Digitalization is visible across most, if not all, spheres of our professional and personal lives. While it offers a number of undeniable advantages, it brings along the need for security, especially cybersecurity. Consider the following:
- An increasing number of devices are interconnected, communicating via the Internet
- Digitalization brings convenience but also collects data, with the potential for misuse
Implications of interconnected devices for companies.
This brings along implications for companies. They must protect themselves from cyberattacks, or else – for instance – hackers could take control of Internet-connected medical devices. This is but one example, and the vulnerable lot includes financial services firms, including those in the investment banking industry.
A good cybersecurity setup for this sector is difficult to determine.
Cybersecurity is hard to determine considering the constantly changing threat landscape, plus the effect of shifting business priorities and exponential technology forces on how organizations approach cyber risk management.
There is no denying, though, that the cloud, data and analytics, and social media are top of the list of technology items requiring attention at large firms.
Look what large enterprise banking spend on cybersecurity
The criticality of cybersecurity is borne out by budgets for the same. The largest budgets of course belong to Fortune 500 companies. Within the Fortune 500, financial institutions appear to have the deepest pockets. JP Morgan Chase & Co, as per a 2018 letter to its shareholders, spends roughly USD 600 million annually on cybersecurity. They also employ around 3,000 IT security people.
Media reports have suggested that Bank of America spends roughly the same amount on cybersecurity.
It is thus no surprise to see the number of financial institutions posting job ads for cybersecurity positions. Given how cybersecurity covers a broad range of issues and security breaches are quite common, the pool of investment banking professionals must also include tech-savvy information security personnel to protect their online systems.
Why are banks a cybersecurity risk?
Why, though, is Wall Street at such risk? According to Moody’s, the capital markets businesses of banks “are an appealing target for cybercriminals attempting large-scale theft or launching sophisticated attacks to create operational disruption.”
Companies in the investment banking industry also house other attractive “targets”, such as payment and cash management systems, and data of their high-net-worth clients and retail banking private clients. Cyberattacks have many purposes:
- Stealing money
- Extorting ransoms
- Stealing or manipulating data
- Creating significant operational disruption
- Generating negative publicity
The attacks themselves can take many forms across a wide range of channels. A typical attack is perpetrated by a criminal in a remote, safe location, trying to get into the systems of a bank or of its clients. Other attacks include attempts to divert payments into the accounts of criminals.
Fraud is very closely linked with cybercrime, and so are the methods employed by investment banking professionals to fight the two.
Investment Banking
Because of the nature of its work, the investment banking industry offers a number of targets for attacks and fraud. These include the following:
- Pending mergers and acquisitions (M&A) transactions: Business negotiations for M&A deals include some very valuable information attractive for attackers, especially for industries such as pharmaceuticals, biotechnology, and medicine.
- Mobile computing devices: Given how many activities of investment banks happen through such devices, they are often targeted to get unauthorized access to client or management accounts.
- Insider trading: The fact that people working at investment banks are privy to confidential information means they can also facilitate cybersecurity breaches. Interestingly, some analysts also speculate there could be a correlation between such institutions hiring cybersecurity professionals and the increased instances of breaches and insider trading attacks a few months later.
What does a successful cyber attack do?
The impact of a successful cyberattack could be wide-ranging for the work of investment banking professionals, with effects in financial, regulatory, and reputation terms. A challenge in this regard comes from the number of ‘false positives’ that could arise and unfortunately, are not possible to eradicate completely.
The only way out is to keep working on rules to detect such instances and thereby reduce their occurrence. The rules need to become more accurate and efficient, and artificial intelligence (AI) and machine learning (ML) could be of great help hereby, for instance, scanning for a change in client behavior or for suspicious IP addresses.
Compromised data can also affect the bottom line. Details of an ongoing deal could be manipulated or transferred, thereby damaging share prices of involved companies involved.
New cybersecurity technology
The solution is for the investment banking industry to invest in new cybersecurity technologies. Investment banks must encourage proper procedures to remove human errors, negligence, or failure to follow security protocols. Some key aspects are as below:
- Huge amounts of data: With larger amounts of data being collected, processed and analyzed for decision-making, every aspect of data collection and management must be secured.
- Autonomous devices: Do not miss out on security for sensors and smart meters. Watch out for physical tampering, unauthorized access, and other attempts to affect data integrity.
- Internet of Things (IoT) security: Data assurance programs must establish end-to-end security for IoT data.
- Hire the right people: This implies hiring sufficient staff to implement and monitor security measures, as well as ensuring they are trustworthy.
- Keep clients and staff informed: These entities must be informed about the risks of phishing attacks, social engineering, and others.
The way ahead is clear. Security measures and awareness along with effective regulation are imperatives to mitigate the risks and effects of cyberattacks in an industry as critical as investment banking. Given the sensitivity of information here, the monetary and reputation damages could otherwise be very serious for the business.