It’s no secret: cyberattacks are a perpetual pandemic. Incidents rose by 38% in 2022 according to Check Point Research, with a new attack occurring every 40 seconds or less. And, as the trading industry learned from the ransomware attack on ION Trading in January 2023, a company doesn’t have to be a direct target of an attack to feel the negative effects. 

With an endless rise in cybercrime, it is more important than ever to take steps to be prepared to maintain resilience for your company when an attack occurs. Good internal hygiene and practices are a must but it is equally important to be prepared for an event over which you have no control. It is difficult to cover all possible threats. Therefore, in addition to following best practices, it is essential that strong contingency plans be created so that risk can be minimized if a cyberattack affects the operation of your business. 

Data and operational resilience

It should come as no surprise that operational data is an essential ingredient to a robust resilience program. In a data-driven economy, it’s data that powers the risk engines, business analytics, and financial reporting that are the fundamental building blocks to a healthy enterprise. Unfortunately, a cyberattack will likely disrupt the normal flow of data, resulting in a severe disruption to normal business operations.

This is exactly what happened with the ION Trading incident. ION is an integral part of the transaction chain for financial markets, particularly listed derivatives, providing key software for the middle and back office processing of transactions. When they were taken offline in a ransomware attack these critical programs and processes were brought to a halt. It was a classic “spanner in the works” scenario: the problems at one company caused critical breakdowns that affected all companies.

The (ION Trading) incident showed how even banks and other financial companies with polished disaster plans and mature cybersecurity must assess how ready their business partners are.“It is a stark reminder of vulnerabilities in supply chains and third-party resilience. You are as good as your weakest link.” – Sumeet Chabria, CEO, ThoughtLinks Group. Wall Street Journal, February 10, 2023

Keys to Increasing Data Resilience

Fortunately, it is possible to take steps to build data resilience in order to lessen the impact of a disruption to normal operating conditions caused by a cyber incident. Some of the key facets to such an effort include:

• Map and document data sources: With multiple exchanges, each having their own unique formats, a complex web of give-ups and give-ins with a wide variety of counterparties, and key vendors providing input and analysis, the data map for a firm is complex. Take the time to untangle the web and document how data is both created and flows throughout the process.
• Recognize dependencies: It is especially important to understand how data and analytics are dependent upon each other. At times, a single source of truth may exist, creating a possible bottleneck. These areas deserve special attention and care.
• Construct a parallel data repository: Once the data landscape is understood a next step is to construct mechanisms that will be a parallel data repository that functions in as close to real time as possible. This data repository will be a necessary ingredient to keep systems operating in the event of a disruption.
• Create a disaster plan and keep it up to date: Too often, a disaster plan is a “one and done”; completed and then put on the shelf. In practice, a disaster plan needs to be a living document, with regular review and dry runs to make sure that all bases are covered.

Data Resilience and BornTec

The ION Trading ransomware event was a wake-up call for the trading industry. As usual, the exchanges, clearing firms, vendors and clearinghouses that make up the ecosystem were at their best in a crisis, pulling together in cooperation to keep markets up and running. The FIA, industry regulators and others are hard at work to learn from the incident and build best practices for the industry to follow. In the meantime, it is a good idea for all participants to reconsider their own contingency plans, particularly when it comes to data resilience.

BornTec is a Chicago-based technology solutions firm that provides tools to support surveillance, risk, compliance, and regulatory reporting functions in financial markets. Contact us for a demo of our data resilience solutions.