Avoiding Insider Trading with Cybersecurity and ERM
Steven Minsky | Sep. 8, 2015
Cybersecurity has been on our radar a lot lately, but that’s thanks to the alarming number of recent, high-profile security breaches. Take a look at our recent blog post regarding a major flaw in the Android operating system, or our discussion of hackers’ disturbing rate of maturity.
Federal officials recently broke up a long-term insider trading scheme
In early August of this year, it was announced that Feds succeeded in breaking up a hacking and insider trading scheme in which international hackers gained access to corporate news releases before the intended release dates, and the captured data enabled successful, illegal trades.
Cyber-attacks like these can come at any time and from anywhere: inside, outside, even overseas. They may involve simple corruption or theft, as with Android’s issue, but can also be facilitated by company employees, as unpleasant as that notion is.
Protecting your company against any and all cybersecurity breaches is certainly doable, but it will require a concerted, enterprise-wide IT and IS risk management effort. Employees operating on the so-called front lines are just as crucial to uncovering risks as members of senior management.
What actually happened, and who was affected?
According to The New York Times, five men have been indicted so far. Their attack was patient and calculated, having taken place over the course of at least five years.
Technically, they hacked specifically into information-dissemination companies such as Business Wire, but the attacks granted them access to sensitive information about dozens of unsuspecting, publicly traded companies.
Indirect victims come from a wide variety of industries and include Bank of America, Clorox, and Caterpillar, says The New York Times.
How hackers infiltrate their targets
Hacking and illegal trading methods are complicated and diverse enough that entire books could be written about them. BBC news, however, has identified one particularly alarming method somewhat reminiscent of the one criminals might have used to hack Android phones.
This method, aptly known as “spear-phishing,” involves sending infected emails to pre-identified, key members of an organization. That’s right – hackers are able to pick you out from the bunch if they think targeting you will help them succeed.
As an organization, stay aware & implement preventative cybersecurity measures
The goal of this post is not to spark paranoia. Far from it. ERM software can help you monitor news feeds, identify risk, automatically notify those in your organization that are most likely to be impacted by that risk as well as coordinate and track mitigation activities through to completion.
Centralizing incident management processes, and using them to engage those that are needed in response is critical to prevent disasters before they happen. Visit our website to learn how LogicManager’s incident management software platform can help you prioritize what needs to get done today.