When hackers recently compromised 83 million accounts at JPMorgan Chase & Co., chairman and CEO Jamie Dimon said the bank would probably double its $250 million annual computer security budget. But banks and asset managers can’t spend their way to safety from cybercriminals. “Not even the biggest boys out there are fully protected,” says Javier Paz, a senior analyst with the wealth management practice at Boston-based research firm Aite Group. “Data security is more of a long-term goal than a reality.”
Human and technical vulnerability leave financial institutions open to attack, notes Jim Penrose, executive vice president of cyberintelligence at Darktrace, a self-described cyberdefense provider headquartered in Cambridge, England. Washington-based Penrose, who previously spent 17 years with the U.S. National Security Agency, says his firm’s software combats online threats by detailing an organization’s unique behavior and testing it for anomalies: “That’s what you have to use to your advantage now to detect the departure from normal.”
Paz says hackers would find it tough to steal large sums from an account without getting noticed. But he thinks it’s very likely that some of them will seek to inflict pain on the U.S. capital markets. “They could put large rogue trades that on the surface may seem legitimate,” Paz says. “That’s perhaps the scariest of scenarios, rather than the funneling of funds to some entity.”
