When a Breach is a 'Good Thing'
Weighing the benefits of certain data breaches.
In April, Waters is planning a comprehensive issue about cybersecurity and the technology, processes, and talent required to guard against what many CTOs now believe is their top operational risk.
The list of firms that have been hacked—either externally or internally—in the last year is lengthy, featuring some of the largest corporations in the world and at least a couple of mainstay investment banks as well.
Of course, when the topic is raised, many minds (including my own) visualize a malicious 'blackhat' actor holed up in a dark room somewhere halfway around the world, toying with systems and stealing information either for the fun of it, or because a state or quasi-state entity is paying them to do so behind some kind of ideological justification.
But particularly in finance, the job is often far more simple, and the reasons are sometimes much more benign.
For example, the theft of client data from Morgan Stanley's wealth management unit in December 2014 by a recently-promoted adviser at the firm had many hallmarks of a contemporary cyber event: a shadowy data-download service, even a request for payment in cryptocurrency. But as of yet, none of the typical reasoning.
Internal Leaks
Things can be simpler still, as this week's revelation of HSBC's Geneva office engaging in all sorts of lurid and tax-evading conduct surely suggests.
In this case, as The Guardian has reported, it was physically a matter of a systems engineer, Herve Falciani, prepping tens of thousands of client accounts right at his desk, fleeing to France (from where he, as a French citizen, can't be extradited) and downloading them to five hard disks. What's now being called the biggest bank leak in history was just that easy, and the standard maelstrom of condemnation and calls for investigation has followed.
To some extent, I suspect this style of threat—and not foreign hackers spoofing their location and IP eight times over—could become the norm for financial services. Indeed most technologists we speak to, particularly on the buy side, continue to argue that their greatest worry in terms of data security is their own staff either opening malware in an email without knowing it, or walking off with information they shouldn't be permissioned to because of a change of heart about the business they're in.
Fogginess
This danger, like the HSBC files, raises some interesting practical and even ethical questions—far more so than the Target or Sony hacks that have a clear antagonist, and were clearly avoidable.
To the former issue, locking down every last piece of data would make life for a typical investment management firm operationally difficult, if not impossible. All the more so if you're personnel-constrained or have aspirations to provide serious mobile functionality, as many do. It's a matter of expectations creep and technical lag.
While I'm not exactly as strong as Glenn Greenwald on the latter issue, far from it, from an ethical standpoint there might well be legitimate reasons, in very specific instances, to heist information from one's own firm and hand that data to governmental authorities or the press, as well. I doubt any CTO would admit to that priority being on his or her mind, quite the opposite actually, though deep down we can all imagine such circumstances.
Whether Mr. Falciani—who, like Edward Snowden, is a colorful character—had reasons rising to that level of compulsion is debatable. But the HSBC breach certainly adds a new twist to a topic that was already front-of-mind in 2015.
In any case, we look forward to examining this area, both with technical nuance and from a business standpoint, in April. Any firms looking to contribute their outlook should certainly give a shout, at timothy.murray@incisivemedia.com or on 646 490 3968.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@waterstechnology.com
More on Emerging Technologies
Hub to lay off 20% of staff, sources say
Hub’s CEO says this is simply a case of a startup trying to stay nimble and efficient; others say it points to deeper issues.
Fighting FAIRR: Inside the bill aiming to keep AI and algos honest
The Financial Artificial Intelligence Risk Reduction Act seeks to fix a market abuse loophole by declaring that AI algorithms do not have brains.
Waters Wrap: The rise of AI washing… and regulation washing?
The SEC recently levied fines against two investment advisors over “AI washing”. Anthony takes issue with the announcement.
This Week: Brown Brothers Harriman, BNY Mellon/Nvidia, Cboe, Eurex, and more
A summary of the latest financial technology news.
This Week: SS&C unveils T+1 preparedness scorecard; S&P/DTCC; SmartStream & more
A summary of the latest financial technology news.
The bank quant who wants to stop genAI hallucinating
Former Wells Fargo model risk chief Agus Sudjianto thinks he has found a way to validate large language models.
Prepare now for the inevitable: T+1 isn’t just a US challenge
The DTCC’s Val Wotton believes that firms around the globe should view North America’s move to T+1 as an opportunity—because it’s inevitable.
Man Group’s proprietary data platform is a timesaver for quants
The investment firm’s head of data delves into its alt data strategy and use of AI tools to boost quant efficiency.
Most read
- Women in Technology & Data Awards 2024: All the winners and why they won
- Witad Awards 2024: Above and beyond award (vendor)—Susan Bennett, Tradeweb
- Fighting FAIRR: Inside the bill aiming to keep AI and algos honest