Images of war often include missiles, tanks, and troops. But the next war is likely to include a component invisible to the naked eye. Cyber-attacks can cripple an economy and destabilize a society as effectively as a conventional war – at a fraction of the cost. The recent Equifax hacking incident, impacting nearly 143 million Americans, was not a one-off instance. It was a signal that the world’s financial infrastructure is at constant risk, a point made more poignant by an event that literally put the world at financial risk.
Imagining the next cyber attack against Financial Infrastructure with a sense of horror
Imagine a day in the not too distant future when a nation-state or terrorist organization intent on inflicting damage to the US might not seek to engage in such behavior through blood and brawn, but rather through the stealth of the digital connection.
The market day starts out with a computer-induced sell signal, initiated through the captured computer systems of some the world’s leading hedge funds and propriety trading firms. The markets are reeling. The trading firms and exchanges initially attempt to communicate via email, but their emails messages are intercepted and altered by the hackers. Exchange circuit breakers shut down the markets as the nation’s cybersecurity forces focus their attention on the latest problem, this one a previously unknown vulnerability that IT security experts were surprised existed. In the constant game of cat and mouse, the hackers always seem to have a creative new method to exploit technology that now runs the world's economy.
But the flash crash that is shocking the world’s financial system is only an appetizer; a distraction for the main event.
Computer hackers have infiltrated some of the world’s most important central banks alongside a handful of the largest commercial institutions. As the nation’s horrified attention is focused on shuttered financial markets worldwide, a cyberheist of unimaginable proportion is occurring. Hackers have been able to vaporize the accounts in major banks, draining cash into an untraceable never world.
Later that morning, bank ATMs are shuttered as not only customer accounts have suddenly become illiquid, but bank balance sheets seize up. Word starts to spread like wild-fire on social media as nervous account holders begin to line up outside banks to claw at whatever cash they can get.
The global Financial infrastructure system, which is based on trust, appears shattered.
It is at this point the civil unrest begins. Unsuccessful runs on the bank turn to runs on stores, as looters turn the rule of law into a quaint notion. Without firing a shot, the anonymous hackers, safe and secure in an unknown location halfway around the world, have brought down civil society.
The unimaginable is possible
The unimaginable Financial infrastructure technical destruction of civil society could start with hackers targeting IT administrator privileges, Institutional Investor’s Ben Sullivan notes in a piece titled “A Hackers Guide to Destroying the Global Economy.”
Gaining access to a computer system is becoming increasingly sophisticated. Downloading a document or malicious image can provide hackers access to a computer, which can lead into a password list and email access. With administrative privileges or even certain basic access to a network, malicious software can spread and manipulate an entire system or website.
The hackers are increasingly focused on financial infrastructure, perhaps among the most important to protect in a free enterprise economy.
Accenture commissioned a March 2017 report that noted a typical financial services organization will experience 85 hacking attempts every year – and fully 33% will be successful.
“Financial institutions across the world are a constant target for attackers, from nation-state hackers looking to cause disruption to old-fashioned criminals looking to steal vast sums of money,” Lee Munson, a security researcher at Comparitech, told Institutional Investor.
In the seemingly never-ending world of cyber attacks, there is no "red-line" or even much deterrence for those that are subtly state-sponsored. All those in the financial system can do is hope that their IT security measures are strong. But as everyone in Financial infrastructure services knows, hope is a four-letter word.