Wall Street is a central hub when it comes to global financial trading, where the threat of cyber attacks is a serious concern.
The U.S.’s financial heart is a prime target for the constantly evolving array of potential cyber attacks. Cybersecurity is critical, as an attack could have huge economic and financial consequences.
“There is no 100 percent secure network out there,” Strategic Cyber Ventures CTO Ann Barron-DiCamillo told InsideSources. “You have to defend against a million exploits but an adversary only has to find one. Those are bad odds for defenders and knowing that you really have to build in resiliency into your systems.”
The New York Stock Exchange is the world’s largest by total market capitalization. Manhattan is also home to the NASDAQ, which is the second largest exchange. Exchanges all around the world face major cyber threats perpetrated for a wide range of reasons.
“The risks of failure are extremely high,” Cyber Investing Summit co-founder Andrew Chanin told InsideSources. “I think stock exchanges and financial institutions have been extremely proactive over the last several years realizing what’s at stake with failure. That being said a lot of solutions aren’t developed proactively. It’s done reactively.”
Chanin adds organizations should develop systems that can adapt to new risks as they come. The financial industry is a huge aspect of the economy as a whole, and the NYSE alone can trade tens of billions of dollars on a daily basis. Small breaches are attempted all the time, but a massive attack could have major repercussions for the entire economy.
“If an event like that were to happen there would potentially be devastating consequences,” Barron-DiCamillo said. “The economic backbone of our nation runs off these markets and exchanges. The impact associated with that type of access, undetected, is potentially catastrophic.”
The Cyber Security Expert founder Robert Pritchard doubts that a successful breach would actually cause significant economic issues. The financial industry is critically important but still only plays a part of the general economy. Exchanges are only part of the industry and a breach on one might not be as devastating as some think.
“Manipulating one stock exchange is unlikely to cause so much impact that it would really dent the U.S. economy,” Pritchard said. “Even an outage would have minimal long-term impact. Again, the loss of confidence might have more repercussions but I think causing real harm, such as knocking value off GDP, is unlikely.”
National security is also a huge concern when it comes to major financial institutions like the exchanges. A strategic attack from an enemy nation or a state-sponsored group could have huge repercussions. Cyber attacks, in general, have practically become a new type of virtual battlefield.
“They’re part of the critical national infrastructure,” SAS Vice President of Cybersecurity Solutions Stu Bradley told InsideSources. “Not only do they need to protect their information and data assets from a fraud perspective, or from a market manipulation perspective, but you have the state sponsored threats that are out there because it is part of our financial system.”
Major exchanges like the NYSE are at risk, but the likelihood of a massive breach is debated. Even if a hacker were to breach an exchange doesn’t mean they will have full access. There are layers of security all designed to minimize the scope of a potential breach.
“If they’re doing things properly, then not significantly so,” Pritchard said. “Good monitoring, with people who know the tools and the organization using it, should mean that it’s difficult, even for capable threat actors to go undetected.”
Pritchard adds that there is still a risk of people falling victim to ransomware and other tricks. He notes that even with those threats a good security system should have no issue detecting and minimizing the impact. Nevertheless, others fear the chances of a massive breach is very much in the realm of possibilities.
“I would have to say the likelihood is very likely,” Bradley said. “Just because we’re not hearing about the massive breach of a potential exchange doesn’t necessarily mean that one hasn’t occurred. The going in position of any information security executive is our network is going to be breached and how quickly can we respond to that.”
The financial industry invest a lot of money into their cybersecurity systems. They know the importance of having the best technology and the ability to adapt to new threats. They’ve been utilizing cybersecurity longer than many other industries, which provides them experience when it comes to confronting new threats.
“It’s definitely a concern and I think with the growing amount of breaches we’ve seen across other industries it should be more of a concern,” Barron-DiCamillo said. “I think the one benefit of the financial service industry as a whole is that they’re very well funded to deal with cyber and they’ve been doing it for a long time.”
Investing in security systems might not be enough when it comes to protecting exchanges. The most expensive cybersecurity system isn’t necessarily the best. Hackers are utilizing the best technology they can access and are deploying their attacks in creative and innovative ways all the time.
“They are spending more money than any of the other industries out there,” Bradley said. “It doesn’t necessarily mean they are taking the right approaches to what needs to occur but what it does mean is they’re aligning their spending to the risks that they are under.”
Financial institutions also have methods for containing breaches if a successful one is detected. Chanin notes a breach could still impact confidence, which is a bad situation for any stock exchange. Confidence plays a major role in exchanges as investors look for secure and reliable stocks.
“There are backup systems, things like that, that can be put in place. But at the same time, if confidence is shaken, then who knows,” Chanin said. “What the fallout would be from not being able to trust in trades and executions and the price of discovery could cause significant ramifications.”
Bradley suggests companies and the exchanges should invest more in analytics as a form of security. Analytics is a method in which patterns are detected across data networks. Those patterns could be related to how people interact with the networks and could potentially detect unusual and dangerous activities.
“You constantly have to keep evolving your capabilities to keep pace with the ever-evolving landscape of cyber security,” Barron-DiCamillo said. “You can’t just go with the protection you had in place from yesterday. You have to make sure you are keeping pace with the threats that are coming after you today, coming after you tomorrow.”