One Year On: Lessons from the ION Ransomware Event

Blogs / by: Derek Haworth / March 06,2024

One year ago, the futures industry was well on the way to re-establishing normal operating procedures after a major ransomware event that targeted the critically important and deeply embedded services offered by ION Markets. In the aftermath, the Futures Industry Association (FIA) has taken a proactive path to address the issue of market resilience but on the ground, some very valuable lessons are already being implemented where operational resilience is concerned. As we talk to customers and prospects we have found three key themes that should be addressed before the next market disruption hits: data, agility, and communication.

What To Do NOW to Prepare for Market Disruption

In the past, cybersecurity was approached primarily with a “deep moat / high wall” mentality but the evolution of markets has made such an approach outmoded at best and dangerous at worst. At the same time, in an environment where shrinking budgets and cost compression are a given, it is not possible to install duplicate systems at 2.0x or even 1.5x the existing cost. New approaches are called for.

In this environment, the complex interconnectedness between customers, firms, exchanges, vendors and others calls for an approach that pivots from defense to one that focuses on operational resilience. And while regulators and industry groups have yet to publish definitive rules and regulations regarding resilience requirements, savvy companies are already making changes both because they will almost certainly be required soon and, perhaps most importantly, because they can have a positive impact on performance almost immediately.

Following last year’s ransomware event, several items stand out from our own experience as well as our conversations with both customers and prospects:

  • Know your data: A ransomware event or other technology-based disruption boils down to one thing: a disruption in the normal flow of data. Losing a key source of data or data management can throw a wrench into normal processes. In order to be prepared it is imperative to know where data is coming from, what systems play which roles, how they are interconnected internally or with other parties, and where the business rules reside. With preparation, it is possible to access most, if not all, data even if a key link in the chain of operations is impacted. 
  • Emphasize flexibility:  Behind the shift from defense to resilience is a key tenet: “keep the lights on” as much as possible.  In the future, regulators will be evaluating how well firms were able to maintain core, foundational operations and restore functionality in line with their resilience plan. When last year’s ransomware event occurred, our team at BornTec was able to work quickly with our clients to craft some novel solutions and one lesson that emerged was that having one-click access to data enabled teams to craft the solutions/create the outcomes that were needed.
  • Keep communication flowing: One problem with cyber disruptions is that the next one is rarely like the last one, making it impossible to know with complete certainty how operations will be impacted. With that in mind, it makes sense to take the time to examine your operation and identify the key interdependencies and handoffs that exist and then make certain that those areas have all of the relevant information and contacts that they’ll need when an event happens. It’s a good idea to make this a living document with regular updates and even practice drills. 

It’s Still a Matter of “When, not “If”

Prior to the ION Markets ransomware event last year, industry experts had long said that it was only a matter of time before a major cyber event hit financial markets. While that event proved the experts correct, those same voices are still singing the same refrain: it can, and likely will, happen again.

If that’s the case, then it stands to reason that the issues that were revealed in the 2023 ransomware incident are as relevant now as they were then. Markets are continually increasing in complexity and interdependencies are ever expanding. The reality is that resilience is the key to handling whatever comes next, and BornTec can help with improving operational resilience.

BornTec is a Chicago-based technology solutions firm that provides tools to support surveillance, risk, compliance, and regulatory reporting functions in financial markets. Contact us for a demo of our data resilience solutions.