What can financial firms do to prevent and recover from a data breach?

The most recent hacking incident at the Securities and Exchange Commission underscores what many in the investment community have known for years – that cyber thieves around the globe see great value in stealing market-sensitive information that can be traded for big profits.

In a recent interview (Financial Times), Scott Borg, director of the US Cyber Consequences Unit, a non-profit research institute, warned that sensitive financial information has been “regularly stolen” by cyber criminals who use it to play the markets. In 2011, the IMF was attacked in a breach that experts believe may have been designed to steal insider information, and in 2011 and 2012, the Australian Bureau of Statistics had its key data repositories targeted by hackers.

>See also: Financial firms in NYC face stricter cyber security regulation

In 2015, a group traders allegedly aided by Ukrainian hackers were accused of stealing sensitive news releases from three US corporate newswires in a scheme to make more than $100 million on insider trades.

Knowing these proven motives for hacking, firms in the alternative investment community – which gathers highly sensitive, market-moving information 24-7 – should be especially vigilant about their cybersecurity.

Below are eight priority steps to be taken by firms to help minimise risk:

Know your data

Firms should take steps to classify their data in accordance with its sensitivity relative to a potential breach. The most sensitive data should have the greatest protection layers around it, and fewer individuals with access to it. Examples of this data are investor information, internal research and position/trade information. Were this data to be taken in a breach it would present significant business risk to the fund.

>See also: Cyber breaches cost PLCs ‘1.8% of company value’ 

The firm should also take steps to document their data segmentation such that all employees in the firm understand how the data is managed and protected. The classification, identification, and valuation of data will help determine the necessary security controls to protect it.

Train your employees, then train them again

Most cyber security risks have to do with people and the actions they take or do not take. It is very important to have a continuous and persistent training program which highlights areas around phishing, web use and proper data management and handling of data.

The infrastructure and technology you implement to address cyber security risks is only as good as the people who are using it. If not trained appropriately, the risks of something happening will only increase.

Think security first, then workflow

Fostering a culture of security will greatly reduce your risk. The challenge is that you will have to get your employees to think of security before prioritising functionality. Taking steps to eliminate the usage of all portable hard drives, and enforcing a process where specific data is deleted after a certain time period is a good place to start.

>See also: Cyber security in finance: How can you deal with financial cybercrime

When adding new process, applications or services from third parties, make it a point to scrutinise the security risks they may present. Services which could improve your workflow may bring new security risks into the firm. A culture of security will assist in making the right decisions when presented.

Always be patching

Security risks occur when a path has been discovered through vulnerable software and bugs that have not been patched. The job of a hacker is to find or create these paths, then to exploit it.

It is critical you enforce an active process of continuous patching for all technology in the firm including laptops and mobile devices. It is also very important to document all patching processes and archive dates when patching occurs. It is recommended that you implement a process of accountability whereby specific individuals are responsible for patching specific equipment and software.

Incident response plan

You should assume that you will have a security issue or a breach. Documenting a thorough incident response plan is essential to contain the possible damage to your business while reducing recovery time and reparation costs. Regularly scheduled testing of your plan is essential to confirm its effectiveness and rehearse the escalation channels for your staff.

Vulnerability scanning

Scanning your network and endpoints for weaknesses and unauthorised machines will help to identify the holes that could be exploited by attackers. Used in conjunction with your patching and remediation program, scanning will greatly reduce the threats commonly utilised to compromise critical systems.

>See also: UK Gov: Firms could face £17M fine if cyber security is not up to scratch

User recertification campaigns

It is important to engage in periodical review of the access rights provided to your user community to confirm they only have access to the systems and information they need for their role in the firm.

If someone leaves the organisation and retains access to sensitive information, there is room for misuse, exploit, or sabotage. Staff members also change departments and retain access to data assigned to their previous job. This process should also include privileged access review to confirm users with administrative system access are limited to only those that absolutely need it.

Operating system hardening

Workstation and server systems by default have numerous features installed that are potentially vulnerable to compromise. To secure the storage and management of your data, it is important to turn off unnecessary services not required by your business.

This process typically includes changing default passwords, eliminating unnecessary service accounts, and removing superfluous software packages.

Combined these programs will help to build a defense in depth strategy to protect your organisation from the emerging threats faced by the banking industry. Evolving the security program over time with constant care and updates will enhance the overall value of your firm.


Sourced by Dave Parsons, CISO at Abacus Group


The Women in IT Awards is the technology world’s most prominent and influential diversity program. On 22 March 2018, the event will come to the US for the first time, taking place in one of the world’s most prominent business cities: New York. Nominations are now open for the Women in IT USA Awards 2018. Click here to nominate

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics

Cyber Security
Data Breach