What You Need to Know About Monitoring Cellular and IoT Devices in Capital Markets
Will the regulatory climate for capital markets cool off given the pro-business agenda of the current administration? It may be too early to tell, but many believe the answer will be “no” – especially as the government zeroes in on cybersecurity.
Another area of particular focus is electronic communications (or e-comms), which touches virtually every aspect of buy and sell-side activities.
Just ask FINRA. Last December, the agency fined 12 large financial institutions a total of $14.4M for improper electronic records-keeping practices, which made the firms vulnerable to cybersecurity threats.
So, what’s the issue? The challenge with e-comms monitoring is that it has to go beyond preventing illegal activities. It has to provide the ability to measure, prove and – the most challenging of all – disprove intent.
The interesting thing about the 12 FINRA settlements is that most of the cases didn’t focus on actual instances of failure in record keeping (and the e-comm surrounding it). The fines were for negligence in preventing these things from possibly happening.
Therein lies the real challenge. How do you prove your employees aren’t communicating the wrong way? How do you monitor for unauthorized devices – not just phones and wearables, but for more obscure IoT devices like wireless printers or keyboards that can be hacked and exploited for malicious activity?
Without real-time monitoring of all the devices in your space – both the detection of devices and determining whether they present security vulnerabilities – firms don’t have a mechanism to enforce the rules.
This is where Bastille’s enterprise threat detection technology comes in, and why it’s so critical to capital markets. Bastille provides constant and holistic awareness of devices in the enterprise. It allows firms to identify in detail all devices in the enterprise, where they are, the protocols they’re using, the data volume they’re transmitting and what security vulnerabilities may exist. When an unauthorized device enters the enterprise or does something out-of-policy, someone is alerted.
Bastille also enables forensic analysis on device comms. Were there strange patterns in data flows between devices? Which devices? Were they authorized? Were those devices attached to a persona or employee in the enterprise?
Finally, Bastille performs this monitoring in a discreet and non-disruptive way.
At the technical layer, Bastille helps firms meet the dual demands of e-comms monitoring – the ability to prevent malicious activity and the ability to measure, prove or disprove intent through forensic analysis. Finally, it demonstrates and validates to auditors that the firm has the technology in place to enable systemic and continuous monitoring.
If you would like to learn more, please watch our webinar, Cellular and IoT on Wall Street: Changes in Compliance Requirements, Cellular, and IoT Devices in Capital Markets.