Cyberattacks: A clear and present danger

The technology that makes financial transactions as easy as swiping a card or tapping a few keys also makes firms and their clients vulnerable to attack by cyberterrorists. A couple of events over the past few months should put everyone on alert.

The first event was the Stuxnet attack on the Iranian nuclear program in September. A worm introduced into key computers in the program, reportedly through an infected flash drive, caused key components, such as centrifuges used for refining uranium, to malfunction, at least delaying the program. The source of the sophisticated worm has not yet been publicly identified, but it was clearly a product of sophisticated programmers.

The danger is that a similarly sophisticated cyberattack by terrorists, introduced into the banking system through a flash drive carried by an employee working with the terrorists, could do as much economic damage as the 9/11 attacks. An attack that targeted the computers of one or more of the major banks, such as Bank of America, JPMorgan Chase or Citibank, could deny customers access to their accounts and sow confusion and fear, slowing or even halting economic activity.

The second event was this month’s cyberattack on the websites of Visa, MasterCard and PayPal by WikiLeaks supporters because the payment sites cut financial ties with the whistle-blower site. The attacks, though relatively unsophisticated, managed to disrupt payment processes for hours.

A more sophisticated attack could do significant damage to the credit card companies, again disrupting commerce and causing economic damage.

The U.S. government has re-corded thousands of cyberattacks on its websites, including those of the Pentagon, and is taking significant steps to build stronger firewalls against such attempts. All segments of the financial services industry must take equivalent steps to beef up defenses.

Imagine the economic damage a sophisticated cyberattack on the major banks would do if customers could not access their checking or savings accounts for days or weeks. Imagine the damage if the stock exchanges or the futures exchanges were brought down. The banks and the exchanges must redouble their efforts to protect their computer systems.

Similarly, financial planners, investment advisers and brokerage firms should be thinking about the vulnerabilities of their systems, and also the vulnerabilities of their clients’ financial portfolios, and considering what, if any, steps they can take to protect client assets in the event of such attacks.The era of serious cyberterrorism may not be far away.