– As leaders in the trading community gather for the FIX Trading Community, 2018 EMEA Trading Conference, Corvil shines spotlight on cyber risks in algorithmic trading –
Corvil Director, Security Product Management, Graham Ahearne, is among the cybersecurity panellists at today’s FIX Trading Community Annual EMEA Conference, enlisted to address how financial markets can mitigate cyber risk.
While most financial institutions have robust information security solutions and programmes in place, outmaneuvering today’s advanced cyber attackers, who have industrialised their tactics, techniques and procedures, remains one of the biggest operating challenges. The risk should not be underestimated with regulators such as Steve Peikin, co-director of the U.S. Security and Exchange Commission (SEC), warning last year: “The greatest threat to our markets right now is the cyber threat.”
Industry associations such as the FIX Trading Community are playing a key role in spearheading standards to mitigate risks. January 2018 saw the release of the FIX-over-TLS (FIXS) standard and guidelines to help users of the FIX protocol meet security requirements. FIXS is part of a larger programme of work that the FIX Trading Community initiated in response to the cybersecurity challenge.
In supporting FIX’s cyber initiatives Graham Ahearne says: “The advanced, persistent threat landscape poses an enormous risk to financial markets. The significance of industry collaboration and knowledge sharing cannot be overstated, which is why events like FIX EMEA conference are critically important.”
Trading environments tend to be optimised for one thing: speed. Nowhere else in the world is data moving this fast, in such large volumes, with so much economic value at stake. Performance and speed are paramount, and trading networks do not want additional overhead to weigh them down, which makes adding traditional security systems challenging.
Ahearne says: “There is also a perception, because they are typically segmented from the rest of the enterprise IT infrastructure, that trading environments are safer than others. With more than 80 percent of breaches stemming from accidental mishaps or malicious insiders, these environments can become compromised.”
While in a normal attack, hackers may need to steal data or install ransomware, in financial markets, hackers only need to slightly tweak an algorithm or impair the performance of the network overall. Electronic trading networks are heavily automated, but they play such a huge role in the stock market at large that a rogue trading algorithm could do significant damage.
Whether dealing with nation state attackers, criminals, hacktivists, or simply careless employees, CISOs in financial markets have now taken on the unique role of an independent risk monitor watchdog. Corvil believes AI-powered automation and advanced analytics will also play a big role in the way forward.
Optimal cyber security needs to understand the content of communications, as well as patterns and types of communication. Different, anomalous and malicious content along the same communication paths, tendencies and applications may still constitute a breach. The only way to govern the proper function of algorithms is by watching over the machines themselves – not just what they are doing, but what they are actually saying to each other.
FIX Trading Community is the non-profit, industry-driven standards body at the heart of global financial trading. The 2018 EMEA Trading Conference takes place on 15 March 2018 and will cover the most pressing issues facing the institutional trading community and provide a neutral platform for buy-side, sell-side, exchanges, vendors and regulators to share their ideas on how the community can continue to collaborate. Graham joins fellow panellists Ian Glover, President, CREST; Charles Kilkenny, CEO, Actuare and Russell Wing, Head of Information Security, LME on the “Mitigating Cyber Risk” panel session which is moderated by Julia Streets, Founder & CEO, Streets Consulting Ltd.