Cybersecurity For The Capital Market Ecosystem
Capital markets continue to play a vital role in sustaining economic growth and maintaining financial stability. The pandemic has accelerated the technology and digital transformation for the ecosystem to align to business transfor mation and user preferences. Cyber risks have increased according to a study published by the International Organization of Securities Commissions (IOSCO) and the World Federation of Exchanges, over half of the world's securities exchanges were the subject of cyber attacks last year.
The global capital market faces risks of market manipulation, financial fraud, and denial of service attacks. The cost of cyber incidents is immense, causing damage to public trust and undermining the global financial markets' integrity.
Cyber risk management controls in the capital market ecosystem have matured and are battle-hardened over the years with strong regulatory oversight. However, the rapid adaptation of digital and cloud technologies with the increased sophistication of persistent attacks has changed the landscape. Scale and agility, the strength of capital markets, are the very targets for advanced and persistent attacks. Cybersecurity technologies are evolving rapidly, getting complex, regulations are adapting, but skill availability gap is increasing, leading to control initiatives failing or behind schedule, which increase risks.
Traditional security approaches and frameworks based on assets, risks, exposure probabilities, controls, residual risks, and regulatory guidelines are fundamental but need to transform to meet the proverbial new normal.
An element of this transformation is the use of automation, benefits of which are obvious:
•Helps manage scale due to the sheer volume of data, transactions, and events
•Enables speed of response, which is critical in proactive and reactive
•Improves accuracy, reducing human errors
•It is consistent, especially to pre-defined and repetitive tasks
•Allows skills be used for areas that need attention and expertise
However, the risk is that automation can create new challenges if it lacks the clarity of objectives, expected outcomes, and an organization's context. As much as we would like it to be, cybersecurity automation is not a silver bullet; self-healing, selfdeploying, and selfcorrecting technology can identify the issues and fix them by itself.
Human factors, among other things, are the study of how humans and machines interact. Machines are good at doing repetitive tasks, complex computations, and multi-tasking. Human's on the other hand, are good at creative thinking, adapting to unknowns and relationships. A humancentric cybersecurity automation approach, which applies to an organization's expected outcomes and context, is key for this element of cybersecurity transformation to work.
The evolving capital market ecosystem is an ideal candidate for cybersecurity transformation using automation. It can add excellent value to the well-established traditional security models.