The Fintech cybersecurity market is ever-evolving with new technologies and regulations influencing change. Here are three trends in the market we expect to see in 2021.
Financial Services Firms and Exchanges Shift to High-Speed, Full Packet Capture and Analysis to Boost Security
One of the first uses of PCAP, or packet capture, by the stock exchanges was as a tool to monitor their Proprietary Market Data, and Consolidated Market Data (SIP) feeds to meet Security Exchange Commission (SEC) regulations. After the exchanges realized the technologies’ capacity to capture all live network traffic at the basic detail level, which gave them full visibility of application and network interactions, with minimal impact (latency) to the traffic itself, they expanded its use. PCAP is now widely used in the financial service market to monitor network health and performance. Besides the natural evolution of monitoring operations, the market also recognized how high-speed, full PCAP could add extraordinary value to its cybersecurity arsenal.
Because PCAP solutions allow visibility of every transaction on a network, including pre-and post-event, and back-in-time analysis, it can tell the entire story of a cyberattack. It offers details on how and when a hacker entered the system, what was stolen, who else was targeted, giving security teams digital fingerprints and footprints of the interactions to pass on to the authorities for investigational purposes.
Some PCAP systems have a monitoring limit of only 40 gigabytes per second, rendering them unable to keep up with the enormous amount of data traffic on today’s market networks. As a result, packets are dropped on these outdated systems, leaving gaps in network visibility, which presents a significant security concern. But advanced high-speed full PCAP and analysis tools can capture and analyze all packets in networks at speeds up to 100GB/sec. Consequentially these new systems have zero packet loss, allowing financial services companies to detect various network intrusions and malware infections in great detail. These sophisticated PCAP systems also buffer the security monitoring infrastructure from traffic spikes and traffic growth to ensure reliable results, avoiding overload situations that lead to data loss and unnoticed intrusions.
It is not enough for security teams to focus on just preventing intrusions. They must have the tools to detect an intrusion quickly, mitigate the situation, and prevent more attacks from similarly happening. As daily trading volumes across the industry continue to increase, resulting in a vast influx of information, financial services firms and exchanges are turning to full PCAP high-speed technology to handle the throughput, at high efficiency, and at the scale they require.
Brokers Express Concern with Amount of Personal Identifiable Information (PII) Required to Submit under SEC Rule 613 Consolidated Audit Trail Requirement
The 2010 flash crash, where the Dow Jones Index dropped over 1,000 points and lost almost 9% of its value all in minutes, caused havoc across the markets. Because trade information was siloed across the market, with each exchange and broker storing its data in various formats, there was no method in place for the Securities and Exchange Commission (SEC) to review data to determine what happened with the flash crash. The SEC had to recreate the data and the day’s scenario, which was enormously time-consuming. In response, the SEC adopted Rule 613 in 2012, which mandated creating a comprehensive consolidated audit trail (CAT) that would allow regulators to track all activity efficiently and accurately throughout the U.S. markets in National Market System (NMS) securities. The Financial Industry Regulatory Authority (FINRA), along with the national securities exchanges, collectively the self-regulating organizations (SROs), were tasked with how to develop, implement, and maintain CAT.
Read More: 3 Steps for FinTech-Powered Fraud Prevention
The primary goal of Rule 613 is to improve the ability of the regulators to surveil and accurately track trading activity in equities and options markets. CAT was devised as a tracking method to evade a similar situation as the flash crash. Initially, CAT was to be implemented quickly. However, it is now being phased in over four years, the first which has just been completed. The first four phases will be focused on the reporting of transactions, followed by the submission of customer account data.
Since CAT was originally written to include detailed information on all customer accounts including names, social security numbers, trading info, etc., and since every single broker, dealer, and exchange is required to report their orders, trades, options, and equities into this single data pool, it creates a tremendous target for threats. Couple that with the fact that staff working at FINRA will have access to the data, and every exchange has access to every other exchange’s data, which establishes even more exposure to nefarious acts. Therefore, due to pressure from brokers, exchanges, and FIRNA itself, the Rule has been amended to reduce the amount of customer data stored within CAT. That said, in 2021, we will see organizations continue to press on regulators to 1) limit the amount of sensitive data in the ether and 2) use new technologies to reduce vulnerabilities.
Financial Services Companies Continue to Adopt Multi-Factor Authentication, Leaving Some Vulnerable
What could be more attractive to bad actors than financial data? Money, customer account data, and trading data are all extremely valuable. Yet, many financial services companies are still using the Enterprise Castle Defense for protection. While they build walls and a surrounding moat to protect from exterior threats, inside the castle, everyone is trusted. That approach is dangerous. Trust is okay, but it must accompany verification. Passwords alone – single-factor authentication — are no longer powerful enough against today’s formidable cyber threats.
Implementing multi-factor authentication (MFA) is a critical step in preventing access to systems by unauthorized users. In addition to usernames and passwords, MFA requires that users confirm a collection of things to verify their identity. This is often something unique to the users’ physical being, such as a retina or fingerprint scan.
At most larger firms MFA is a standard procedure. However, in smaller firms, or those that are outsourcing systems, such as payroll, this critical security measure has often not been implemented. These organizations usually take a reactive approach where MFA is employed only after discovering a breach. Other firms simply are not technically savvy and are remiss at turning on the available authentication tools such as Authy, Google Authenticator, or ESET Security Authentication. With work-from-home policies continuing until who knows when, it is essential to beef up internal security measures substantially, and MFA should be a priority. In 2021, we will continue to see firms that have not taken the necessary steps to secure their systems from internal threats, leaving them vulnerable to attack.