The January edition of FCM360 Forex Summit takes a hard look at the future of cyber security. In the wake of recent DDoS attacks, we asked security expert and futurist Ted Gordon, whose clients have included NATO and other government entities, to comment on the destructive capacity of a lone wolf cyber terrorist. We also talked with insurance fraud and cyber security expert Raj Tumber about the rise in state-sponsored attacks. For businesses and government agencies that want to know more about the potential perils and workable solutions Boston Global Forum’s 40-page report Cyber Security 2016 is now available through this Website. ~ The Editors.
2015’s wave of DDoS attacks sparks new worries over the next big attack
The current wave of DDoS attacks on the Foreign Exchange industry has put everyone on notice — especially those who provide the infrastructure that platform providers, brokers and traders count on to run their transactions reliably and securely.
The DDoS or Distributed Denial of Service attacks that recently shut down a number of sites are pretty crude says futurist Ted Gordon, “DDoS hackers have been around for a long time. They simply send so much data at one time that they are able to overwhelm the system and bring it, and access, to a screeching halt.”
To thwart these current attacks, FCM360 (www.fcm360.com), a secure ecommerce network provider and managed cloud hosting service, increased all of its upstream ISP bandwidth to repel attacks of up to 20 Gigabits per second internally.
“Additionally FCM360 contracted with industry security providers to increase its DDoS prevention capability to over 300 Gigabits per second in New York and London. This means we can withstand and mitigate nearly all current DDoS threats targeting the financial services and e-commerce industry,” says Jubin Pejman managing director
But Gordon, whose clients have included NATO and other government entities, says that while DDoS attacks can be repelled “by building a bigger pipe, I worry about the future when a sophisticated lone-wolf SIMAD terrorist decides to penetrate the financial sector or the power grid for that matter. SIMAD stands for Single Individual Massively Destructive.”
Gordon, the lead author of “Lone Wolf Terrorism Prospects and Potential Strategies to Address that Threat,” sees us “in a race between the destructive capacity of an individual who can inflict harm on the level of, say, putting out all the lights on the Eastern seaboard, and the tools of detection and interdiction that might be available to thwart such efforts.”
To detect and stop such individuals Gordon envisions an algorithm, using data from many different sources, will be developed to asses terrorism risk; it would produce a “risk number” similar to FICO scores that are based on collecting debt and payment information and use a complex formula to determine an individual’s credit risk. “The terrorism database will be much larger, include more factors and if proven statistically and used cautiously, could serve as a predictor of terrorism risk,” says Gordon.
“The data are likely to use facial recognition in new ways. For example, as someone enters the US, his or her passport photo might be matched to photos from a security camera near a restaurant in Brussels that is a known hangout for terrorists and shows the individual meeting with suspected terrorists.”
He added that law enforcement can also be expected to penetrate trading and ecommerce systems to test for reactions from “fake trades” to learn whether our financial systems can withstand a large scale, sophisticated attack. TJX, for example, didn’t know its computer system had been breached until the FBI alerted the company. And, even after the company swept its system, hackers were able to leave behind a small bit of undetected code that continued to pirate credit card numbers.
Though sophistication and risk of devastation may increase, motivations will remain pretty much the same: “Greed, terror, or just proving one can break in to cause embarrassment.”
Cyber security expert Raj Tumber on state-sponsored, other cyber threats
As if cyber attacks by a lone wolf or ISIS-inspired terrorist aren’t enough to worry about, what about state-sponsored attacks where both sophistication and budgets can be nearly limitless?
Cyber security expert Raj Tumber, an insurance industry advisor who took part in the 2014 Fraud Summit in London, points out that state-sponsored terrorism is definitely on the rise. He points to the May 2014 indictment of Chinese military officials for computer hacking aimed at US nuclear power plants, and Russian hackers who reportedly exploited a flaw in the Microsoft Windows operating system to spy on NATO and a French telecommunication organization.
“In the near-future, the security of physical assets, not just data, will be of increasing importance as The Internet of Things is exposed to vulnerabilities from hackers. The real risk has gone from government-owned centrifuges in Iran, to individually owned driverless cars on Los Angeles’s 405. With this in mind, a significant rise in the cyber arms race is indeed possible, creating a Wild West of state-sponsored actors.”
Cyber attacks by nations are a two way street though. As Tumber points out, “In 2009 and 2010, a sophisticated Advanced Persistent Threat (APT), Stuxnet, was set loose to deactivate Iranian nuclear plant centrifuges, which computer security firm Kaspersky Lab and the New York Times traced to the U.S. and Israel.”
On the financial side, Tumber adds that credit card holders are better protected now that we have EMV-equipped credit cards that store data on an integrated circuit instead of a magnetic stripe, and the industry has initiated improved Payment Card Security Standards, “merchants who store credit card information are increasingly becoming targets of criminals looking to steal credit card information in bulk.”
Additionally Secure Sockets Layer is no longer an acceptable method of securing credit card data transmitted between browser and server. Tumber said, Vulnerabilities such as Heartbleed, have rendered SSL obsolete. As a result, a more evolved version of SSL, known as Transport Layer Security (TLS) will become the new standard for merchants to integrate within their payment systems.”
To counter the added layers of system security, criminals are developing malware to capture credit card information at the point of sale.
Tumber sees hope, “If every world leader would be willing to put a stop to questionable activities, such as espionage, there may be some hope that individuals, businesses and governments will be able to enjoy a safe and secure internet and the motivations behind bad state actors will eventually diminish.”
In at least one case, Nguyen Tan Dung prime minister Vietnam, a nation of 90 million, has called for a clean and pure Internet and has endorsed the Ethics Code of Conduct for Cyber Peace and Security developed by Boston Global Forum, think tank with ties to Harvard University.
News, Appointments & Events
Forex Summit Newsletter wants to hear from you and your company. We publish company news, career appointments and promotions, and events including seminars, conferences, Webinars, and speaking engagements.
Increase your Forex Kowledge
OANDA is hosting the, Webinar Trading Forex: Technical Analysis vs Trading Strategy, at 7 pm, (EST) Wednesday, January 13. Traders, both new and old, often fail because they don’t recognize the need for systematic trading strategies. This Webinar will review various approaches to trading, and highlights the critical difference between utilizing elements of technical or fundamental analysis and trading with an actual strategy. The Webinar also covers: fundamental vs. technical approaches to trading; the distinction between fundamental and technical trading approaches, differences between day trading, swing trading and investing, and the critical role of risk management in trading success Register Here.
Cybercriminals Enjoy Happy Holidays
In a his recent blog post, Rohan Ramesh, Product Marketing Manager for IBM BigFix, a part of the IBM Security portfolio, tells us: The average cost of a data breach per lost or stolen record in the retail industry increased dramatically from $105 in 2014 to $165 in 2015, according to the Ponemon Institute’s “2015 Cost of Data Breach Study.”
If a retail site is hacked or disabled, average losses may amount to as much as $500,000 per hour, or $8,000 per minute, according to Dark Reading. In addition to the direct financial loss, there are also reputational damages to the brand and loss of customer confidence that affect all future sales.
Victimized by a DDoS attack?
One out of eight DDoS victims blame their competitors. That’s according to recent research from Kaspersky Lab and B2B International, which says nearly half (48 per cent) of the companies surveyed believe they know the identity and motivation of those behind recent Distributed Denial of Service (DDoS) attacks against them, with many naming competitors as culprits.
Though criminals seeking to disrupt company operations make up over a quarter (28 per cent) of the suspects, a surprising 12 per cent of all companies believe that their competitors are responsible and have paid for DDoS attacks against them. This suspicion increases even more for those in the business services industry, with over 38 per cent believing that their competitors were to blame for the attacks. Click here for more details.
FX News That Matters
Cyber Security 2016 offers insights and practical solutions…A new report by Boston Global Forum anticipates an increase in conflict over cyber security between the West and bad actors from China, Russia, Iran, North Korea, India, Pakistan, Brazil, Argentina, and many developing countries. The report also anticipates:
The internet of things (IoT), machine-to-machine (M2M) communications, and mobile platforms will increase opportunities for states, criminals, and thrill-seekers to discover and exploit vulnerabilities.
Individualized encryption and the use of crypto-currencies such as Bitcoin will continue to facilitate anonymous crime and terrorism.
A number of solutions will be deployed including secure backdoors for legitimate governance and additional regulation of crypto-currencies.
Corr Analytics of New York contributed to the writing of the Boston Global Forum report. The 40-page report may be downloaded at: Cyber Security 2016 Report.
For editorial contributions contact Dick Pirozzolo, Editor, at + 1 617 959 4613 or firstname.lastname@example.org