The use of computers in the stock market is nothing new. But the rise of high-speed trading operating on computer networks with specialized algorithms has brought huge changes in how banks manage investments, and how governments regulate cybersecurity protections for financial institutions.
Goldman Sachs, the 148-year-old powerhouse investment bank, had revenue exceeding $37 billion in 2016, and computer-based trading is now such an integral part of the bank’s operations that roughly one-third of its staff are computer engineers. While banks and investors rake in the profit, criminals have also set their eyes on getting a slice of the pie. From stealing the algorithms themselves, to a hack into a news organization’s Twitter account to potentially manipulate the market, to insider trading, criminals work to exploit every avenue to gain access to the billions of dollars passing through banks every day.
After record-setting data breaches across several industries, and an estimated $81 million stolen from a bank in a single cyber-heist in Bangladesh, government is taking notice. At the federal level, the Commodities Futures Trading Commission expanded its regulations and will now require organizations to conduct at least five types of cybersecurity testing. At the state level, the New York State Department of Financial Services has proposed more stringent cybersecurity regulations for financial services companies, including a 72-hour notification window for reporting any cyber incident to NYDFS, and the employment of a chief information security officer who is responsible for compliance and reporting for all regulations and requirements.
Even with these new regulations, criminals will undoubtedly find new ways to exploit these increasingly complex systems, and laugh all the way to bank as they steal millions and get away with it.