How secure is your brokerage against cyber attacks? A close look
The unlawful obtaining of customer information or the unauthorized gaining of access to online accounts is a very important modern criminal activity that should absolutely not be taken lightly, especially in the FX industry which not only conducts its entire, global business via the internet, but also is responsible for financial transactions and the safekeeping […]
The unlawful obtaining of customer information or the unauthorized gaining of access to online accounts is a very important modern criminal activity that should absolutely not be taken lightly, especially in the FX industry which not only conducts its entire, global business via the internet, but also is responsible for financial transactions and the safekeeping of client monies.
Cybersecurity, the terminology given to the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide, is paramount and therefore access to the right information from all parties is a given…. or is it?
Research by McAfee Labs, the internet security and anti-virus research division of Intel Security, has this week concluded that only 42% of cybersecurity professionals use shared threat intelligence, despite 97% of those who do use it having stated that it helps them provide a better counter-threat service and with 59% having stated that shared data is “very valuable” to their organization.
The FX industry is so multi-faceted that the need for cybersecurity exists in many specific areas such as the electric payment processing sector, the safeguarding of client funds in online trading accounts and the actual access to trading accounts themselves in order that trades can be opened and closed.
Last year, Tim Thompson, CEO of British payment payment service provider and risk management technology company NOIRE explained to Andrew Saks-McLeod that FX brokerage accounts are usually accessible online needing only a username and password in order to gain access to sensitive data and exposure to fraudulent withdrawals.
“It can start in a number of ways” explained Mr. Thompson. “These methods include fraudsters phishing customers details, through emails pretending to be from the broker and telephone calls, Trojan malware programs often downloaded for trading platforms which look legitimate but could be obtaining customers’ login details and passwords. Fraudsters do this on an industrial scale and gain access to many customer accounts across many businesses.”
Mr. Thompson explained that in many cases, fraudsters have been able to successfully make withdrawals from trading accounts, their requests being so authentic that they have been passed by even the most diligent of compliance departments. The ability to access accounts by phishing and sending in Trojan horse malware programs in order to ’emulate’ the real customer would be avoided with the right anti-fraud security systems.
In October last year, a series of connectivity outages began affecting internet ccess for hosted customers of MetaTrader 4 integration bridge provider oneZero Financial Systems, one of which was Australia’s IC Markets.
At that particular time, IC Markets, which uses oneZero to host its MetaTrader 4 retail FX trading environment, stated that it was targeted by a DDOS attack, which is an acronym for ‘distributed denial of service’. In this particular case, the attack functioned by bombarding the server with a high volume of messages in order to either slow down the server, or to prevent it functioning at all.
Some three years ago, Jeff Wilkins, Managing Director of Michigan-based ThinkLiquidity, a well recognized industry expert with regard to electronic risk management, explained to Andrew Saks-McLeod during a meeting in Cyprus that within networks used in the FX industry, points of presence, which are dedicated connectivity solutions between venues, trading companies and hosts, had been gaining popularity, and that distributed points of presence connectivity allows protection against denial of service attacks, confirming that ThinkLiquidity at that time always advised that this type of infrastructure is put in place.
Three years on, the institutional sector has in some form adopted such systems, venue-neutral Canadian infrastructure provider TMX Atrium put in place points of presence between Paris, London, Frankfurt and Moscow during 2013, however this venue-based connectivity has not filtered its way into the OTC retail sector on a widespread scale, a likely reason being the cost of implementing dedicated infrastructure to many smaller retail firms being high, especially when margins are low once spread, IB commission, client acquisition and retention costs and operating expenses are taken into account.
Some of the more interesting findings of the survey by McAfee Labs is that when asked what posed a barrier to companies from sharing threat information, some 54% cited company policies, while 24% cited regulations within their industry, and 24% said lack of knowledge on how the information would be used.
Regulatory aspects are indeed an interesting perspective, as the regulatory authorities in some of the more well recognized jurisdictions for electronic trading such as Australia and North America have become very much involved in using high tech methods of conducting their oversight.
The National Futures Association (NFA) in America uses a system within which all firms must make daily reports which are stored on file. It would be interesting to understand how the NFA would regard the sharing of information between companies before uploading it to the NFA reporting system, or if the NFA could make certain information sharable to bona fide compliance departments as part of a security effort.
Australia’s ASIC uses a surveillance system which monitors the activities of all companies on a real-time basis, therefore would be able to easily detect any sharing of confidential information between companies, which it may frown upon due to inside information getting into the hands of competitors despite the usefulness in countering cyber attacks. The Australian authorities have a very strict stance on not only insider dealing, but the sharing of confidential information between companies could be construed as market abuse by ASIC.
The McAfee report concluded that cyberthreats are on the rise, with new ransomware up 26% in the last quarter of 2015 compared to the third quarter of the year.
“Our report highlights that cyber threat intelligence (CTI) must overcome the barriers of organisational policies, regulatory restrictions, liability risks, and a lack of implementation knowledge before its potential can be fully realised” said Raj Samani, Head of Technology for the EMEA region at Intel Security.
