The Walls Really Do Have Ears
The awful inevitability of cyberattack—and how the threats are only growing
This is, in no small part, due to the fact that the bad guys are so varied. Criminal gangs use cyberattacks to siphon and extort money from the populace, the digital equivalent of a knife-point mugging in a New York alleyway. Meanwhile the more advanced, organized elements have figured out ways to infiltrate the world’s payment systems, and nation states are linked with attacks that have brought down hospitals, nuclear bunkers and infrastructure.
Recently, I was sat behind two very senior, very experienced cybersecurity specialists—one who had spent his career in government, one in finance—waiting for a conference panel to start.
“People just want a problem to solve, especially in finance, and it’s hard to tell them that this is not a problem that can be just solved,” said one to the other. “Especially when it comes to nation states, when you have 40,000 people sitting on keyboards against you. No private-sector entity can stop a state-sponsored hack.”
Most conversations with cybersecurity specialists tend to come back to this central point, which is that you simply can’t avoid cyberattacks, and that they are going to happen at some point. Preventative measures are important, but it’s almost impossible to guard against every threat vector. Likening it to close protection of public figures, a former Federal Bureau of Investigation cyber agent once told me: “If somebody wants to shoot the US president, they will. The difference is that they’re going to get shot, too, but you can’t stop a fanatic.”
Then it becomes an issue of getting in the way of the bullet, so to speak, and minimising the damage.
The problem with cybersecurity these days is that there may not be a Lee Harvey Oswald sitting in a sixth-floor window, waiting to take his shot. Rather, the threat sits on USB sticks and fitness bands, in kitchens and even in the very plumbing of a building. Bring your own device used to make information security officers think that employees were carrying ticking bombs in their pockets, via their BlackBerrys and iPhones. Now they’re putting them on their desks through the Internet of Things (IoT).
Waters reporter Emilia David has a fascinating feature on IoT and cybersecurity coming out next week, so keep your eyes peeled for that. But with the latest rash of attacks through WannaCry affecting hospitals, and most recently, car plants, there is a general sense of unease that a sophisticated attack might infect exchanges, brokers or—heavens forbid—clearing houses and spread like wildfire through the financial system.
As such, serious questions might need to be asked about what’s being brought into a firm’s systems, and how those threats can be mitigated. Quantifying the benefits of this is important. Cyber risk has been creeping towards the top of the business agenda for a while, but there is still a sense among many firms I speak to that it’s a hard sell. Why spend millions on cyber defense when it’s not going to generate returns on that investment?
Finding a way to measure that benefit in dollars and cents, before the true cost of a cyberattack hits home, would seem to be a key challenge.
This week on Buy-Side Technology:
- Phones, excel spreadsheets and cut-and-paste axe lists transmitted through Bloomberg messages. No, we’re not back in the Nineties, we’re talking about the European credit repo market, which at least one industry group thinks is ripe for technology to come and do its thing. Oddly enough, though, it kinds of works as it is.
- The Markets in Financial Instruments Directive (Mifid II) continues to extend its reach across trading firms, and Eze Software Group is the latest to lay claim to solving the unbundling crisis through the launch of its new platform. This one’s in the cloud.
- If you think cyber risk is scary, wait until you hear about artificial intelligence. Alright, drone-camera footage of mall parking lots isn’t the stuff of nightmares, but Anthony Malakian has a nice piece here on how machine learning and similar techniques may be a new arms race among the more technologically minded shops.
- Meanwhile, IHS Markit and Deloitte have partnered for… wait for it… Mifid II. This one’s around client communications.
- Startup Quantave also wants to put some good old-fashioned regulatory wrappers around the Wild West of the digital currencies market, given the problematic scenario at present where exchanges tend to be venues, custodians and often brokers in one. I’m actually keen to speak further on the topic of digital currencies becoming an institutional-grade asset class, so if anyone has any thoughts, get in touch. You can shoot me an email on james.rundle@incisivemedia.com or call me on 646-490-3974.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@waterstechnology.com
More on Emerging Technologies
This Week: SS&C unveils T+1 preparedness scorecard; S&P/DTCC; SmartStream & more
A summary of the latest financial technology news.
The bank quant who wants to stop genAI hallucinating
Former Wells Fargo model risk chief Agus Sudjianto thinks he has found a way to validate large language models.
Prepare now for the inevitable: T+1 isn’t just a US challenge
The DTCC’s Val Wotton believes that firms around the globe should view North America’s move to T+1 as an opportunity—because it’s inevitable.
Man Group’s proprietary data platform is a timesaver for quants
The investment firm’s head of data delves into its alt data strategy and use of AI tools to boost quant efficiency.
Waters Wavelength Podcast: An exploration of the DeFi world
Daniel Liebau from Lightbulb Capital joins the podcast and dives into DeFi.
Nasdaq CEO: GenAI ‘a whole new opportunity’
Nasdaq CEO Adena Friedman and other top execs outlined a range of use cases for generative AI and other emerging technologies during its Investor Day.
Native digital assets—a Kodak moment for financial services
Ian Hunt argues that ignoring a new business model for investment products, assets, transactions and asset servicing could sentence financial firms to the same fate as the fallen film photography giant.
This Week: Overbond, Northern Trust, FIS/Torstone, Trading Technologies, and more
A summary of the latest financial technology news.
Most read
- Women in Technology & Data Awards 2024: All the winners
- Man Group’s proprietary data platform is a timesaver for quants
- Dark horse: Deutsche Börse building dark pool