The impact of financially-motivated threats on cybersecurity
Thomson Reuters Regulatory Intelligence has released A State of Regulatory Reform 2018 report and findings have showed that the digital market has emerged from the dark web.
Financially-motivated threats have become increasingly alarming for exchanges and regulators. Stolen insider information and fake news released by short sellers negatively affect share prices and can create a negative sentiment amongst the general public. The present challenge – cyber-security experts can only track cyber criminals that penetrate the network but are unable to catch or prosecute them due to a lack of regulation.
Impact of fake news on the market
Financially-motivated cyber criminals are more sophisticated than the average hacker. They are familiar with business terms and can read financial statements to determine their impact on financial markets. They can hack into investor relation firms, law firms and investment banks in search of information related to their clients. Last year, cyber security firm FireEye, identified two threat groups that stole insider information – one which compromised the email accounts of top executives privy to confidential, non-public information about mergers and acquisition-related intelligence and major market moving announcements; and another which used spear phishing techniques and targeted senior management’s access to their organisation’s financial statements. The latter targeted 11 organisations within the financial services, transportation, retail, education, IT services and electronic sectors.
Private investigators at Kroll uncovered that fake news are being published anonymously on blogs and contain financial information that have been fabricated using partial truths and bad logic. Fake news are also worded in a way that can be easily misinterpreted and aim to create an unfavourable view of a company’s performance. Algorithmic traders may unknowingly assist in spreading fake news as they trade on news feeds and keyword searches on social media platforms. These actions may contribute on driving prices down as they unwittingly pick up on this piece of fake news and start to trade on it.
The need for cyber resilience programme
To better manage risk, cyber resilience programmes need to be implemented. The year ahead will see the closure of a series of major enforcement actions such as the case against Westpac manipulating bank bill swap rates on specific dates. Australia’s financial regulators – Australian Securities and Investments Commission (ASIC) and Australian Transaction Reports and Analysis Centre (AUSTRAC) – are enforcing cyber risk, counter-terrorism financing, technology and senior management accountability. Both regulators will be focusing on the risks associated with fintech and regtech innovation as well as the continued threat of cyber-attacks. Regulators will continue to raise awareness of technology risks and the need for cyber resilience programmes. To name a few, the Australian Securities Exchange (ASX) will be introducing the Distributed Ledger Technology (DLT) platform to power the next generation of its post-trade infrastructure. In a move to secure financial intelligence, AUSTRAC will also look to use encryption, DLT and other innovations for real-time information sharing between the public and private sectors.
Cyber security and technology risk
Regulators are concerned that a major cyber-attack could spiral out of control, undermining an organisation and destabilising the market. This in turn would damage investors’ trust and confidence in the financial system. A major cyber-attack involves systematic risks that causes much concern for regulators. To prepare against this, ASIC’s market integrity team will be focusing its compliance efforts on technology, cyber resilience and conduct risk this year. ASIC’s supervision teams will also be focusing their efforts on the technology and operational risks among the major licensees.
ASIC and AUSTRAC have both signalled an intention to further their active enforcement presence, together with strong political support. Awareness around technology risks and the subsequent need for cyber resilience programmes will also become more prominent. To ensure market intermediaries are aware of their obligations, regulators will need to send them self-assessment questionnaires. Compliance reviews into technology-dependent licensees will also be conducted.
On the technology front, ASIC will continue to explore the impact of DLT or blockchain in the market whilst the ASX and the Sydney Stock Exchange quantify the potential in this area. The ASX has opened a consultation on its plans for a new post-trade platform based on DLT technology to replace its ageing SMARTS infrastructure.
Going forward, ASIC is looking to increase interest within blockchain technology amongst operators of financial market infrastructure, financial institutions, financial services providers and fintech players. Blockchain technology is likely to be used to facilitate foreign exchange remittance payments, securities settlement systems, debt issuance programmes and digital identity platforms. ASIC said it is expected the “range of potential applications” of blockchain will continue to expand.
If you would like to discuss how the above will affect your organisation or if you are looking for job opportunities in cybersecurity, please do not hesitate to contact Elizabeth Floyd on 02 8251 2103 or our cybersecurity specialists at Huxley - Josh Littlewood on 02 8251 2102 and Matt Canning on 02 8251 2110. You may also follow our LinkedIn page for other industry-related insights.