A Change in the Wind: Trading Firms More Willing to Discuss Cyber Tactics
firms are more willing to talk about cyber security to gain knowledge.

I had a pretty good idea on December 8 last year that cyber security was going to be a big deal for capital markets firms in the New Year.
That day, we held our annual Waters USA conference, which brings together CIOs and CTOs from across the industry, both buy and sell side. I was responsible for chairing the opening C-Level panel, prior to which, we-the four CIOs and I-debated, during a conference call, the topics we should focus on during the planned 45-minute panel discussion. When the topic of cyber security came up, everybody was onboard, while at the event itself, several panels focused on cyber-related topics.
This is a departure from years past. My contacts had never wanted to delve into security-at least not in a public forum-because they were worried that they might inadvertently taunt hackers to take aim at their firm (consider the environment during the Occupy Wall Street movement), or because they felt that they didn't know enough about it to talk on the subject.
This has changed as the headlines being made, and the questions coming from board members and investors, alike, are more prevalent. Vulnerabilities like Heartbleed and Shellshock are now front-page events that demand attention.
As one CIO told me, "You can't have clients calling in and asking if our defenses are tight and have them go, ‘What do you mean?' You have to prepare talking points and ensure that the call center is ready to take those calls. It's more of a PR event. That's the phenomenon that has changed in recent years-if something comes out and it hits the press, it goes into another dimension of priority."
The VP of sales doesn't give a damn that I have to do these patches. As far as they're concerned, their projects are ‘light switches' and the light had better go on when they ask for something.
All Is Not Lost
It's easy to take on something of a nihilistic view point when it comes to defending one's environment against hackers. Take, for example, a distributed denial of service (DDoS) attack. Sure, the hackers aren't targeting information-rather, they'll shut down websites and prevent people from transacting online-although, as one security expert explained to me, DDoS attacks are often used to divert attention from a back-door infiltration. Essentially, the DDoS attack is like a boxer's jab-it's used to distract you and keep you off balance so that you don't see the cross coming before it lands on your chin. How do you stop something like that?
The good thing, though, is that there are not territorial fights that exist nowadays when it comes to security. If the security group says that XYZ changes need to be made, there won't be much push back.
But, as I alluded to in my feature on patching on page 30, the IT team can feel like it's being pulled in all directions. Every week, the business side of the company wants more enhancements on their systems, and their clients don't want to hear that they have to wait on an upgrade because they're busy testing a patch.
Technology and operations always have to run their own back-ups, upgrades and apply patches. Sometimes they require extensive, time-consuming testing, depending on how virulent the potential harm could be. That can lead to IT having to tell the business or clients that those changes they had promised a week ago are going to have to be pushed back. Such mission-critical tasks go all the way to the CEO, and when you're in IT, you don't want the CEO poking around in the dungeon.
As one executive told me, there's just never enough time. And as hackers have become more sophisticated, time has become an increasingly valuable commodity.
"Time is a killer," the executive explained. "There just isn't enough time to get all the changes into the environment that clients want and that IT wants. The VP of sales doesn't give a damn that I have to do these patches. As far as they're concerned, their projects are ‘light switches' and the light had better go on when they ask for something."
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@waterstechnology.com
More on Emerging Technologies
Waters Wavelength Ep. 315: Company names and the loans market
This week, Reb, Nyela, and Shen talk about unimaginative company names and then address some challenges in the loans market.
Deutsche Bank delivers AI, client insights with ‘muscle memory’
Voice of the CTO: The German bank is taking finely honed skills and capabilities and deploying them for new and emerging use cases.
Study: RAG-based LLMs less safe than non-RAG
Researchers at Bloomberg have found that retrieval-augmented generation is not as safe as once thought. As a result, they put forward a new taxonomy to help firms mitigate AI risk.
M&A activity, syndicated loans, a new tariff tool, and more
The Waters Cooler: LSEG and LeveL Markets partner for new order type, QuantHouse gets sold to Baha Tech, and Fitch Ratings has a new interactive tool in this week’s news roundup.
Nasdaq, AWS offer cloud exchange in a box for regional venues
The companies will leverage the experience gained from their relationship to provide an expanded range of services, including cloud and AI capabilities, to other market operators.
OCC’s security chief on generative AI with guardrails
Clearinghouse looks to scale technology across risk and data operations—but safety is still the watchword.
Bank of America reduces, reuses, and recycles tech for markets division
Voice of the CTO: When it comes to the old build, buy, or borrow debate, Ashok Krishnan and his team are increasingly leaning into repurposing tech that is tried and true.
Waters Wavelength Ep. 313: FIS Global’s Jon Hodges
This week, Jon Hodges, head of trading and asset services for Apac at FIS Global, joins the podcast to talk about how firms in Asia-Pacific approach AI and data.