Financial markets next big cyber target, says US expert

Manipulation of international financial markets will be the next evolution of cyber crime, says US Cyber Consequences Unit chief

Manipulation of international financial markets will be the next evolution of cyber crime, according to Scott Borg, chief of the US Cyber Consequences Unit.

There is a limit to the amount of money criminals can make through theft and credit card fraud, he told a joint session of the ASIS International and (ISC)2 annual congresses in Chicago.

“But there is no limit to the money that can be made by manipulating financial markets,” he said, speaking at an international policy roundtable on cyber security.

By taking a position in the market and then conducting a cyber attack to discredit a company, criminals can make an almost infinite amount of money, said Borg.

“Even if the beneficiaries are identified, they can always say they took the position based on a rumour in the market,” he said.

Borg, who predicted in 2002 the shift from mass disruption cyber attacks to professional, organised cyber crime, said the next shift to financial markets will transform the field of cyber security.

Christopher Ling, executive vice-president of Booz Allen Hamilton, said that allied to this, the world is facing a potential loss in confidence in the integrity of information systems.

Crawford Samuel, project leader at the International Cyber Security Protection Alliance said one of the biggest challenges in the next few years will be managing personal information online.

“If not managed correctly, personal information online will not only open people up to personal attack, but they will become vectors for attack on the organisations they work for,” he said.

More on cyber attacks

  • Google to warn users of state-sponsored attacks
  • Gauss toolkit used in nation-state-sponsored cyberattacks, Kaspersky says
  • Cyber attacks must avoid civilian targets, says Nato manual
  • More than half UK citizens worried about nation-state cyber attacks
  • Paranoia growing over state backed cyber attacks
  • Security Think Tank: Prism fallout could be worse than security risks
  • Security Think Tank: Prism is dangerous for everyone

Adam Meyers, director of intelligence at security firm CrowdStrike, said proliferation of cyber attack capability is another likely future challenge.

“We are seeing the emergence of easy-to-use, build-it-yourself malware kits, and it is only a matter of time before emerging countries follow the cyber espionage example of larger powers,” he said.

The enormous challenge, he said, will be trying to figure out what to focus on when faced by multiple state actors looking to leapfrog ahead by stealing intellectual property.

Dave Tyson, senior director, global information security at SC Johnson & Son, said information security practitioners will need to move from efficiency to effectiveness.

“It will no longer be just about efficiency and cost,” he said.

Tyson also predicts that as private sector threat intelligence improves, businesses will be guided by who is attacking them when deciding on how to invest in cyber defences.

Hord Tipton, executive director of (ISC)2, said the underlying challenge to meet all these challenges will be finding enough people with the relevant skills.

In addition to creating more opportunities for people to acquire these skills and join the cyber security profession, international and cross-industry collaboration will be vital to cyber defence in future.

Read more on Hackers and cybercrime prevention