Cyber Security and Capital Markets – From fiction to fact: the cybercrime threats of the future
CyberSecurity and Capital Markets is an increasing hot topic for 2017. Cybercrime is an existential threat that is still in its infancy and it will not go away, both for the industry and for traders and investors. This affects the personal, the professional and creates systemic risks that go from privacy, data protection, manipulation of results, fake news that can affect trading. Traders, Investors and capital markets related firms must give it their full attention.
In 2016 consumers, financial organisations, corporates, and political targets were hammered by serious high profile cyber security issues. From hacking and crashes of SWIFT, ransomware extortion attempts, phishing excursions, and DDoS attacks the list is still growing. The increasing issues of leaks, data corruption and and falke news affected the 2016 US elections and disturb now every economic and financial operations to their bone. Trading is specific an areas sensitive as we are talking about big amounts and data and these issues will have an impact in perception, markets sentiment and security and other things.
Driven by this fast growing of high-profile attacks, cybersecurity has rapidly emerged as a priority in 2017 for capital worldwide and capital markets enterprises have a task to take this very serious as it is still in its infancy and will create systemic risks and eventual disrupt markets and destroy financial organisations and traders.
Not too long ago, cyber risk was classed as a subdivision of operational risk. Firms built firewalls and installed antivirus software and assumed that this would be enough to protect their digital assets from unauthorized entities. They may have been right to assume this—hackers were unstructured, isolated, and poorly funded.
This is no longer the case as big data increases and social media and digital logins are increasingly interfering in literally everything done in business and special in capital markets. Cyber criminals have become more powerful and organized, and as digital processing power has become cheaper and more accessible will be used by industry competitors to disrupt other less digital savvy players, they are also better equipped than ever and more disruptive special for the trading and investing industry.
Traders and investors and respective companies and platforms must now defend against coordinated attacks from multiple sources, and these attacks are continually increasing in complexity, sophistication and frequency. Cybersecurity has to sit at the top of many capital markets firms’ investment agendas and it touches as well the DNA of personal investors or traders.
Cyber Security in Capital Markets report by Aite Group
Aite Group’s launched a recent report on Cyber Security in Capital Markets: The Limitation Game. This research offers and provides an overview of this ever-changing cyber security landscape with regard to types of attacks and attackers and how these translate into risks for firms operating in capital markets.
“Cyberbreaches threaten to break the trust between financial institutions and their customers,” says Will Woodward, analyst on Aite Group’s Institutional Securities & Investment team. “The attacks faced by financial institutions are dynamic and evolving, so firms’ approaches to cybersecurity should also evolve and constantly develop.”
From fiction to fact: the cybercrime threats of the future
We attached to these insights an excellent article by Jason Fry on Cyber crime.
Cybercrime was big business for fraudsters in 2016 with cybercriminals racking up an estimated £1 billion in damages to companies across the UK. But more than the ever increasing financial and reputational risks affecting the corporate and commercial sectors are the very real possibilities of cybercrime being used to execute large scale terrorist attacks, assassinations and even murders.
As programmes like ‘Humans’ and ‘West World’ play out a fictional world of cyborgs turning on mankind, we take a look at the growing number of cyber threats, both to businesses and individuals, and how fiction is quickly becoming fact. The Internet of Things and advances in artificial intelligence have created a swathe of new opportunities for criminals where complacency is, at best, commercial suicide and, at its very worst, potentially world ending.
Ransomware – a program used by fraudsters to infiltrate hardware and hold a computer and its associated data hostage until the victim pays a hefty sum for its release – has been causing huge problems for businesses across the globe and is a trend that is set to continue in 2017.
Jason Fry is a cybersecurity specialist at PAV i.t. services. He has worked with numerous corporate and independent businesses across the UK helping them to review and update their cybersecurity policies, procedures and solutions. He said:
“There seems to be no sign of this trend diminishing in the near future and certainly where ransomware is concerned the fraudsters are consistently refining and updating its capabilities resulting in versions that are even self-propagating.
“Information can now be encrypted much quicker, which can also play into the hands of the hackers. Criminals using ransomware can swiftly encrypt large amounts of data, often before a company even realises it’s under attack.”
Gaining control of an employee’s network by stealing their username and password is nothing new, but cybercriminals are no longer relying on malicious malware in order to gain access to a victim’s machine. Instead they get hold of sensitive information by using tactics such as phishing emails – an email that looks authentic, but tricks the recipient into handing over sentive information.
Robert Schifreen is a former UK-based computer hacker who was arrested in 1985 for breaching computers at British Telecom. He now runs a security awareness training programme called SecuritySmart.co.uk. He said:
“Many of today’s hackers are highly sophisticated and skilled. A criminal group may spend many months hacking millions of devices and computers across the world, ready to form them into a botnet on command, in return for a fee from a third party, to attack a chosen victim. Some of the most innovative companies are helping to thwart such attacks by offering so-called bug bounties, through which hackers and researchers can earn money by uncovering security weaknesses and responsibly disclosing them to the vendor concerned.”
Artificial Intelligence (AI)
The emerging market of driverless cars, which are also able to park themselves and be controlled remotely, along with medicines that can be self-administered by personal devices and the popularity of drones gives us an indication of the automation we can expect in our day to day lives in the future. As the market grows for such technology the possibilities for cyber criminals start to become endless.
“Cybercriminals with a more sinister agenda than breaching data in return for financial reward will be able to take advantage of technology in order to execute terrorist acts or murders. For example, by hacking medical devices to administer lethal dosages to victims.”
Robert believes this calls into question whether penalties for cybercriminals are substantial enough:
“The Computer Misuse Act of 1990 criminalised computer hacking. The maximum penalty available today under the Act is 10 years imprisonment and an unlimited fine. While this has proved a useful deterrent, successful prosecutions are rare in relation to the huge number of computer-related crimes being committed every day. The party which suffers most as the result of a large-scale hack or data breach is the victim, not just financially but primarily in terms of reputation.”
But human cybercriminals aren’t the only thing we should be worried about.
“Software that is capable of learning and not making the wrong decision more than once already exists and it will not be too long before systems can make judgements, assessments, and predictions at a much faster pace. Once machines can think for themselves the possible threats to individuals, businesses, and even countries, becomes a real and greater concern.”
So what do we do in the meantime? Jason believes the answer comes from ensuring we have sufficient knowledge to prevent such attacks in the first place:
“People are the key to preventing attacks – knowledge is everything in the current climate. Training staff and greater staff awareness are absolutely essential. One of the major issues currently facing businesses, especially those with numerous employees, is the lack of knowledge amongst staff and the ways in which cybercriminals may infiltrate their systems essentially leaving them at greater risk of falling victim to things like phishing and social engineering scams.”