- News & Events
July 29, 2013
In 2012, approximately half the world’s securities exchanges were victims of cyberattacks according to a survey of 46 exchanges from every corner of the globe. The interconnected nature of markets invariably causes a cyberattack on one exchange to have implications for others.
Recently a joint staff working paper on exchange cybersecurity was done by the International Organization of Securities Commissions’ (IOSCO) research department and the World Federation of Exchanges office.
The International Organization of Securities Commissions (IOSCO) is the international body that brings together the world’s securities regulators. Its membership regulates more than 95% of the world’s securities markets.
The 57-member World Federation of Exchanges (WFE) is the trade association for regulated financial exchange operators. The WFE develops and promotes standards in markets, supporting reform in the regulation of OTC derivatives markets, international cooperation and coordination among regulators.
Reuters’ John McCrank and Brendan McDermid reported on the joint staff working paper.
“There could be systemic impacts … from cyber attacks in the securities markets, especially considering that our financial system is relying more and more on technological infrastructure,” the report’s author, Rohini Tendulkar of the IOSCO Research Department, said in an interview.
Among the exchanges surveyed, 53 percent said they experienced a cyberattack last year. The most common forms were Denial of Service attacks, which seek to disrupt websites and other computer systems by overwhelming the targeted organizations’ networks with computer traffic, and viruses.
Other forms of cybercrimes reported by the exchanges included laptop theft, website scanning, data theft, and insider information theft. None of the exchanges reported financial theft as part of the attacks.
“Cybercrime also appears to be increasing in terms of sophistication and complexity, widening the potential for infiltration and large-scale damage,” the report said, adding that a major attack could result in widespread public mistrust and a retreat from the markets.
In Britain, worries over hacking and other cyber attacks have pushed aside the euro zone crisis as the top risk for that country’s banks, a senior Bank of England official said last month.
In the United States, exchange operators Nasdaq OMX Group and BATS Global Markets said in February of last year that they were targeted with denial of service attacks. In October 2011, NYSE Euronext’s New York Stock Exchange’s website was inaccessible for 30 minutes, according to an Internet monitoring company, but the exchange said there was no interruption of service.
And in 2010, hackers who infiltrated Nasdaq’s computer systems installed malicious software that allowed them to spy on the directors of publicly held companies, Reuters reported.
There is limited data on the costs of cybercrime to securities markets, but the paper said a number of studies have looked at the costs of cybercrime to society as a whole, with estimates ranging between $388 billion to $1 trillion.
The exchanges in the survey said the direct and indirect cost of cyberattacks cost them each less than $1 million last year.
A spokeswoman for BATS said … the exchange operator invests heavily in proactive security technology, and has made some significant hires on the security side, though for competitive and security issues, she could not give more details. Nasdaq and NYSE declined to comment.
The lack of widely available insurance against cybercrime adds to the risk, as nearly four in five exchanges would have to bear the costs of a major attack themselves, the survey found.”
ThreatMetrix is the fastest-growing provider of integrated web fraud and cybersecurity solutions. The TrustDefender™ Cybercrime Protection Platform helps companies prevent unauthorized access to web and mobile applications, protect sensitive data, and secure transactions against account takeover, payment fraud, identity spoofing, malware, and data breaches. ThreatMetrix protects more than 1,500 customers and 9,000 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.
To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.
Posted by Dan Rampe
Tags: Account Takeover, Account Takeover Fraud, Bank Fraud, BATS Global Market, CNP fraud, Cookieless Device Identification, Cookies, Credit Card Fraud, Cyber attacks, Cybercrime, Denial of Service Attack, Device Detection, Device Fingerprint, Device Fingerprinting, Device ID, Device Identification, Euronext, Exchange Fraud, Fraud Prevention, Identity theft, Malware, Malware Protection, MitB, Mobile fraud, NASDAQ, NYSE, Online Fraud, PII, Stock Exchanges, ThreatMetrix, ThreatMetrix Cybercrime Protection Platform, ThreatMetrix Global Trust Intelligence Network, Web Fraud