continues.
Ace high or busted flush? Digital Asset’s mixed fortunes mirror DLT adversity
The vendor hoped to remodel post-trade using blockchain technology—and it still might—but its bumpy progress raises questions over the future of DLT in finance.