The impact of financially-motivated threats on cybersecurity

Thomson Reuters Regulatory Intelligence has released A State of Regulatory Reform 2018 report and findings have showed that the digital market has emerged from the dark web. 

Financially-motivated threats have become increasingly alarming for exchanges and regulators. Stolen insider information and fake news released by short sellers negatively affect share prices and can create a negative sentiment amongst the general public. The present challenge – cyber-security experts can only track cyber criminals that penetrate the network but are unable to catch or prosecute them due to a lack of regulation.

Impact of fake news on the market

Financially-motivated cyber criminals are more sophisticated than the average hacker. They are familiar with business terms and can read financial statements to determine their impact on financial markets. They can hack into investor relation firms, law firms and investment banks in search of information related to their clients. Last year, cyber security firm FireEye, identified two threat groups that stole insider information – one which compromised the email accounts of top executives privy to confidential, non-public information about mergers and acquisition-related intelligence and major market moving announcements; and another which used spear phishing techniques and targeted senior management’s access to their organisation’s financial statements. The latter targeted 11 organisations within the financial services, transportation, retail, education, IT services and electronic sectors.

Private investigators at Kroll uncovered that fake news are being published anonymously on blogs and contain financial information that have been fabricated using partial truths and bad logic. Fake news are also worded in a way that can be easily misinterpreted and aim to create an unfavourable view of a company’s performance. Algorithmic traders may unknowingly assist in spreading fake news as they trade on news feeds and keyword searches on social media platforms. These actions may contribute on driving prices down as they unwittingly pick up on this piece of fake news and start to trade on it.

The need for cyber resilience programme

To better manage risk, cyber resilience programmes need to be implemented. The year ahead will see the closure of a series of major enforcement actions such as the case against Westpac manipulating bank bill swap rates on specific dates. Australia’s financial regulators – Australian Securities and Investments Commission (ASIC) and Australian Transaction Reports and Analysis Centre (AUSTRAC) – are enforcing cyber risk, counter-terrorism financing, technology and senior management accountability. Both regulators will be focusing on the risks associated with fintech and regtech innovation as well as the continued threat of cyber-attacks. Regulators will continue to raise awareness of technology risks and the need for cyber resilience programmes. To name a few, the Australian Securities Exchange (ASX) will be introducing the Distributed Ledger Technology (DLT) platform to power the next generation of its post-trade infrastructure. In a move to secure financial intelligence, AUSTRAC will also look to use encryption, DLT and other innovations for real-time information sharing between the public and private sectors.

Cyber security and technology risk

Regulators are concerned that a major cyber-attack could spiral out of control, undermining an organisation and destabilising the market. This in turn would damage investors’ trust and confidence in the financial system. A major cyber-attack involves systematic risks that causes much concern for regulators. To prepare against this, ASIC’s market integrity team will be focusing its compliance efforts on technology, cyber resilience and conduct risk this year. ASIC’s supervision teams will also be focusing their efforts on the technology and operational risks among the major licensees.

ASIC and AUSTRAC have both signalled an intention to further their active enforcement presence, together with strong political support. Awareness around technology risks and the subsequent need for cyber resilience programmes will also become more prominent. To ensure market intermediaries are aware of their obligations, regulators will need to send them self-assessment questionnaires. Compliance reviews into technology-dependent licensees will also be conducted. 

On the technology front, ASIC will continue to explore the impact of DLT or blockchain in the market whilst the ASX and the Sydney Stock Exchange quantify the potential in this area. The ASX has opened a consultation on its plans for a new post-trade platform based on DLT technology to replace its ageing SMARTS infrastructure.

Going forward, ASIC is looking to increase interest within blockchain technology amongst operators of financial market infrastructure, financial institutions, financial services providers and fintech players. Blockchain technology is likely to be used to facilitate foreign exchange remittance payments, securities settlement systems, debt issuance programmes and digital identity platforms. ASIC said it is expected the “range of potential applications” of blockchain will continue to expand.

If you would like to discuss how the above will affect your organisation or if you are looking for job opportunities in cybersecurity, please do not hesitate to contact us at +61 2 8251 2100. You may also follow our LinkedIn page for other industry-related insights.

5 Top Tips for writing your Business Analyst CV

04 Dec 2019

Creating the perfect Business Analyst CV can be difficult, so our consultant Brittany Arlove has put together some of Top Tips which you can use in order to build or enhance yours.

Our Dubai team has been awarded with six different titles by Global Banking & Finance Review

08 Nov 2019

Huxley’s DIFC based regional office in Dubai is extremely honoured to have been awarded 6 titles by Global Banking & Finance Review. This is a great testament to the hard work, strategy and partnerships that the team has with our clients and candidates. Find out more about the awards in the article.

How is Qatar defending its cybersecurity efforts in preparation for FIFA World Cup 2022?

07 Oct 2019

Qatar will become the first Middle Eastern country to host the FIFA World Cup in 2022 at its new 80000-capacity Lusail Iconic Stadium. In light of hosting the world’s largest sporting event, the Middle East has come under increasing scrutiny over the state of its security and technological landscape.

What are the implications of UAE’s increasingly younger workforce?

10 Sep 2019

A younger workforce can impact the job market in various ways as it potentially influences the availability and market rates of many roles as well as the employability of older employees. Their influence in the gulf will be especially significant in the near future and is expected to reach 75% of the total number of employees in the gulf by 2025.

Tags: MENA