The study explores the threats posed to markets by cyber-crime – defined by IOSCO’s research department as “a harmful activity, executed by one group … through computers, IT systems and/or the internet and targeting the computers, IT infrastructure and internet presence of another entity”.
In a survey of global exchanges, IOSCO found that 89% of respondents considered cyber-crime “a potentially systemic risk” to securities markets. Indeed, more than half of the exchanges (53%) had experienced some form of intrusion in the preceding 12 months – most commonly a “denial of service” attack, which is designed to overload the victim’s server and render it unusable.
‘Bringing a knife to a gun fight’
While survey respondents noted that no such attacks had yet succeeded in knocking out critical systems or trading platforms, the rapidly-evolving nature of the problem – in particular the growth of sophisticated “Advanced Persistent Threats” – meant it should not be underestimated.
“Reliance on an outdated understanding of what cyber-crime entails; a perception of safety due to containment of past cyber-attacks; or assumptions around the limited capabilities of cyber-criminals today – may mean we end up ‘bringing a knife to a gun fight’ in the future,” the report warned.
“Worse, a presumption of safety (despite the reach and size of the threat) could open securities markets to a cyber ‘black swan’ event.”
According to the Financial Times website, Wall Street banks and several US government agencies will today participate in a simulation exercise branded “Quantum Dawn 2”, which is designed to mimic a widespread systemic cyber-attack in the US equities market.
A copy of “Cyber-crime, securities markets and systemic risk” can be downloaded from the IOSCO website, here.