• United States




Rough trade: Why financial markets will need to stay on top of their game

Jul 24, 20185 mins
CyberattacksData and Information SecurityFinancial Services Industry

While election hacking is making headlines and Dan Coats is warning about 9/11 style cyberattacks on the US, it is our financial markets that may require the most immediate laser focus. The future preservation of our financial institutions and the integrity of the domestic and global economy requires greater adoption of more intelligent systems as an increasingly sophisticated hacker community challenges the security teams that fight them.

CSO: Have you met these hackers? [slide 02]
Credit: Welcomia / Matejmo / Getty Images

No one wants to believe that a 9/11-style cyberattack may be coming. But that’s what Director of National Intelligence Dan Coats has been warning the government about for the past month.

While the upcoming elections are a prime focus and utilities are a logical target, what about our financial institutions? Imagine, for instance, having one’s 401(k) wiped out by a cyberattack. Picture the global panic if someone hacked a prominent trading desk.

In this environment, all financial activity would be vulnerable. And cryptocurrencies are no safe haven. Recent attacks have illustrated the vulnerabilities of blockchain, the basis for all cryptocurrencies.

Cryptocurrencies are no safe haven

Such attacks on cryptocurrencies BitCoin Gold and Verge have some waves. They have also cast doubt on the safety of such alternative currencies. It may come as no surprise to security experts that these attacks were possible. But to the general public, and cryptocurrency boosters, these events are shocking.

Far from being unhackable, cryptocurrencies are vulnerable to so-called 51 percent attacks. In such attacks, hackers gain control of the majority of the network’s computing power to falsify transactions. It’s sort of like a hostile takeover of a business in which an adversary takes controlling interest of a targeted company. Established cryptocurrencies like BitCoin are less vulnerable to 51 percent attacks, but BitCoin’s price has dropped over the past few months as hackers have made off with hundreds of millions of dollars from cryptocurrency hacks.

Stock exchanges are safer but still vulnerable

Traditional stock markets look like a much safer bet. But stock markets are a juicy target for hackers who continue to try to bring them down. Instead of attacking the integrity of BitCoin, hackers could hit the NYSE, Tokyo Stock Exchange or Nasdaq. Instead of millions or billions in assets (depending on the cryptocurrency), we could see trillions of dollars of value evaporate. We might even witness the collapse of global financial markets.  The destruction could have a chilling effect. The securities traded on the NYSE alone are valued at over $27 trillion.  As a comparison, the GDP of the United States is approximately $19 trillion.

Usually, when hackers destroy economic value, it is because a data breach, or theft of data. Such information, made public, reduces the price of the company’s stock, at least in the short term. Target, Sony, and The Home Depot are good examples, though all rebounded.

Would a stock exchange also rebound? We don’t know.

To date, the security experts that protect the world’s global financial markets have defended against such attacks. And make no mistake, these systems are constantly under attack.

Hackers have however been able to claim some success. There was a Denial of Service attack on the NYSE website in 2009, and an outage at the NYSE in 2015 that was first thought to be an attack but was later explained as a software update issue. In 2011, hackers also disrupted trading on the Hong Kong Stock Exchange and the SWIFT banking network was compromised for millions of dollars in 2015 and 2016.

Overall, a stock market hack is what’s known as a “low probability/high impact” scenario. The markets have protections in place to limit damage. Circuit breakers go into effect when the market drops below 7 percent, for instance, and there are mechanisms in place to reverse fraudulent trades. But sustained attacks have the potential to undermine faith in the financial system. If people think that they will lose money they have invested, then they will stop investing, causing dire effects to the economy.

Fighting back

Whether connected to the Internet or not, hackers can manipulate these markets by compromising their trading systems. They can also compromise information sources that drive trading behavior, particularly algorithmic trading.

The systems’ success at warding off such attacks has been commendable. These institutions can afford the best people and technologies in the world to provide this level of protection. But as the attacks grow more sophisticated and begin to leverage AI to automate the scale and precision of the attacks, it will become harder and harder to defend using existing solutions and techniques.

Having the best security minds on the team is part of the solution. But as the attackers get more organized and share data, security teams will need more intelligent AI-powered solutions and more extensive data sharing.

Today, some of the best security professionals do collaborate to protect vital industries and critical infrastructure. But this is not as commonplace as needed to protect all areas of our economy, including vast portions of the financial services industry.

The future preservation of our financial institutions and the integrity of the domestic and global economy will require greater adoption of these intelligent systems. This is imperative since the ever-more sophisticated hacker community is in danger of outclassing the security teams that fight them.


Rick Grinnell is a founder and Managing Partner of Glasswing Ventures, an early-stage venture capital firm dedicated to investing in the next generation of AI-powered technology companies that connect consumers and enterprises and secure the ecosystem. As a venture capitalist and seasoned operator, Rick has invested in some of the most dynamic companies in security, enterprise infrastructure and storage.

During his 17 years of venture capital experience he has led investments and served on the board of directors for companies such as EqualLogic (acquired by Dell), Prelert (acquired by Elastic), Pwnie Express, Resilient Systems (acquired by IBM), Trackvia and VeloBit (acquired by Western Digital) and is now lead investor and a member of the board of directors at Terbium Labs.

Rick is also active with various entrepreneurial programs at the Massachusetts Institute of Technology (MIT), Harvard and Tufts Universities, and is a frequent judge at MassChallenge. Rick’s contributions to the broader community include serving as a member of the Board of Directors of Big Brothers Big Sisters of Massachusetts Bay, as Vice Chairman of the Board of Overseers at the Museum of Science in Boston, and as a member of the Educational Council at MIT. Rick has been recognized by the New England Venture Network with the Community Leadership Award for his philanthropic work and contribution to the community.

Rick earned BS and MS degrees in Electrical Engineering from MIT and an MBA from HBS.

The opinions expressed in this blog are those of Rick Grinnell and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.