First, kudos to the Nasdaq OMX Group for acknowledging in early February that it was the victim of a cyberattack. Honesty is the best policy but it’s rarely invoked in this industry.
To recap, Nasdaq OMX confirmed that hackers had broken into its network and infected the Directors Desk service. The service facilitates the storage and exchange of documents among 300 or so company boards. Officials said the hackers did not get as far as Nasdaq OMX’s transaction platforms and did not reach customer information. I’m sure many on Wall Street breathed a collective sigh of relief.
But they may be holding their breath again soon.
Hackers had repeatedly broken into the system over the course of a year prompting the FBI to lead an investigation originally started by the Secret Service. The Wall Street Journal reported that investigators are mulling motives such as illegal financial gain, the stealing of trade secrets and “a national-security threat designed to damage the exchange.” The Journal also quoted an expert who said that ultimately hackers have major financial services firms in their sights. To nail their prey, they need data and they’re collecting it.
So, this was no prank. But, sadly, the story was quickly eclipsed by the Deutsche Börse takeover of NYSE Euronext (“What will they call it? The Neue York Deutsche Börse?”) and that is scary.
Is this complacency and/or fatalism in the face of cyberattacks? I don’t want to see a panic but firms must look beyond conventional wisdom and start thinking like the evil geniuses behind hacking. And simply because there hasn’t been a major cyberattack doesn’t mean it won’t happen or that attacks on a lesser scale haven’t happened under the radar. Hackers know there is great shame in acknowledging a cyberattack—call it the bedbug factor—and they work it to their advantage.
I see the Nasdaq OMX incident as fair warning to securities firms that they’re next. So, there is no harm in rethinking securing especially as there are so many cloud computing options on the horizon. Market researcher Gartner has recently predicted that through 2012, 60 percent of virtualized servers—upon which clouds are made—will be far less secure than physical ones.
This is very troubling because, with all that virtualization can do well, it’s possible that hackers could figure a way to control a massive number of machines via the hypervisor, which controls the access of “guest” operating systems to a single hardware host. In other words, through a single layer a hacker could control a financial services enterprise. Throw in the inevitable consolidation of exchanges and their systems, and it’s possible that global electronic trading could come crashing down.
It’s almost too scary to think about. But we have to because the hackers are thinking about such things or worse.
Need a Reprint?
Leave a Reply