cyber_security   206

« earlier    

Pentagon Turns to High-Speed Traders to Fortify Markets Against Cyberattack
Oct. 15, 2017 7| WSJ | By Alexander Osipovich.

"What it would be like if a malicious actor wanted to cause havoc on U.S. financial markets?".....Dozens of high-speed traders and others from Wall Street are helping the Pentagon study how hackers could unleash chaos in the U.S. financial system. The Department of Defense’s research arm, DARPA, over the past year and a half has consulted executives at high-frequency trading firms and quantitative hedge funds, and people from exchanges and other financial companies, participants in the discussions said. Officials described the effort, the Financial Markets Vulnerabilities Project, as an early-stage pilot project aimed at identifying market vulnerabilities.

Among the potential scenarios: Hackers could cripple a widely used payroll system; they could inject false information into stock-data feeds, sending trading algorithms out of whack; or they could flood the stock market with fake sell orders and trigger a market crash......Among potential targets that could appeal to hackers given their broad reach are credit-card companies, payment processors and payroll companies such as ADP, which handles the paychecks for one in six U.S. workers, participants said.....The goal of Darpa’s project is to develop a simulation of U.S. markets, which could be used to test scenarios, Such software would need to model complex, interrelated markets—not just stocks but also markets such as futures—as well as the behavior of automated trading systems operating within them....Many quantitative trading firms already do something similar.......
In 2009, military experts took part in a two-day war game exploring a “global financial war” involving China and Russia, according to “Currency Wars: The Making of the Next Global Crisis,” a 2011 book by James Rickards. ....“Our charge at Darpa is to think far out,” he said. “It’s not ‘What is the attack today?’ but ‘What are the vectors of attack 20 years from now?’”
Pentagon  financial_markets  financial_system  vulnerabilities  high-frequency_trading  DARPA  traders  hedge_funds  Wall_Street  hackers  books  rogue_actors  scenario-planning  scenario  cyber_security  cyber_warfare  cyberattacks 
3 days ago by jerryking
SEC Chief Wants Investors to Better Understand Cyberrisk - WSJ
Sept. 5, 2017 | WSJ | By Dave Michaels.

The chairman of the Securities and Exchange Commission said Tuesday that regulators and Wall Street need to do more to educate investors about the serious risks that companies and the financial system face from cyberintrusions.

Jay Clayton, speaking at an event sponsored by New York University’s School of Law, said investors still don’t fully appreciate the threat posed by hackers. “I am not comfortable that the American investing public understands the substantial risk that we face systemically from cyber issues and I would like to see better disclosure around that,” Mr. Clayton said.
SEC  cyber_security  cyberthreats  cyberrisks  risks  hackers  cyberintrusions  regulators  Wall_Street  data_breaches  disclosure 
6 weeks ago by jerryking
Maersk CEO Soren Skou on how to survive a cyber attack (reader responses)
The article doesn't tell anything of value. It's a shortcoming regarding the standard of the FT. This CEO doesn't say anything despite that he took part in confcalls. Wow. 

As an outsider it would...
letters_to_the_editor  Maersk  cyber_security  cyberattacks  FT  interpretative  from notes
9 weeks ago by jerryking
Global shipping boss charts course through troubled waters
August 14, 2017 | Financial Times | by Richard Milne.

When AP Moller-Maersk came under cyber attack this year, chief executive Soren Skou was presented with a very basic problem: how to contact anyone. The June attack was so devastating that the Danish conglomerate shut down all its IT systems. The attack hit Maersk hard. Its container ships stood still at sea and its 76 port terminals around the world ground to a halt. ...Skou had no intuitive idea on how to move forward....Skou was “at a loss”, but he decided to do three things quickly.
(1) “I got deep in.” He participated in all crisis calls and meetings. “To begin with, I was just trying to find out what was happening. It was important to be visible, and take some decisions,” he says. Maersk is a conglomerate, so IT workers needed to know whether to get a system working for its oil business or container shipping line first.
(2) He focused on internal and external communication. Maersk sent out daily updates detailing which ports were open and closed; which booking systems were running and more. It also constructed a makeshift booking service from scratch.
(3)Skou says he made sure frontline staff in the 130 countries it operates in were able to “do what you think is right to serve the customer — don’t wait for the HQ, we’ll accept the cost”.

He says that he has learnt there is no way to prevent an attack. But in future, the company must “isolate an attack quicker and restore systems quicker”. He adds that Maersk will now approach its annual risk management exercises in a different spirit. “Until you have experienced something like this — people call them ‘black swan’ events — you don’t realize just what can happen, just how serious it can be.”

Danish conglomerate AP Moller-Maersk is planning to expand into transport and logistics ...

....Mr Skou’s plan for Maersk is about shrinking the company to grow — a “counterintuitive” approach, he concedes. Maersk’s revenues have stagnated since the global financial crisis and the solution has been to jettison what has often been its main provider of profits, the oil business.

In its place, Mr Skou has already placed his bet on consolidation in the shipping industry.....His real push is in bringing together the container shipping, port terminals, and freight forwarding businesses so as to make it “as simple to send a container from one end of the world to the other as it is to send a parcel with FedEx or UPS”. That requires quite a cultural shift in a group where independence was previously prized.....Another priority is to digitalise the group. “It is pretty messy,” Mr Skou says cheerfully. Unlike most businesses selling to consumers who offer few possibilities to change much, almost everything is up for negotiation between Maersk and its business customers — from delivery time, destination, cost, speed, and so on. “It’s easy to talk about digitalising things; it’s quite difficult to do in a B2B environment. It’s hard to digitalise that complexity,”
crisis  crisis_management  malware  cyber_security  cyberattacks  conglomerates  black_swan  improbables  CEOs  Denmark  Danish  IT  information_systems  think_threes  post-deal_integration  internal_communications  counterintuitive  digitalization  shipping  ports  containers  Maersk 
9 weeks ago by jerryking
Businesses must quickly count the cost of cyber crime
8 July /9 July 2017 | Financial Times | Brooke Masters.

Transparency without the full facts can be dangerous....Cyber attacks are frightening and hard for investors to evaluate. Quantify, to the extent possible, the impact as quickly as you can.
malware  Mondelez  cyber_security  WPP  transparency  cyberattacks  brands 
9 weeks ago by jerryking
Prepare to be hacked
| Financial Times | Madhumita Murgia.

"the longer-lasting impact on the human psyche has remained large unexplored".....psychological harm of cyber war can affect wellbeing nonetheless...."Today, with attacks like WannaCry and Petya, we are entering the era of intelligence,"...'moving from locks to surveillance to early detection"
cyber_security  hackers  cyberthreats  malware 
9 weeks ago by jerryking
U.S. Cyberweapons, Used Against Iran and North Korea, Are a Disappointment Against ISIS - The New York Times

In 2016, U.S. cyberwarriors began training their arsenal of cyberweapons on a more elusive target, internet use by the Islamic State. Thus far, the results have been a consistent disappointment......The effectiveness of the nation’s arsenal of cyberweapons hit its limits against an enemy that exploits the internet largely to recruit, spread propaganda and use encrypted communications, all of which can be quickly reconstituted after American “mission teams” freeze their computers or manipulate their data..... the U.S. is rethinking how cyberwarfare techniques, first designed for fixed targets like nuclear facilities, must be refashioned to fight terrorist groups that are becoming more adept at turning the web into a of the rare successes against the Islamic State belongs at least in part to Israel, which was America’s partner in the attacks against Iran’s nuclear facilities. Top Israeli cyberoperators penetrated a small cell of extremist bombmakers in Syria months ago, the officials said. That was how the United States learned that the terrorist group was working to make explosives that fooled airport X-ray machines and other screening by looking exactly like batteries for laptop computers......ISIS' agenda and tactics make it a particularly tough foe for cyberwarfare. The jihadists use computers and social media not to develop or launch weapons systems but to recruit, raise money and coordinate future attacks.

Such activity is not tied to a single place, as Iran’s centrifuges were, and the militants can take advantage of remarkably advanced, low-cost encryption technologies. The Islamic State, officials said, has made tremendous use of Telegram, an encrypted messaging system developed largely in Germany......disruptions often require fighters to move to less secure communications, making them more vulnerable. Yet because the Islamic State fighters are so mobile, and their equipment relatively commonplace, reconstituting communications and putting material up on new servers are not difficult.
ISIS  NSA  security_&_intelligence  disappointment  Israel  encryption  disruption  London  London_Bridge  tools  cyber_security  cyberweapons  vulnerabilities  terrorism  Pentagon  U.S._Cyber_Command  campaigns 
june 2017 by jerryking
Russian malware link hid in a comment on Britney Spears' Instagram
Sometimes weird comments are secret messages: "Russian malware link hid in a comment on Britney Spears' Instagram - "
cyber_security  social_media  from twitter
june 2017 by chrisdymond
The Evolution of a Cybersecurity Firm - WSJ
By Cat Zakrzewski
May 16, 2017

......Certainly when someone is working with us today, they’re looking for us to deliver an outcome. They’re not necessarily looking for us to just provide them with a product and move on. That’s a big evolution in our model. We’re helping them manage cybersecurity risk.....It’s a big shift to go from a company that sold several products that each performed a separate security function to one that delivers an architecture designed to help customers drive more-holistic outcomes. In many cases, our customers are now asking us to help them manage and run our products for them so that they can get more value versus doing it themselves.......The problem we see in security is that often companies take the lack of attack on their company as meaning they have a good defense, and as a result do not place enough emphasis on the urgency of patching their systems to prevent future attacks.....[Cybersecurity has] gone from a back-office function to a boardroom-level issue. Now everyone in the C-suite of an organization has at least got some basic understanding of cybersecurity issues.

That’s bringing a whole level of visibility to it that we haven’t had in the past. Boards are worried about brand implications, they’re worried about intellectual property, they’re worried about business operations being interrupted, they’re worried about losing value. .....: I think the biggest mistake technical people can make is leading with the technology in both their explanation as well as in their remedies, leading with a one-size-fits-all problem. I think that’s when people get confused about what we’re trying to do. Then they think, well I can just go buy a widget and technical widgets should solve my technical cybersecurity problem. Cybersecurity is a systemic challenge. There are people issues......One key area is making sure that your partners and vendors are part of your extended, coordinated response, and that comes through clearly understanding what potential scenarios you face and then practicing what to do when an incident occurs.......Cybersecurity has a similar set of challenges, where you constantly are operating and have risks. People can be compromised, you have complex systems. You might make an acquisition where that firm had a breach and you’ve brought that into your organization. Cybersecurity is something you need to think about in a risk-based context and think about it holistically.
CEOs  McAfee  boards_&_directors_&_governance  cyber_security  cyberthreats  one-size-fits-all  outcomes  risk-management  data_breaches  network_risk  threat_intelligence 
may 2017 by jerryking
Hackers Hit Dozens of Countries Exploiting Stolen N.S.A. Tool
MAY 12, 2017 | - The New York Times | By NICOLE PERLROTH and DAVID E. SANGER.

Hackers exploiting malicious software stolen from the National Security Agency executed damaging cyberattacks on Friday that hit dozens of countries worldwide, forcing Britain’s public health system to send patients away, freezing computers at Russia’s Interior Ministry and wreaking havoc on tens of thousands of computers elsewhere.....The attacks appeared to be the largest ransomware assault on record, but the scope of the damage was hard to measure. It was not clear if victims were paying the ransom, which began at about $300 to unlock individual computers, or even if those who did pay would regain access to their data.

Security experts described the attacks as the digital equivalent of a perfect storm. They began with a simple phishing email, similar to the one Russian hackers used in the attacks on the Democratic National Committee and other targets last year. They then quickly spread through victims’ systems using a hacking method that the N.S.A. is believed to have developed as part of its arsenal of cyberweapons. And finally they encrypted the computer systems of the victims, locking them out of critical data, including patient records in Britain.
tools  cyber_security  cyberweapons  cyberattacks  vulnerabilities  malware  Microsoft  ransomware  hackers  NSA  exploits  blackmail 
may 2017 by jerryking
The Latest Dump of Alleged NSA Tools Is ‘The Worst Thing Since Snowden’ - Motherboard
So this is not great... "The Latest Dump of Alleged NSA Tools Is ‘The Worst Thing Since Snowden’."
cyber_security  from twitter
april 2017 by chrisdymond
NYTimes: Trump Offers No Apology for Claim on British Spying
British officials were livid after the White House aired an unverified claim that Britain’s spy agency had monitored Mr. Trump during last year’s campaign at the behest of President Obama.
Sent  from  my  iPhone  KTP  Trump  cyber_security  wiretap  from iphone
march 2017 by fulab

« earlier    

related tags

accel  actionable_information  alumni  andreessen_horowitz  anti-corruption  apple  arms_race  asia_pacific  asian  australia  autocrats  bank_of_canada  banks  bay_street  bf  big_law  bitcoin  black_markets  black_swan  blacklists  blackmail  blackrock  blg  blindfla  blockchain  boards_&_directors_&_governance  books  bounties  brands  brokerage_houses  business-continuity  campaign_2016  campaigns  capabilities  censorship  ceos  china  chinese  cia  cios  cloud_computing  coding  communicating_&_connecting  conglomerates  connected_devices  containers  counterintelligence  counterintuitive  criminality  crisis  crisis_management  cryptography  cyber_warfare  cyberattacks  cybercrime  cyberintrusions  cyberrisks  cyberthreats  cyberweapons  danish  dark_web  darpa  dashlane  data  data_breaches  deception  delegitimization  denmark  destabilization  deterrence  digital_currencies  digital_shadows  digitalization  disappointment  disclosure  disinformation  disruption  dnc  domain  donald_trump  drones  e-commerce  economic_warfare  edward_snowden  encryption  entertainment_industry  espionage  europe  exploits  fbi  films  financial_advisors  financial_institutions  financial_markets  financial_system  fingerprints  fireeye  five_eyes  frequency_and_severity  from  fsb  ft  geopolitics  gru  hackergate  hackers  hacking  hacks  hedge_funds  high-frequency_trading  hillary_clinton  hollywood  holman_jenkins  howto  humint  identity_theft  idf  idt  illumio  improbables  inaugurations  indonesia  industrial_espionage  industrial_internet  influence_campaigns  infographics  information_systems  information_warfare  insurance  internal_communications  international_system  internet  interpretative  iphone  iran  isight  isis  israel  israeli  it  ivey  james_clapper  james_comey  kaspersky_lab  kellyanne_conway  konrad_yakabuski  ktp  land_claim_settlements  law_firms  left_of_the_boom  leon_panetta  lessons_learned  letters_to_the_editor  london  london_bridge  m&a  maersk  malware  massive_data_sets  masters  mcafee  measurements  media  mergers_&_acquisitions  michael_hayden  microsoft  missteps  mobile_applications  mobile_phones  mondelez  money-laundering  motivations  movies  my  mydata  national_security  nato  network_risk  neuroscience  new_zealand  noise  north_korea  nsa  nyt_how_to  obama  offensive_tactics  oil_industry  one-size-fits-all  outcomes  outsourcing  overreach  paradigm_shifts  paranoia  passwords  patrick_martin  pentagon  personal_data  personal_finance  philip_delves_broughton  phishing  ports  post-deal_integration  pre-emption  predictions  preet_bharara  preparation  privacy  product_recalls  productivity  professional_service_firms  public_relations  public_sector  punitive  putin  ransomware  regulators  remote_monitoring  resilience  retailers  retaliation  retribution  risk-management  risks  rogue_actors  russia  saas  samsung  sanctions  scenario-planning  scenario  sean_spicer  sec  securities_industry  security  security_&_intelligence  self-censorship  sensors  sent  sharing_economy  shin_bet  shipping  sigint  small_business  sme  social_media  software  software_bugs  sony  sony_pictures  spycraft  spymasters  start_ups  studios  stuxnet  subscriptions  surveillance  symantec  tanzania  terrorism  think_threes  threat_intelligence  threats  tips  tools  traders  transparency  trump  twitter  u.s.  u.s._cyber_command  uk  undermining_of_trust  unit_8200  united_kingdom  vc  venture_capital  victimhood  virtual_currencies  vladimir_putin  vulnerabilities  wall_street  white_house  wikileaks  wiretap  wpp  xbox 

Copy this bookmark: