Equilend Ransomware Attack Puts Focus on Operational Resilience – Markets Media

A cyber attack on EquiLend, the securities lending technology provider, this year which followed an attack on Ion Markets, a third-party provider of cleared derivatives services, in 2023 highlights why regulators have been focusing on operational resilience and cyber security.
EquiLend was formed by a group of 10 global financial institutions in 2001 to optimize efficiency in the securities finance industry by developing a standardized and centralized global platform for trading and post-trade services and went live in 2002. Since its founding, the company’s client base has grown to nearly 200 asset owners, agency lending banks, broker-dealers and hedge funds. On January 18 EquiLend announced that it was selling a majority stake to private equity firm Welsh, Carson, Anderson & Stowe (WCAS), and the deal is set to close in the second quarter of this year.
On 22 January EquiLend said in a statement that the firm had identified a technical issue that placed portions of its systems offline and identified a cyber security incident involving unauthorized access.
In an update on 25 January Equilend said it has continued working closely with third-party cybersecurity experts to restore its systems and that law enforcement has also been notified.
“While the investigation will take time, it has so far determined this incident was the result of ransomware,” added the statement.
EquiLend Spire components and the ECS Loan Market were not impacted by the ransomware incident and remain fully operational. However NGT,  the securities lending trading platform, post-trade solutions, data & analytics solutions and regtech solutions continue to be temporarily unavailable.
In 2023 there was also a ransomware attack on ION Markets, which resulted in delays in reporting data to the Commodity Futures Trading Commission and the regulator could not produce its weekly Commitments of Traders report.
Virginie O’Shea, Firebrand Consulting
Virginie O’Shea, founder of consultancy Firebrand Research, said in an email: “Geopolitical tensions are fuelling nation state investments into cyber-crime with a view toward maximum disruption – cybercriminals have realised that central vendor services and market infrastructures are the new big game targets to go after in this endeavour.”
Firebrand Research had said in its predictions for 2024 that geopolitical tensions dictate that cybercrime funding is likely to further increase which means more attacks, increased innovation and more risks for financial institutions.
Another prediction was that ransomware-as-a-service would continue to gain ground on the criminal mass market, combined with data theft. The report said large firms may be the focus of big game hunters but with mass availability, comes much more activity targeting firms of all sizes.
O’Shea added that cyber-attacks are on the rise across the capital markets sector. ESMA, the European Union financial regulator, said last year that financial services now accounts for 12% of all attacks, up from 4% in 2019.
“This is the reason why so many regulators are focusing on operational resilience and third party risk assessment – EU with DORA (Digital Operational Resilience Act), the CFTC and SEC both have proposed regulations and tweaks to existing regimes on the table,” she said.
New regulations
After the Ion incident, the CFTC proposed a new operational resilience framework at the end of 2023 for futures commission merchants, swap dealers, and major swap participants.
The CFTC said firms will need to establish, document, implement, and maintain an operational resilience framework reasonably designed to identify, monitor, manage, and assess risks relating to information and technology security, third-party relationships, and emergencies or other significant disruptions to normal business operations.
The framework would include three components – an information and technology security program, a third-party relationship program, and a business continuity and disaster recovery plan – supported by broad requirements relating to governance, training, testing, and record keeping. The proposed rule would also require certain notifications to the regulator, customers or counterparties, and also includes guidance relating to the management of risks stemming from third-party relationships.
The comment period closes on 2 March 2024.
The Financial Stability Board also published a toolkit last December to help regulators and market participants assess and monitor their mission-critical system providers.
Source: Firebrand Research
O’Shea said the sentiment behind the new proposals is to increase transparency around vendor relationships as regulators do not want to be blind-sided by concentration risks that are only revealed after an attack is successful. However, it will take time to reduce these dependencies and there is also sometimes a lack of choice in providers.
“The way to reduce dependencies is to have multiple providers, which is costly and more complex from a management perspective,” she added. “There could also be much more standardisation across the industry to reduce the pain of switching providers – where things like standardised APIs come into play.”
DORA comes into force in January 2025, but will take months of preparation.
“Buy-side firms in particular may need to build in extra time to query information received from their outsourced service providers,” added Firebrand. “Regulators are prioritising operational resilience over many other areas, which means they are likely to come down hard on noncompliance to prove a point.”
DORA was published on 16 January 2023 and the Association for Financial Markets in Europe (AFME), which represents global investment banks, said the ambitious 12-month window until implementation is a particular concern.
James Kemp, AFME
James Kemp, managing director at AFME, said in a statement: “In particular, AFME is concerned that without a proportionate and phased approach to enforcement, the obligations on supplier contracts will cause major disruption.  The idea that banks can renegotiate all their third-party contracts within 12 months is unrealistic, especially when many of these contracts are group-wide global arrangements with providers who are themselves not based within the EU.”
AFME suggested applying the policy for information and communication technology (ICT) suppliers on a forward-looking basis to that banks should be permitted to prioritise their material contractors, rather than seeking to capture the whole supply chain in a single year.
And receive exclusive articles on securities markets
Markets Media Follow
Digital publisher covering trading & technology in capital markets. @marketsmedia @traders_tweets @FIXGlobalOnline @TheBondDesk @BestExecution @DerivSource
As Technology Evolves, Asset Managers Adapt and Innovate

Citi Changes Organizational Structure

SEC Charges Virtu for Disclosures Relating to Information Barriers

ICE Futures Singapore Partners with CoinDesk Indices

A Senior Writer at Markets Media who became a financial journalist in 2000 after working in banking for over a decade….
An unauthorized party took control of an SEC cell phone number in an apparent “SIM swap” attack.
Staff are coordinating with appropriate law enforcement and federal oversight entities.
SEC should provide a briefing to Financial Services Committee staff no later than 17 January 2024.
Senator says Congress needs answers on ‘colossal market-moving mistake.’
Over 80 entities were tested including equities and options exchanges & fixed income markets.

source

Related Posts

After 6 months and little explanation, Norton Healthcare patients, employees still feeling effects of cyber attack – WDRB

Spotty shower possible. Storms after midnight Updated: April 16, 2024 @ 12:31 pmNorton Healthcare, a company serving about 600,000 patients a year with nearly $5 billion in assets, continues to…

Read more

CA's top cybersecurity job has been vacant for almost 2 years – CalMatters

Technology Californians get hacked all the time. The state’s top cybersecurity job is vacant In summaryGov. Newsom has yet to appoint a commander who is tasked with informing businesses and…

Read more

13 Cyber Security Measures Your Small Business Must Take – Tech.co

Our content is funded in part by commercial partnerships, at no extra cost to you and without impact to our editorial impartiality. Click to Learn MoreCybersecurity has been important to…

Read more

AVG Antivirus Free review – Ghacks

AVG AntiVirus Free is a longstanding security program for Microsoft Windows that protects computer systems from viruses, trojans and other malicious code.One interesting fact about AVG is that it maintains…

Read more

Vlog Episode #247: Chris Long on Improving Technical SEO Skills & Playing Offense SEO – Search Engine Roundtable

In part one, we learned about Chris Long and his experience working with Bill Slawski. Then, in part two, we spoke about helping people with SEO on LinkedIn and using…

Read more

Information Security Vs. Cybersecurity: What's The Difference? – Forbes

Information Security Vs. Cybersecurity: What’s The Difference?  Forbessource

Read more

Leave a Reply

Your email address will not be published. Required fields are marked *