Exchanges

00:00 AM
Commentary
Commentary
Commentary
50%
50%

Capital Markets Outlook 2012

Battered and bruised by a difficult 2011, Wall Street faces another challenging year. We examine 10 critical issues that will set the agenda at capital markets firms in 2012.

Data Security

Even as attacks grow more sophisticated, financial services firms must strengthen data security while improving the financial services experience and increasing anytime, anywhere access for clients, employees and partners.

By Melanie Rodier

Why It's Important: Financial firms increasingly have been under siege from hackers, not to mention the internal threat posed by rogue traders. Intruders earlier this year hacked Nasdaq's systems, leaving suspicious files on the exchange's servers and gaining access to highly confidential data on publicly listed companies, and the NYSE barely withstood an attack in October by hacker group Anonymous. Citigroup and the International Monetary Fund also were targeted by cyber criminals this year. In 2011, according to a Ponemon Institute report (based on the breach experiences of 51 U.S. companies from 15 industries), the cost of a data breach reached $214 per compromised record and averaged $7.2 million per breach. Malicious attacks were the root cause of 31 percent of the data breaches studied, up from 24 percent in 2009 and 12 percent in 2008. And one need not look beyond the headlines to understand the potential costs of insider fraud. In the meantime, the recent hacker wave has prompted calls from the White House and the SEC for more stringent data protection laws.

Where the Industry Is Now: Cyber experts warn that financial institutions have inadequate defenses (due in part to the financial crisis). "In the past year, the biggest challenge or the most insidious threat has been from malware packages," says Ben Knieff, director of product marketing at security software firm Actimize. "They can allow a hacker to gain access to corporate resources and look as if they are a legitimate portal user."

Meanwhile, the sharp increase in use of personal smartphones at work has created a vulnerability and led to a dramatic rise in attacks. Mobile phones have seen a sudden rise in "smishing," in which attackers send SMS messages with a link attached, urging a user to check out a picture or a game. When clicked, the link downloads malware onto the phone. The rise of mobile apps also has led to a wave of new attacks, as users rarely check out an application developer's credentials before downloading an app, which could, if left unchecked, download malware on a phone.

Focus In 2012: In addition to proven IT security methods -- such as penetration testing, in which a firm asks a "white hat" hacker to attempt to break through a firewall; one-time passwords; and access management controls -- firms are looking to new security technologies and methods, such as hardening endpoint security. Many vendors are focusing on behavioral activity, trying to understand how and when users typically use their computers and perform transactions; if any activity deviates from the norm, the system sends an alert.

A number of vendors offer "hardened" browsers that execute only certain files or lock down which websites a browser can access. "They can flush out any attempt to install malware," explains Knieff. But the end-user experience can be awkward, discouraging use -- often, end users must insert a USB key into their computers to utilize a hardened browser.

Other vendors are focusing on security automation. When an attack or breach is suspected, new systems, such as Guidance Software's EnCase solution, automatically trigger a forensic response, including exposing, collecting, triaging and remediating data related to threats. On the mobile front, firms are increasingly putting the same security controls on mobile devices as on laptops. Vendors also are experimenting with the opportunities that smartphones provide, including front-facing cameras, which would enable iris recognition, for example.

Industry Leaders: According to a Gartner Research poll of 76 U.S. banks, two-thirds planned to increase spending on fraud-detection and authentication systems in 2012. Nasdaq recently raised its cost projections for 2012, attributing a $25 million to $30 million increase at least partly to an increase in information security costs.

Technology Providers: Providers of network and data security solutions include Actimize, Guidance Software, IronKey, Virtela and many other specialized providers.

Price Tag: The cost of an effective security platform depends on a firm's current technology and risk, but it can range from tens of thousands of dollars to millions of dollars. Before devising a data security strategy, banks first must assess their risks and the potential consequences of a breach; then they must assess their existing tools and controls to identify weak points. The price tag on holistic fraud prevention includes external expenses (i.e., vendor software and implementation services) as well as internal development/integartion costs.

Previous
7 of 11
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
More Commentary
A Wild Ride Comes to an End
Covering the financial services technology space for the past 15 years has been a thrilling ride with many ups as downs.
The End of an Era: Farewell to an Icon
After more than two decades of writing for Wall Street & Technology, I am leaving the media brand. It's time to reflect on our mutual history and the road ahead.
Beyond Bitcoin: Why Counterparty Has Won Support From Overstock's Chairman
The combined excitement over the currency and the Blockchain has kept the market capitalization above $4 billion for more than a year. This has attracted both imitators and innovators.
Asset Managers Set Sights on Defragmenting Back-Office Data
Defragmenting back-office data and technology will be a top focus for asset managers in 2015.
4 Mobile Security Predictions for 2015
As we look ahead, mobility is the perfect breeding ground for attacks in 2015.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - Elite 8
The in-depth profiles of this year's Elite 8 honorees focus on leadership, talent recruitment, big data, analytics, mobile, and more.
Video
Exclusive: Inside the GETCO Execution Services Trading Floor
Exclusive: Inside the GETCO Execution Services Trading Floor
Advanced Trading takes you on an exclusive tour of the New York trading floor of GETCO Execution Services, the solutions arm of GETCO.