This awareness gap makes security less of a priority for the bank as a whole, and creates vulnerabilities, wrote Jitendra Sharma, KPMG’s Advisory Line of Business Leader for Financial Services.
Hacked? Who, me?
For some cybercriminals, a few million dollars is chump change. They've figured out how to make a lot more and not even be noticed.
"If you had the capacity to transfer 10 million out of an account that's one thing," said Keillermann. "But if you understand the position a major brokerage house will take in the market is much more lucrative."
The recent financial recession left many financial experts unemployed, and some of them found a new calling educating cybercriminals about front running and market manipulation.
A criminal who gets into a firm's system and finds trades that are scheduled to occur at a certain time, for example, can get to the market early and make a killing.
The cybercriminals pass the information to investors, who are often overseas. Regulators don't notice, or put the results down to luck, especially because there's no visible connection between the investors and the financial company.
And the victimized firm might never know it was hit, since the only thing that happens is they make less money than they hoped.
"They expected to make a multiple of five, and they only make a multiple of three," he said.
It's hard for a company to make big investments in cybersecurity when there are no visible losses.
"There's an awareness in the criminal community that these private equity firms and hedge funds have weak technology infrastructure," said Kellermann. "And with straight-through processing and transactions happening in real time, it's very difficult to stop yourself from being front-run if you've already allocated the transaction, so this has become a systemic risk issue."
Who's watching the numbers?
Algorithmic trading is another tool that allows Wall Street firms to eke out every penny that they can from every transactions. And those pennies, or even fractions of pennies, add up quickly, so firms are in a race to be the first to make the trade.
Clearing houses and other intermediaries do their best to reduce the processing time to a minimum in order to attract and keep customers, who are also increasingly price sensitive.
"They've been trying to cut costs and automate as much as possible," said Justin Harvey, chief security officer at Fidelis Cybersecurity.
That doesn't leave much time to examine individual transactions, and it might be time to take a step back, he said.
"It doesn't have to be every single transaction, but you'd think that for an $81 million transaction someone would be looking at it," he said. "I know it costs more money, but I don't know of any other institution that would process that large amount of money without a second or third level of scrutiny."
Sign up for CIO Asia eNewsletters.