Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk Management

12:35 PM
Ivy Schmerken
Ivy Schmerken
Connect Directly

In Fight Against Hacktivists, Financial Firms Need Layers of Security

Cybersecurity experts urge firms to upgrade firewalls and beware of disgruntled ex-employees.

Financial services firms eyeing the world of cybercrime and hacktivists may think the chances of this happening to them are remote. Most businesses, certainly banks and Wall Street firms, are investing in security through technologies to protect against threats. In fact, according to experts, security is a board-level responsibility. However, some companies are lulled into a false sense of security.

“By and large, the sad truth is that the biggest obstacle to doing anything is they don’t think it can happen to them,” says A.N. Ananth, CEO of EventTracker, a provider of log management solutions focused on the security information and event management space (SIEM). “But they are also trying from the outside to get through your firewall,” says Ananth. “They attack the place where you have your weakest defense,” he adds. His firm’s solution is to record audit logs and to send out notifications when there are abnormal patterns.

Businesses need to “go back to basics and have a full risk management regime,” advises Karl Smith, head of Cyber Security Assurance Services at British Telecom in an interview. As attacks become more sophisticated, it’s important for financial firms patch their systems and install the latest firewall technologies, experts said. Information Assurance, a UK security organization, found that businesses were not patching systems effectively and were not monitoring and were looking at the logs, noted Smith. Also, firms need to install next generation firewalls and proxy servers. “As threats become more persistent and agile and targeted, they can bypass traditional controls,” added Smith. He cites Fire Eye, a new defensive technology that blocks Internet-born malware. It looks at the threat, unpacks the threat and blocks outbound communications.

“It’s all about layers of security,” comments Steve Schoener, VP of Client Technology at Eze Castle Integration, an IT consulting firm that hosts applications in a private cloud for hedge funds and other investment firms. Intrusion detection and intrusion prevention software can be installed on the network. “The most dangerous hacker isn’t the one that takes down your web site, but implants a virus and very quietly sits there and watches your data,” said Schoener. Today’s hackers are more sophisticated and more targeted. If they wanted to specifically go after a hedge fund or a specific firm, they would do research to figure out who the people are inside. “They would seek their email addresses, hunt information ahead of time,” according to Schoener.

ECI partners with a third party to run intrusion detection and intrusion prevention. Schoener contends that hedge funds are better off outsourcing the security to a third party. “We’re able to provide a higher level of security on our platforms than individual firms are doing themselves,” claimed Schoener.

The two most frequent ways of getting into an organization are by manipulating employees to click on a link or an attachment that infects the employee’s computer and give the hacktivist access, according to Joram Borenstein, VP of NICE Actimize, the financial crime, risk and compliance solutions provider. The second way is from machines that aren’t patched. “Vulnerabilities exist such as unpatched desktops and unpatched severs which are the underbellies of the organization,” said Bernstein.

Insider threats such the disgruntled employee also need to be considered, said Ananth. As examples, he cites the cases of Bradley Manning, a U.S. Army soldier who was arrested in May 2010 on suspicion of passing classified information the web site Wikileaks , and more recently that of Edward Snowden, a private contractor for the National Security Agency (NSA) who disclosed the intelligence agency’s top-secret data mining activities, both of which had privileges. Manning was able to download large amounts of data onto blank CDs and when he walked pasted the security guy he called it “Lady Gaga,” said Ananth. Wall Street firms, which have downsized since the crisis of 2008, are not immune from disgruntled network administrators who try devious methods to get revenge, said Ananth.

Ivy is Editor-at-Large for Advanced Trading and Wall Street & Technology. Ivy is responsible for writing in-depth feature articles, daily blogs and news articles with a focus on automated trading in the capital markets. As an industry expert, Ivy has reported on a myriad ... View Full Bio
More Commentary
A Wild Ride Comes to an End
Covering the financial services technology space for the past 15 years has been a thrilling ride with many ups as downs.
The End of an Era: Farewell to an Icon
After more than two decades of writing for Wall Street & Technology, I am leaving the media brand. It's time to reflect on our mutual history and the road ahead.
Beyond Bitcoin: Why Counterparty Has Won Support From Overstock's Chairman
The combined excitement over the currency and the Blockchain has kept the market capitalization above $4 billion for more than a year. This has attracted both imitators and innovators.
Asset Managers Set Sights on Defragmenting Back-Office Data
Defragmenting back-office data and technology will be a top focus for asset managers in 2015.
4 Mobile Security Predictions for 2015
As we look ahead, mobility is the perfect breeding ground for attacks in 2015.
Register for Wall Street & Technology Newsletters
Inside Abel Noser's Trading Floor
Inside Abel Noser's Trading Floor
Advanced Trading takes you on an exclusive tour of Abel Noser's New York trading floor, where the agency broker known for transaction cost analysis, is customizing algorithms for the buy side, while growing its fixed income trading and transitions business.