Rough trade: Why financial markets will need to stay on top of their game

No one wants to believe that a 9/11-style cyberattack may be coming. But that’s what Director of National Intelligence Dan Coats has been warning the government about for the past month.

While the upcoming elections are a prime focus and utilities are a logical target, what about our financial institutions? Imagine, for instance, having one’s 401(k) wiped out by a cyberattack. Picture the global panic if someone hacked a prominent trading desk.

In this environment, all financial activity would be vulnerable. And cryptocurrencies are no safe haven. Recent attacks have illustrated the vulnerabilities of blockchain, the basis for all cryptocurrencies.

Cryptocurrencies are no safe haven

Such attacks on cryptocurrencies BitCoin Gold and Verge have some waves. They have also cast doubt on the safety of such alternative currencies. It may come as no surprise to security experts that these attacks were possible. But to the general public, and cryptocurrency boosters, these events are shocking.

Far from being unhackable, cryptocurrencies are vulnerable to so-called 51 percent attacks. In such attacks, hackers gain control of the majority of the network’s computing power to falsify transactions. It’s sort of like a hostile takeover of a business in which an adversary takes controlling interest of a targeted company. Established cryptocurrencies like BitCoin are less vulnerable to 51 percent attacks, but BitCoin’s price has dropped over the past few months as hackers have made off with hundreds of millions of dollars from cryptocurrency hacks.

Stock exchanges are safer but still vulnerable

Traditional stock markets look like a much safer bet. But stock markets are a juicy target for hackers who continue to try to bring them down. Instead of attacking the integrity of BitCoin, hackers could hit the NYSE, Tokyo Stock Exchange or Nasdaq. Instead of millions or billions in assets (depending on the cryptocurrency), we could see trillions of dollars of value evaporate. We might even witness the collapse of global financial markets.  The destruction could have a chilling effect. The securities traded on the NYSE alone are valued at over $27 trillion.  As a comparison, the GDP of the United States is approximately $19 trillion.

Usually, when hackers destroy economic value, it is because a data breach, or theft of data. Such information, made public, reduces the price of the company’s stock, at least in the short term. Target, Sony, and The Home Depot are good examples, though all rebounded.

Would a stock exchange also rebound? We don’t know.

To date, the security experts that protect the world’s global financial markets have defended against such attacks. And make no mistake, these systems are constantly under attack.

Hackers have however been able to claim some success. There was a Denial of Service attack on the NYSE website in 2009, and an outage at the NYSE in 2015 that was first thought to be an attack but was later explained as a software update issue. In 2011, hackers also disrupted trading on the Hong Kong Stock Exchange and the SWIFT banking network was compromised for millions of dollars in 2015 and 2016.

Overall, a stock market hack is what’s known as a “low probability/high impact” scenario. The markets have protections in place to limit damage. Circuit breakers go into effect when the market drops below 7 percent, for instance, and there are mechanisms in place to reverse fraudulent trades. But sustained attacks have the potential to undermine faith in the financial system. If people think that they will lose money they have invested, then they will stop investing, causing dire effects to the economy.

Fighting back

Whether connected to the Internet or not, hackers can manipulate these markets by compromising their trading systems. They can also compromise information sources that drive trading behavior, particularly algorithmic trading.

The systems’ success at warding off such attacks has been commendable. These institutions can afford the best people and technologies in the world to provide this level of protection. But as the attacks grow more sophisticated and begin to leverage AI to automate the scale and precision of the attacks, it will become harder and harder to defend using existing solutions and techniques.

Having the best security minds on the team is part of the solution. But as the attackers get more organized and share data, security teams will need more intelligent AI-powered solutions and more extensive data sharing.

Today, some of the best security professionals do collaborate to protect vital industries and critical infrastructure. But this is not as commonplace as needed to protect all areas of our economy, including vast portions of the financial services industry.

The future preservation of our financial institutions and the integrity of the domestic and global economy will require greater adoption of these intelligent systems. This is imperative since the ever-more sophisticated hacker community is in danger of outclassing the security teams that fight them.