Markets In Action

‘Complacency is not an Option’: Financial Industry Leads Way on Cybersecurity

While the benefits of connection through personal computers, smartphones, social media apps and cloud computing services are extensive, there’s also a downside: the threat posed by those seeking to exploit technology vulnerabilities for criminal or terrorist purposes.

That’s one of the reasons why cybersecurity is a chief concern for the financial industry — and as more and more of our lives move online, it will only grow in importance. Industry leaders like the Securities Industry and Financial Markets Association (SIFMA) have made it a top priority to protect clients’ data.

First, the good news: While media coverage focuses intensely on a relatively small number of high-profile data breaches and other hacking incidents, the fact is that the overwhelming majority of attacks don’t succeed.

That’s according to Karl Schimmeck, Managing Director of Financial Services Operations for SIFMA. He emphasizes that even if many hacking incidents fall short of their disruptive goals, financial industry leaders take the threat seriously.

“For the most part, most of those attacks are unsuccessful,” Schimmeck pointed out in a recent interview with Morningstar. “I would say a very, very small percentage of them would be successful and are capable of getting and/or doing any kind of damage or theft.”

“But the firms are aware of it. They know it’s a risk and they are taking many, many measures and investing a significant amount of their resources, time, effort and money into making sure that their infrastructure is protected — that the data they’ve been entrusted with is protected and that their clients are protected.”

Quantum Dawn 2: An Exercise in Preparedness

How does the financial industry prepare for a potential hacker attack? One key strategy is by planning and executing simulations.

In October 2013, SIFMA spearheaded a full-scale simulation of a systemic attack on the U.S. financial system. This exercise, dubbed “Quantum Dawn 2,” brought together more than 500 participants from 50 different financial sector entities to test their response to cyberattacks and to coordinate with other companies and government agencies.

Quantum Dawn 2 tested various scenarios, including attacks motivated by cyber thieves.

By simulating how cyberattacks might play out, SIFMA and its partners sought to assess areas of risk, exercise and improve crisis response plans and improve communication — all with the goal of blunting the potential impact of future incidents.

The exercise demonstrated the industry’s resiliency when faced with serious impacts caused by cyberattacks and areas where the industry can improve.

The lessons learned from the simulation not only shaped the private sector’s response, but also may contribute to more effective public policy on the cybersecurity front to promote information sharing between the government and the private sector. “Complacency is not an option in the fight against cyber crime.”

In addition, SIFMA has led the way in helping smaller financial firms improve their cybersecurity protections. According to the security firm Symantec, in 2012 an estimated 31% of all cyberattacks targeted businesses with fewer than 250 employees — a sizable increase from the previous year’s 18%.

Cybercriminals may perceive smaller companies as having less stringent network security, which makes cybersecurity even more critical. SIFMA has developed a guidance plan to help small firms better protect their networks and data.

What can you do?

Consumers who want to avoid being a victim should be more vigilant about the security of their personal information. Unfortunately, many Americans may underestimate their own vulnerability, according to FBI Director James Comey, who has made fighting cybercrime a key part of his agency’s mission.

“I think there’s something about sitting in front of your own computer working on your own banking, your own health care, your own social life that makes it hard to understand the danger,” Comey explained in an October 5 “60 Minutes” interview.

“I mean, the Internet is the most dangerous parking lot imaginable,” Comey continued. “But if you were crossing a mall parking lot late at night, your entire sense of danger would be heightened. You would stand straight. You’d walk quickly. You’d know where you were going. You would look for light. Folks are wandering around that proverbial parking lot of the Internet all day long, without giving a thought to whose attachments they’re opening, what sites they’re visiting. And that makes it easy for the bad guys.”

If you’re looking for ways to protect yourself and your family against hacking, fraud and identity theft, the Federal Trade Commission’s “Computer Security” resource page is a good place to start.

The key lesson: In today’s hyper-connected world, cybersecurity isn’t the responsibility of any one party — It’s a shared responsibility for the private sector, the government and consumers.