”There are certainly characteristics there that could make it attractive for attackers to go there next,” said Szu yang Ho, from defence technology company BAE Systems, at the PostTrade 360 Stockholm conference on the Wednesday.
”It’s a bit unpleasant but we all have to face it, basically,” he says, about the prospects that sophisticated hackers could move on from hijacking money deposits and payments, to targeting financial securities which are in store or in transfer.
Spots the trend
So far, the conclusion is hypothetic. It comes from an extrapolation of how hacker attacks have developed over the last 20 years. Szu yang Ho shows how the question is also filtered through a structured analysis, which evaluates scores of different threat factors and susceptibility factors.
Users of financial services generally appreciate speed. Yet in this context the quest for faster settlements and real-time trading could add to the risks.
”All of this plays into the hands of the attacker because it decreases the time that we as defenders have to discover an attack,” says Szu yang Ho.
Lurk in the system
He emphasises that a sophisticated hacker attack can be a process over a year or more. Scanning software could be discretely placed in hardware, seeking patterns or vulnerabilities in the data traffic over long periods.
Such a method has its own risk for attackers, though. In one case they forgot to switch off the recording function and ended up gathering evidence eventually leading to their own conviction.
Here you can find the full program for the PostTrade 360 Stockholm conference.