Broadgate at ISITC Europe General Meeting’s Security Panel

0

Last month, on Monday the 25th of April 2016, we had the pleasure to participate in the General Meeting of the International Securities Association for Institutional Trade Communication (ISITC Europe).

The voluntary organisation was founded in 1992 and “has lead operational and technical change over the past 25 years, contributing to the rise of efficiency in the securities markets to the mutual benefit of all participants”. ISITC’s members gather in work groups around innovative topics such as Blockchain, Standards, Regulation, Industry Engagement and – last but not least – Cybersecurity.

Nigel D Solkhon, CEO of ISITC Europe, whom we featured in our recent 5 Minutes With interview, initiated the event by highlighting the ISITC’s educational, innovative and operational role and was followed by a keynote speech from Edward Walace, MWR Infosecurity: Cybersecurity, what is there to fear?

The first panel discussion discussed the adoption of blockchain by the securities market. Anthony Culligan, co-founder of SETL, briefly explained the concept of blockchain to the audience by noting, that working in finance is very much different to how it is presented in the Wolf of Wall Street – “what we do is we keep very long lists of loans, assets, cash… and another thing that is exciting is that we change those lists. Blockchain technology is just a fantastic way to keep these lists. Maintain these lists, allowing each participant to make changes [to them].

As the three ‘pillars’ which pose a barrier to the adoption of blockchain, Justin Amos, Digital Asset Holdings, listed the lack of global standardisation, the network effect and regulation.

Mr. Vandenreydt also stressed the importance of the neutralisation of costs, which would potentially serve as an incentive for organisations to adopt blochchain; “now it is a global architecture and there is nothing more difficult to sell than an architecture”, he noted. Further challenges mentioned during the panel include identity management – there is a need to have an independent identity framework; standards (how can you smoothly operate if you work with a number of different countries of different jurisdictions?) and data privacy implications.

Once blockchain is adopted, who will be the winner who will be the loser? According to one view, the harsh reality is that the losers will be the employees, while the winners will be the shareholders. According to another, the winners will be those who are ‘close’ to their clients, those who understand them.

Richard Gale represented Broadgate during the event by joining the panel, which discussed: How can the Securities Market manage Cyber Security best?

The panel’s host, David Ewings, Threadneedle, opened the discussion by noting, that the cyber threat is ever-evolving, as well as stressing the need for us to recognise that it is impossible to ‘protect everything’ and the necessity to have ‘an approach and a desire’ to be cyber-secure.

Richard Gale highlighted the importance of ensuring that management understands the significance of building security into every project and everything you do within the organisation. An internal awareness of the consequences of a potential attack is key. Edward Wallace, Infosecurity, agreed by noting that companies should quantify the business risk (taking into consideration reputation risks/costs), stressed that security is not something that you can simply ‘stick on afterwards’, as well as noted that there is a mismatch between projects and work streams within organisations. The panelists shared the view, that organisations need to be aware of where exactly can external companies ‘plug into’ to get business assets from and where the most valuable data is held. While it is essential, that we realise that it is impossible to eliminate all the risks, companies need to “identify core assets, their crown jewels and keep them safe”. Clever security financing is also paramount – when setting budgets, organisations need to take into consideration the potential post-attack costs. As more data comes out, companies will likely increasingly benchmark themselves and make according security decisions – you’d rather not be as secure as you would wish than be out of business because of spending too much on security!

Yet another consideration for cybersecurity-aware organisations should be the risk they take on by taking on certain clients. Offsetting potential risk by working with contractors or maximising security measures in place at specific periods only are some of the solutions to dealing with client-deriving risks.

In regards to regulation in the area, it was noted, that regulators, while looking at technology, which will become available in the future, address risk in a retrospective manner. Organisations should be ahead of regulation. They need to do much more than simply comply with regulation – ensure that they protect their own assets, as a lot of regulation is about protecting others’ data.

RSS Feed Subscribe to our RSS Feed

Posted on : 26-04-2016 | By : Maria Motyka | In : Cyber Security, Data, Finance, Innovation

Tags: , , ,

Write a comment