Almost 90% of the world’s financial exchanges believe that cyber-crime poses a systemic risk to the securities industry, according to a report (pdf) published by the International Organisation of Securities Exchanges (Iosco) and the World Federation of Exchanges this week. More than half of those exchanges have faced cyber attacks in the last year, and financial firms have had to invest huge sums of money to maintain their security. At least so far, they seem to have been mostly effective at warding off hackers.
These precautions hardly stop them from envisioning the worst-case scenario, however. Despite the momentary market freak-outs that a single, strong attack—afalse tweet, a trading glitch, or the odd denial of service (DDoS) attack—could cause, these kind of attacks aren’t really exchanges’ top concerns. Instead, what keeps them up at night is a drawn-out attack that slowly corrupts their systems from the inside, and could be absolutely devastating if not caught in time.
These involved attacks are what technology experts term “advanced persistent threats,” or APTs. “[They] are usually directed at business and political targets for political ends,” the report explains. “APTs involve stealth to persistently infiltrate a system over a long period of time, without the system displaying any unusual symptoms.” In the worst case scenario, this kind of attack would disrupt investors’ faith in the way markets function. Cyber criminals could shut down markets for an extended period of time, stop clearing houses from being able to process trades, compromise investors’ access to markets. It’s the kind of confidence-destroying attack that would prompt anyone with investments in the market to exit them immediately—if they were even able to.