Financial industry cyber defense readiness exercises on July 18th produced an unsettling answer to her question: Don’t count on it.
Those who read my prior post on cyberattacks against the financial industry are aware that the effectiveness of the cyber defense “protecting” major Wall Street investment banks was tested on July 18th during an exercise dubbed “Quantum Dawn 2.”
Quantum Dawn 2 was organized by the Securities Industry and Financial Markets Association (SIFMA). More than 500 individuals from 50 investment firms and financial market exchanges, together with government agencies including the Department of Homeland Security, participated in the cyber security exercise.
At the end of the day, this complex operation aimed to essentially answer Ms. Bartiromo’s question, although in data security rather than investment terms.
And according to a SIFMA official, who described the exercise as an opportunity for the participants to “run through their crisis response procedures and refine protocols relating to a systemic cyber attack,” the event was “a success.”
Financial Industry Cyber Preparedness Graded as an F
An operational success? Perhaps. But a markedly different view emerges from cyber security professionals following Quantum Dawn 2. In an interview on Bloomberg TV, David Kennedy, CEO of security firm TrustedSec believes “the financial industry overall - there are of course exceptions - is largely unprepared to deal with systemic cyberattack.”
Kennedy graded the financial industry’s cyber defense preparedness demonstrated in Quantum Dawn 2 as an “F”.
Overall, Kennedy feels many financial institutions are not taking security seriously enough. “Until cybersecurity is made an integral part of their business,” he stated, “little progress will be realized.”
Sahba Kazerooni, of Security Compass and also on Bloomberg, echoed Kennedy’s failing grade for Quantum Dawn 2. “Individuals should take exceptional online security precautions with passwords and deal only with reputable financial institutions,” he says, “but in the end it is the financial industry which must protect both its and the consumer’s financial data effectively.”
Tip of the Iceberg?
Protecting information is not getting any easier. Whether we’re talking about hackers out to create mayhem, criminals out for money or nation-states embedding themselves in key parts of the American economy, one truth exists: Attacks are increasing in both sophistication and magnitude. According to Kennedy, “Today, we are just seeing the tip of the iceberg.”
Financial firms that participated in Quantum Dawn 2 will reportedly be receiving detailed feedback on their cyber defense strengths and weaknesses within the next several weeks.
In the meantime – or rather, until the financial industry demonstrates significant advances in its cyber defense capabilities - Maria Bartiromo’s question hangs overhead, unanswered. Do you know where your money is? Stay tuned.