Risk Management

12:35 PM
Ivy Schmerken
Ivy Schmerken
Commentary
Connect Directly
Facebook
Google+
Twitter
RSS
E-Mail
50%
50%

In Fight Against Hacktivists, Financial Firms Need Layers of Security

Cybersecurity experts urge firms to upgrade firewalls and beware of disgruntled ex-employees.

Financial services firms eyeing the world of cybercrime and hacktivists may think the chances of this happening to them are remote. Most businesses, certainly banks and Wall Street firms, are investing in security through technologies to protect against threats. In fact, according to experts, security is a board-level responsibility. However, some companies are lulled into a false sense of security.

“By and large, the sad truth is that the biggest obstacle to doing anything is they don’t think it can happen to them,” says A.N. Ananth, CEO of EventTracker, a provider of log management solutions focused on the security information and event management space (SIEM). “But they are also trying from the outside to get through your firewall,” says Ananth. “They attack the place where you have your weakest defense,” he adds. His firm’s solution is to record audit logs and to send out notifications when there are abnormal patterns.

Businesses need to “go back to basics and have a full risk management regime,” advises Karl Smith, head of Cyber Security Assurance Services at British Telecom in an interview. As attacks become more sophisticated, it’s important for financial firms patch their systems and install the latest firewall technologies, experts said. Information Assurance, a UK security organization, found that businesses were not patching systems effectively and were not monitoring and were looking at the logs, noted Smith. Also, firms need to install next generation firewalls and proxy servers. “As threats become more persistent and agile and targeted, they can bypass traditional controls,” added Smith. He cites Fire Eye, a new defensive technology that blocks Internet-born malware. It looks at the threat, unpacks the threat and blocks outbound communications.

“It’s all about layers of security,” comments Steve Schoener, VP of Client Technology at Eze Castle Integration, an IT consulting firm that hosts applications in a private cloud for hedge funds and other investment firms. Intrusion detection and intrusion prevention software can be installed on the network. “The most dangerous hacker isn’t the one that takes down your web site, but implants a virus and very quietly sits there and watches your data,” said Schoener. Today’s hackers are more sophisticated and more targeted. If they wanted to specifically go after a hedge fund or a specific firm, they would do research to figure out who the people are inside. “They would seek their email addresses, hunt information ahead of time,” according to Schoener.

ECI partners with a third party to run intrusion detection and intrusion prevention. Schoener contends that hedge funds are better off outsourcing the security to a third party. “We’re able to provide a higher level of security on our platforms than individual firms are doing themselves,” claimed Schoener.

The two most frequent ways of getting into an organization are by manipulating employees to click on a link or an attachment that infects the employee’s computer and give the hacktivist access, according to Joram Borenstein, VP of NICE Actimize, the financial crime, risk and compliance solutions provider. The second way is from machines that aren’t patched. “Vulnerabilities exist such as unpatched desktops and unpatched severs which are the underbellies of the organization,” said Bernstein.

Insider threats such the disgruntled employee also need to be considered, said Ananth. As examples, he cites the cases of Bradley Manning, a U.S. Army soldier who was arrested in May 2010 on suspicion of passing classified information the web site Wikileaks , and more recently that of Edward Snowden, a private contractor for the National Security Agency (NSA) who disclosed the intelligence agency’s top-secret data mining activities, both of which had privileges. Manning was able to download large amounts of data onto blank CDs and when he walked pasted the security guy he called it “Lady Gaga,” said Ananth. Wall Street firms, which have downsized since the crisis of 2008, are not immune from disgruntled network administrators who try devious methods to get revenge, said Ananth.

Ivy is Editor-at-Large for Advanced Trading and Wall Street & Technology. Ivy is responsible for writing in-depth feature articles, daily blogs and news articles with a focus on automated trading in the capital markets. As an industry expert, Ivy has reported on a myriad ... View Full Bio
Comment  | 
Print  | 
More Insights
More Commentary
Could Intel Lose Data Center Market Share to ARM Chips?
ARM chips could be an alternative for certain purposes in the datacenter, but many questions have to be answered before they pose a threat to Intel's market dominance.
Cost to Trade: Hey, Banks, Itís Time to Face the Music
Why is calculating the cost to trade so difficult for banks? The answer is as complex as the calculations themselves.
M&A Activity Will Continue to Grow in 2015
Data shows that the M&A market continues to improve, and forecasts indicate deal making will be healthy in 2015.
Chief Data Officers: Organization Strategy & Cultural Change
Chief data officers are new to the financial services C-suite, but they are facing a number of challenges, including the need for new data governance and execution strategies, staffing, and new organizational structures to enable cultural change.
New York FinTech Innovation Lab Calls for New Entrepreneurial Applicants
Wells Fargo joins 14 other major financial institutions providing mentoring and guidance to the six chosen startups.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - Elite 8, October 2014
The in-depth profiles of this year's Elite 8 honorees focus on leadership, talent recruitment, big data, analytics, mobile, and more.
Video
Inside Abel Noser's Trading Floor
Inside Abel Noser's Trading Floor
Advanced Trading takes you on an exclusive tour of Abel Noser's New York trading floor, where the agency broker known for transaction cost analysis, is customizing algorithms for the buy side, while growing its fixed income trading and transitions business.