The vulnerability of the financial sector to cyber attacks has captured the attention of government officials, regulators and Wall Street.
In April, the U.S. Securities and Exchange Commission issued a regulatory alert stating it will conduct examinations of more than 50 registered broker-dealers and registered investment advisers focused on cyber-security governance, identification and assessment of cyber-security risks, protection of networks and information, risks associated with vendors and other third parties, detection of unauthorized activity, and experiences with certain cyber-security threats.
That, coupled with highly publicized security breaches, has caused a groundswell of activity among capital markets firms.
“The cyber-security initiative by the SEC has highlighted the need for extra security measures and for policies and procedures,” Michael Asher, chief information officer at Richard Fleischman & Associates (RFA), told Market Media. “Sophisticated technology combined with social engineering shows that pretty much anyone can be hacked. If someone wants to penetrate your network, most likely they will be able to do it.”
While intrusion detection systems and firewalls are important, equally important is having human beings on the lookout for suspicious activity. ”Someone needs to be constantly checking for anomalies,” Asher said. “Most of the things that can create a security breach are not usually detected by automated systems.”
This week, on the 10th anniversary of the 9/11 Commission Report, the former members of the
commission issued a report on how the world has changed over the past decade, the current terrorist threat to the United States, and on recommendations for improving U.S. national security.
The report urges Congress to enact cyber security legislation to enable collaboration between the public and private sectors and calls on the administration to communicate the consequences of cyber attacks against the U.S. and to establish norms of cyberspace.
“One lesson of the 9/11 story is that, as a nation, Americans did not awaken to the gravity of the terrorist threat until it was too late. History may be repeating itself in the cyber realm,” according to the report. “The Internet’s vulnerabilities are outpacing the nation’s ability to secure it.”
Sifma, the trade association for the securities industry, endorsed the 9/11 Commission Report’s finding and recommended that Congress enact cyber-security legislation.
“Cyber security is a top priority for the financial services industry, which is dedicating significant resources to protect the integrity of the financial markets and the millions of Americans who use financial services every day,” said Kenneth Bentsen, Sifma president and CEO.
In a July 16 speech, Treasury Secretary Jack Lew noted that cyber defenses are not where they need to be. “Far too many hedge funds, asset managers, insurance providers, exchanges, financial market utilities, and banks should and could be doing more,” he said.
Lew called on Congress to pass cyber legislation. “As it stands, our laws do not do enough to foster information sharing and defend the public from digital threats,” he said. “We need legislation with clear rules to encourage collaboration and provide important liability protection. It must be safe for companies to collaborate responsibly, without providing immunity for reckless, negligent or harmful behavior.”
Asher said RFA, which provides business continuity, disaster recovery and other technology services, has seen a noticeable increase in demand for cyber security delivered via its managed services platform.
“Because of the SEC initiative and all the high profile cases, it’s becoming a bigger part of our business,” said Asher. “Previously, all systems were implemented on site and it was difficult to buy systems that would do this because they were expensive. Now, it’s part of the managed services platform.”