July 22, 2013

Wall Street was hit by series of simulated cyber attacks, dubbed Quantum Dawn 2, coordinated by Securities Industry and Financial Markets Association (SIFMA), last week.

With banks being the one of the top targets of cyber attacks, ranging from spear phishing to denial-of-service, it's no wonder about 50 financial institutions such as JPMorgan Chase, Bank of America, and Citigroup participated in the excercise. SIFMA will only share data on Quantum Dawn 2 with the trade association's members, according to a SIFMA spokesperson.

[Read: Cybercrime On Wall Street to learn more about cybersecurity in financial services.]

The U.S. Department of the Treasury, Securities & Exchange Commission, Department of Homeland Security (DHS) and the Federal Bureau of Investigation also participated. Representatives from the Treasury, DHS all declined to comment on the results of the excercise.

"This exercise gave participants the opportunity to run through their crisis response procedures, practice information sharing and refine their protocols relating to a systemic cyber attack," said Karl Schimmeck, vice president of financial services operations at SIFMA, in a statement after the exercise.

Approximately 500 people from the participating organizations looked for indications of an attack, such as irregular trading behavior or malware. The participants monitored the simulation from their own locations and communicated with one another to resolve problems.

The exercise tool used for this process, Distributed Environment for Critical Infrastructure Decision-making Exercises - Finance Sector (DECIDE-FS), was improved from the original Quantum Dawn in 2011. DECIDE-FS is apart of Department of Homeland Security's DECIDE program .

Cyber attacks range from just attaching malware to a site to targeting a specific user, says Erin Nealy Cox, executive managing director at Stroz Friedberg a cybersecurity consulting firm.

A hacker using a targeted attack would know what kinds of websites or links the user would click on so all they would have to do is attach malware that could penetrate the sustems. Most malware gets detected. However, as they get more complex, anti-virus protection may not always notice them.

"It's about making sure that you have the tools and the people and the strategic thinking about how you need to approach your network's security," say Cox. "So you have got to have people that are dedicated and vigilant about watching your network."

Protecting the network is not the only active way to be watchful of cyberattacks, says Cox. According to Cox, employees clicking on pages with malware can be the weakest link to any company's security strategy.

Having the right people and strategy implemented for training your employees to be mindful of the types of sites that could contain threats is even more important, adds Cox.

ABOUT THE AUTHOR
Zarna Patel is a staff writer for InformationWeek's Financial Services brands, which include Bank Systems & Technology, Insurance & Technology and Wall Street & Technology. She received ...