Risk Management

12:35 PM
Ivy Schmerken
Ivy Schmerken
Commentary
Connect Directly
Facebook
Google+
Twitter
RSS
E-Mail
50%
50%

In Fight Against Hacktivists, Financial Firms Need Layers of Security

Cybersecurity experts urge firms to upgrade firewalls and beware of disgruntled ex-employees.

Financial services firms eyeing the world of cybercrime and hacktivists may think the chances of this happening to them are remote. Most businesses, certainly banks and Wall Street firms, are investing in security through technologies to protect against threats. In fact, according to experts, security is a board-level responsibility. However, some companies are lulled into a false sense of security.

“By and large, the sad truth is that the biggest obstacle to doing anything is they don’t think it can happen to them,” says A.N. Ananth, CEO of EventTracker, a provider of log management solutions focused on the security information and event management space (SIEM). “But they are also trying from the outside to get through your firewall,” says Ananth. “They attack the place where you have your weakest defense,” he adds. His firm’s solution is to record audit logs and to send out notifications when there are abnormal patterns.

Businesses need to “go back to basics and have a full risk management regime,” advises Karl Smith, head of Cyber Security Assurance Services at British Telecom in an interview. As attacks become more sophisticated, it’s important for financial firms patch their systems and install the latest firewall technologies, experts said. Information Assurance, a UK security organization, found that businesses were not patching systems effectively and were not monitoring and were looking at the logs, noted Smith. Also, firms need to install next generation firewalls and proxy servers. “As threats become more persistent and agile and targeted, they can bypass traditional controls,” added Smith. He cites Fire Eye, a new defensive technology that blocks Internet-born malware. It looks at the threat, unpacks the threat and blocks outbound communications.

“It’s all about layers of security,” comments Steve Schoener, VP of Client Technology at Eze Castle Integration, an IT consulting firm that hosts applications in a private cloud for hedge funds and other investment firms. Intrusion detection and intrusion prevention software can be installed on the network. “The most dangerous hacker isn’t the one that takes down your web site, but implants a virus and very quietly sits there and watches your data,” said Schoener. Today’s hackers are more sophisticated and more targeted. If they wanted to specifically go after a hedge fund or a specific firm, they would do research to figure out who the people are inside. “They would seek their email addresses, hunt information ahead of time,” according to Schoener.

ECI partners with a third party to run intrusion detection and intrusion prevention. Schoener contends that hedge funds are better off outsourcing the security to a third party. “We’re able to provide a higher level of security on our platforms than individual firms are doing themselves,” claimed Schoener.

The two most frequent ways of getting into an organization are by manipulating employees to click on a link or an attachment that infects the employee’s computer and give the hacktivist access, according to Joram Borenstein, VP of NICE Actimize, the financial crime, risk and compliance solutions provider. The second way is from machines that aren’t patched. “Vulnerabilities exist such as unpatched desktops and unpatched severs which are the underbellies of the organization,” said Bernstein.

Insider threats such the disgruntled employee also need to be considered, said Ananth. As examples, he cites the cases of Bradley Manning, a U.S. Army soldier who was arrested in May 2010 on suspicion of passing classified information the web site Wikileaks , and more recently that of Edward Snowden, a private contractor for the National Security Agency (NSA) who disclosed the intelligence agency’s top-secret data mining activities, both of which had privileges. Manning was able to download large amounts of data onto blank CDs and when he walked pasted the security guy he called it “Lady Gaga,” said Ananth. Wall Street firms, which have downsized since the crisis of 2008, are not immune from disgruntled network administrators who try devious methods to get revenge, said Ananth.

Ivy is Editor-at-Large for Advanced Trading and Wall Street & Technology. Ivy is responsible for writing in-depth feature articles, daily blogs and news articles with a focus on automated trading in the capital markets. As an industry expert, Ivy has reported on a myriad ... View Full Bio
Comment  | 
Print  | 
More Insights
More Commentary
No Screwups, Please, We’re Banks
Changing a bank's culture is not going to happen overnight, but having the right tools and levers in house will surely make a big difference over time.
You’re Doing BYOD Wrong: These Numbers Prove It
Almost 40% of users who connect personal mobile devices to corporate networks have no lock-screen mechanism set in place.
Citibank Brazil Deploys Award-Winning BPM Solution: Now What?
Citibank Brazil automated commercial customer onboarding and reduced cycle time by 70%. But how can a global organization harness the successes of its islands of solutions?
The Focus on Data Security Shapes 2015 Hedge Fund Tech Trends
With tougher penalties associated with exposure of client information on the horizon, firms will need to examine the steps they must take to protect this data from attack.
Stop Using Spreadsheets for Disclosure Management, Says Linedata
The rules for aggregating and calculating disclosures vary tremendously across global jurisdictions, getting well ahead of traditional approaches. Interest in automated solutions rises.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - Elite 8, October 2014
The in-depth profiles of this year's Elite 8 honorees focus on leadership, talent recruitment, big data, analytics, mobile, and more.
Video
Inside Abel Noser's Trading Floor
Inside Abel Noser's Trading Floor
Advanced Trading takes you on an exclusive tour of Abel Noser's New York trading floor, where the agency broker known for transaction cost analysis, is customizing algorithms for the buy side, while growing its fixed income trading and transitions business.