Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security

05:55 PM
Larry Tabb
Larry Tabb
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Financial Institutions Must Be Prepared for Future Terrorist Attacks

We lived through 9/11. We lived through the London, Madrid and Bali bombings, too. Now al-Qaeda wants to destroy our financial technology infrastructure by launching a cyber attack against our online banking and stock trading infrastructure. Luckily, nothing came of this early December event, but we certainly need to be prepared for future attacks.

We lived through 9/11. We lived through the London, Madrid and Bali bombings, too. Now al-Qaeda wants to destroy our financial technology infrastructure by launching a cyber attack against our online banking and stock trading infrastructure. Luckily, nothing came of this early December event, but we certainly need to be prepared for future attacks.

There are three major ways to launch a cyber attack against our financial infrastructure now that virtually all financial institutions have online access and many support online banking and brokerage: denial of service, fraud and hacking.

Denial-of-service attacks are the easiest to instigate but also the easiest to defeat. Denial of service involves marshalling computers to simultaneously flood the target site with messages, which clogs a firm's networks and brings them to a halt. These attacks typically do not hurt firms financially; however, they do stop clients from accessing their accounts or conducting transactions online.

Defeating these attacks usually is not a problem. Many firms have firewalls and engage Web hosting firms, such as Akami, to manage their Web site traffic. Akami manages front-end traffic for many financial institutions so that a greater number of Web servers can respond to and block these attacks. Hosting firms also provide a greater level of separation between the front-end and the more critical back-end core systems, adding an additional level of protection.

The second type of attack is fraud based. These phishing or Trojan horse attacks target individuals rather than the firm. They attempt to get unsuspecting individuals to provide their IDs and passwords so nefarious types can break into the account and either drain it or generate fraudulent transactions. While banks and brokers typically cover this type of fraud, and it is serious for the individual, it is a challenging way to "destroy" the institution, as getting individuals to give up their passwords on a large scale is difficult to accomplish.

While hacking is much more difficult, it can truly harm an institution. Hacking involves penetrating a firm's technology defenses and exploiting them. If the hackers are skilled, knowledgeable and successful, they can penetrate firewalls, access core systems and do real damage.

This is the attack that all financial institutions spend heavily to guard against and stay up nights worrying about. It also is the most difficult type of attack to pull off as financial institutions' core technologies are locked down, secure, password protected and complex. And even if hackers penetrate a firm's defenses, they would have to understand how the systems are designed, architected and integrated in order to wire funds, make deposits or loans, or break into their trading systems. The most apt people to navigate these systems are employees, past or present, and very talented and lucky geeks. While we hope none of these folks are al-Qaeda, we as an industry cannot drop our defenses.

It may seem like the extension of our institutions into folks' living rooms enables the easier defalcation of financial enterprises, but the exact opposite is probably true. While electronic thefts can be cleaner, less physical and certainly less bloody, the chance of getting money out of a brokerage and bank illegally is usually greater with a gun than computer. But as the criminals and terrorists get smarter, we too must raise the bar. Otherwise, it will not only be bombs that we will need to fear, but the phone lines as well.

Larry Tabb is the founder and CEO of TABB Group, the financial markets' research and strategic advisory firm focused exclusively on capital markets. Founded in 2003 and based on the interview-based research methodology of "first-person knowledge" he developed, TABB Group ... View Full Bio
More Commentary
A Wild Ride Comes to an End
Covering the financial services technology space for the past 15 years has been a thrilling ride with many ups as downs.
The End of an Era: Farewell to an Icon
After more than two decades of writing for Wall Street & Technology, I am leaving the media brand. It's time to reflect on our mutual history and the road ahead.
Beyond Bitcoin: Why Counterparty Has Won Support From Overstock's Chairman
The combined excitement over the currency and the Blockchain has kept the market capitalization above $4 billion for more than a year. This has attracted both imitators and innovators.
Asset Managers Set Sights on Defragmenting Back-Office Data
Defragmenting back-office data and technology will be a top focus for asset managers in 2015.
4 Mobile Security Predictions for 2015
As we look ahead, mobility is the perfect breeding ground for attacks in 2015.
Register for Wall Street & Technology Newsletters
Video