Are financial institutions evolving into IT companies that manage money?
American Airlines plane. Both had significant impacts on the stock market. Fortunately, the UK is a leader in understanding the complexities of cyber security and the development in new countermeasures and a key part of that is the academic community in the UK providing cutting edge research. The Government Communication HQ (GCHQ) has adopted an approach of recognising this capability with 13 Academic Centres of Excellence in Cyber Security Research (ACE- CSR) Programme, and the three Cyber security research institutes.
These provide a wealth of ideas and technologies that can assist in protecting the raw information the financial sector relies on to operate.
T
he finance industry has been going through radical changes for decades, the
latest of which is embodied in the disruption caused by cryptocurrencies, such as BitCoin and RScoin, and the technologies that enable them, such as blockchains. These technologies are being heralded as the solution to a wide range of challenges facing the financial sector.
Cryptocurrencies control the generation and transfer of funds without the need for a central authority, such as a bank. Blockchain technology underpins these digital currencies by acting as a decentralised distributed database, able to record a list of transactions which reportedly protects against tampering and revision.
Smart Contracts are computer programmes, powered by blockchain technology, that automatically enforce and execute the terms of a contract. These contracts could revolutionise many types of financial transactions, specifically those around illiquid assets, such as property and antiques.
Looking beyond these recently disruptive technologies, it is often surprising to some that the finance sector has been digital for at least the last 40 years, if not longer. Banks are comfortable using information to represent currency to transfer funds, and with the advent of online banking now so is the end consumer.
What is interesting is that information is such an essential part of the modern finance sector; not only digital representations of currency, but information about how those funds flow. Significant effort is spent in the
12 © CI TY S ECURI TY MAGAZ INE – SUMME R 2016
modern financial enterprise analysing trading patterns, customer behaviour and sentiment, broader economic and governmental trends.
This analysis of data, currently referred to as data science or Big Data, provides a competitive market advantage for companies; both in customer protection to identify fraudulent transactions, and in money making activities such as trading. This reliance on information informs a position that the finance sector uses information as a raw material which it processes in order to make money. In fact, it has been observed that some large financial institutions are really IT companies that manage money.
This idea that a financial company’s business is the processing of raw information opens a wider view of the security of that company, specifically in terms of cyber security. Much of the cyber security discussion regarding the finance sector has been about protecting businesses’ systems and processes from malicious attack which would disrupt their operation or leak sensitive information.
However, this assumes that the business is a closed bubble, it does not take in any external information. It would be possible, for example, to establish a significant set of online accounts in social media platforms, operate those for a period of 24 months or more to establish credibility, and then use those to taint sentiment regarding a specific company in order to increase the profit from stock market trades. Examples of this can be seen from 2012 with the fake bomb blast in the White House announcement, or the accidental resurgence of an old news story on Google regarding an incident with an
www. c i t y s e cur i t yma ga z ine . com
Lancaster University’s research approach uses natural language processing to identify anomalous group and individual behaviour online, and indications of online precursor activity which indicates an offline action is about to take place. We have technologies based on psychological models that can identify likely insider threat. Our work in understanding resilience, fragility and mapping interconnections in cyberphysical critical national infrastructure can be used to map the complex interconnections between systemic financial institutions to understand where there may be weakness that could be exploited.
The research conducted at Lancaster and the other ACEs and RIs is directly applicable to help the sector to navigate the increasing complex world of legislation and regulation and to support the sector in understanding disruptive technologies such as blockchain and crypto currencies.
Ultimately, the financial sector is interconnected to form a complex industry processing, exchanging, storing and understanding information, acting as a powerhouse for the UK economy. Its novel and extensive use of information exposes new risks to the sector and in partnership and collaboration with universities we can minimise those risks to take full advantage of the opportunities of an increasingly information aware society.
Dr. Daniel Prince Associate Director for Business Partnership and Enterprise Security, Lancaster University
www.lancaster.ac.uk/security-lancaster
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36
