Hack attack or cyberspionage

As I started writing this blog, yet another major hack has occurred; data for about four million US Federal employees (over 1% of the overall US population) was stolen--in what is certainly a criminal act, and potentially an act of "cyberspionage", if not an act of 21st century warfare. It is interesting to consider whether we are actually in the beginning of a new cold war, as state actors attack, both commercial and government organizations to harass. Is the purpose criminal, to utilize major data sets for criminal gain, or to learn more about one’s enemy? To bring the focus to the financial services vertical, it is clear that ever increasing vigilance is required to defend the banking perimeter, but what needs to be done on the capital market side? The threats of theft of money, theft of confidential information, and the loss of reputational are shared by every industry, and capital market participants are no different. Moreover, there are additional concerns that are specific to the capital markets, which include:

Control loss at an execution venue
Spoofing attacks that create false liquidity or deter liquidity
Wealth destroying false news
Central depositories & clearing houses data attacks

To meet these myriad concerns, the challenge is talent. I do not think we have enough former NSA employees and hackers that want to come to the good side to meet the demand required. The solution for cyber protection of the capital markets will come from a number of directions: greater cross industry efforts to share insights and knowledge about known intrusion vectors; greater development of big data tools to overlay simple rules based approaches—given the incredible amount of false positives for intrusion, and hence the natural inclination to begin ignoring data; increased focus on holistic risk assessment encompassing internal and external resources; working closely with infrastructure and telecom/data providers to monitor traffic across networks; development of AI tools that help market participants stay a step ahead of the dark side, allowing robust technology defences that can respond. Please see these recent Celent reports for more information: