Incident response
Plan for disasters even as you work to prevent them. An incident in your trading network is a serious problem. But, far more dangerous is the lack of a coherent response to an incident. You will never be judged by the thousands of successfully avoided intrusions. Your only record will be your response to the one that got through.
Perform regular analysis of the risks to your trading network. What would happen if a client’s network were compromised? How should your operations team respond to a warning from the Intrusion Detection System? What is your template for the post mortem?
Every member of your team should know what their responsibilities are in the event of an incident. Any confusion around procedures will delay your response when every second counts.
Cover your heel
If an aspect of your security is strong, a smart attacker will seek an easier path. You have to know where your heel is – your enemies certainly will. Consider auditing and documenting the chain of security in your trading network.
If there’s one area that finance is weakest, it’s the “air gap.” Institutions rely so heavily on using secure extranets that they end up trusting whatever comes in over them. Ask your operations team if you have direct connections today. If so, is there a logical gap between your counterparties and your critical trading systems?
Deep defence is the future of cybersecurity. Making even a marginal improvement to cover your heel provides the highest return-on-investment in trading network security.
We’d love to hear your feedback on this article. Please click here
