Security

12:18 PM
Connect Directly
Facebook
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Quantum Dawn 2: The Aftermath

With cyber attacks being one of the biggest threats to financial institutions, cyber exercises like Quantum Dawn 2 and other security measures become imperative.

Wall Street was hit by series of simulated cyber attacks, dubbed Quantum Dawn 2, coordinated by Securities Industry and Financial Markets Association (SIFMA), last week.

With banks being the one of the top targets of cyber attacks, ranging from spear phishing to denial-of-service, it's no wonder about 50 financial institutions such as JPMorgan Chase, Bank of America, and Citigroup participated in the excercise. SIFMA will only share data on Quantum Dawn 2 with the trade association's members, according to a SIFMA spokesperson.

[Read: Cybercrime On Wall Street to learn more about cybersecurity in financial services.]

The U.S. Department of the Treasury, Securities & Exchange Commission, Department of Homeland Security (DHS) and the Federal Bureau of Investigation also participated. Representatives from the Treasury, DHS all declined to comment on the results of the excercise.

"This exercise gave participants the opportunity to run through their crisis response procedures, practice information sharing and refine their protocols relating to a systemic cyber attack," said Karl Schimmeck, vice president of financial services operations at SIFMA, in a statement after the exercise.

Approximately 500 people from the participating organizations looked for indications of an attack, such as irregular trading behavior or malware. The participants monitored the simulation from their own locations and communicated with one another to resolve problems.

The exercise tool used for this process, Distributed Environment for Critical Infrastructure Decision-making Exercises - Finance Sector (DECIDE-FS), was improved from the original Quantum Dawn in 2011. DECIDE-FS is apart of Department of Homeland Security's DECIDE program .

Cyber attacks range from just attaching malware to a site to targeting a specific user, says Erin Nealy Cox, executive managing director at Stroz Friedberg a cybersecurity consulting firm.

A hacker using a targeted attack would know what kinds of websites or links the user would click on so all they would have to do is attach malware that could penetrate the sustems. Most malware gets detected. However, as they get more complex, anti-virus protection may not always notice them.

"It's about making sure that you have the tools and the people and the strategic thinking about how you need to approach your network's security," say Cox. "So you have got to have people that are dedicated and vigilant about watching your network."

Protecting the network is not the only active way to be watchful of cyberattacks, says Cox. According to Cox, employees clicking on pages with malware can be the weakest link to any company's security strategy.

Having the right people and strategy implemented for training your employees to be mindful of the types of sites that could contain threats is even more important, adds Cox. Zarna Patel is a staff writer for InformationWeek's Financial Services brands, which include Bank Systems & Technology, Insurance & Technology and Wall Street & Technology. She received her B.A. in English and journalism from Rutgers University College of Arts and Sciences in ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Zarna Patel
50%
50%
Zarna Patel,
User Rank: Author
7/24/2013 | 5:23:09 PM
re: Quantum Dawn 2: The Aftermath
Yes I was wondering the same thing myself. Financial institutions within the test were suppose to work together. Whether they did is unclear. If they did, brokers and exchanges outside the test may be even more curious.
IvySchmerken
50%
50%
IvySchmerken,
User Rank: Author
7/23/2013 | 7:39:04 PM
re: Quantum Dawn 2: The Aftermath
Sharing some information with brokers that didn't participate in Quantum Dawn 2 would bring them into the loop and help them make their companies more secure. Since brokers and exchanges are all interconnected, one weak link can ripple through the system.
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Apprentice
7/22/2013 | 9:18:58 PM
re: Quantum Dawn 2: The Aftermath
It is interesting that SIFMA will only share information with its own members. When it comes to data security, most experts say that sharing information and data between public and private organizations is vital.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - July 2014
In addition to regular audits, the SEC will start to scrutinize the cyber-security preparedness of market participants.
Video