The idea of cyber threats is nothing new, and malicious hackers have targeted many financial institutions. However, the idea of an entire stock exchange becoming the victim has consequences that could be potentially long-lasting.
It may seem like an apocalyptic scenario, but online gangs have already attacked certain stock markets around the world. Intelligence agencies have warned that this could happen again unless tight controls are put in place to try and block sophisticated hackers, but of course, this is much more difficult than it sounds.
But how much of a threat do cyber attacks really present, and could stock markets be targeted again? Here’s a closer look at the factors to consider.
The Reality of Cyber Attacks
In the past 12 months, more than half the stock exchanges globally have experienced cyber attacks in one form or another. Very often, the intention of the attacks is “disruptive” rather than being motivated by financial gain and focused on non-trading, online services rather than the very heart of the stock market itself.
Most exchanges are well-prepared for these types of threats and have robust disaster-recovery protocols in place. Nevertheless, the majority also agree that cybercrime represents a “systemic risk” that stock exchanges must be constantly vigilant for.
The New Zealand stock exchange is one example of cybercrime that caused serious ripples with investors on indices markets worldwide. Despite being aware of the potential online threat, the New Zealand Exchange wasn’t ready for an attack.
In 2020, the New Zealand stock exchange was the victim of a DDoS attack. DDoS is a simple type of cyber threat that overwhelms capacity, effectively preventing a site from functioning. Personal data isn’t accessed, but despite the simplicity, DDoS attacks can be devastating. The stock exchange was out of action for almost two days, with the hackers demanding bitcoin in exchange for stopping their activity.
Later attacks from the same group, which were sent to other financial institutions around the world, used the New Zealand stock exchange as a warning to what they would suffer if they didn’t pay up.
Analysis from experts criticised the New Zealand stock exchange for having insufficient protocols in place to prevent and respond to the crisis.
A New Type of Threat
DDoS attacks have been around for a long time, but there’s a new wave of online threats that are unlike anything the stock markets will have seen before. Unlike the New Zealand stock market, these activities aren’t carried out by a shady group of hackers; the action is brazen and performed in full view of the world.
This type of online threat isn’t about illegally blocking or accessing a platform; it’s about large groups of people manipulating the stock price. For many years big investment firms and hedge funds had been able to influence the market, but now their own tactics are being used against them, costing them billions in unforeseen market changes.
Gamestop is the perfect example of this type of threat. Often portrayed as a Robin Hood type of escapade in the media, the power of the crowd artificially inflated the share price, causing enormous losses in those who had shorted the stock. It was previously thought that in order to manipulate the market, large amounts of cash would be needed. This type of attack shows that low-priced stocks don’t require lots of money, just a large number of willing participants, which can be really found online.
It may appear to be incongruous to describe Gamestop and similar ventures as a cyberattack, but the stocks were deliberately chosen as they were being heavily shorted. This means that the group co-ordinating the activity were aware that the movement would cause very high losses for investment firms, making it far more similar to an illegal action than just regular market activity.
There’s no easy way to guard against this type of cyber threat. However, when investing, you must be alert to any unusual signs. If you spot activity in the market that you wouldn’t normally expect, don’t dismiss it as irrelevant because it could be another pump-and-dump scheme that impacts your own investments too.
