Cybersecurity and Online Trading: An Overview

Friday, October 25, 2019

Sam Bocetta

D63b67548a5fd4323d25d572dd43bd76

Trade and cybersecurity are inherently linked. The promise of the information revolution was always that it would allow people to connect internationally, and that it would make international investment available for everyday citizens.

It has certainly done that, but as trade and investment grow ever more complex, the risks also grow. Alongside the development of international investment networks has developed another, shadowy network of hackers and unscrupulous investment companies. As the Internet of Things (IoT) and Artificial Intelligence (AI) technologies are adopted, the complexity and vulnerability of trading platforms is also going to increase. 

In this article, we’ll take a look at how and why the risks of international trade are increasing, and the political response to this.

The Security Risks Of Trade

There is one primary reason why digital trade is more at risk from cyberattack than ever before: a huge increase in the number of people using online trading platforms. Whilst this increase has greatly increased the ability of individuals to invest internationally, it has also opened up many opportunities for hackers.

In other cases, technologies that have been developed in order to increase the security of international trade can have the opposite effect. The move to cloud storage and Software as a Service (SaaS), for example, has been driven by the perception that there are many security benefits of cloud storage: as research firm BlueTree.ai notes, 83 percent of successful American businesses were planning a SaaS strategy for the coming year, due in part to data security concerns.

Whilst cloud storage can be a more secure way for traders to protect their data (and profits), cloud systems are also an order of magnitude more complex than more 'traditiona;' trading systems. That means that they require similarly complex cybersecurity protocols to be put in place in order to stop the spread of malware infection, or simply the interception of sensitive commercial data.

The Political Response

These concerns have led many governments to seek to regulate and control digital trading, in order to protect both individuals and firms against cyberattack. According to some estimates, up to 50 countries have now put in place – or are planning to put in place – policies that seek to limit the vulnerability of their citizens.

At the moment, however, these measures have largely been adopted on a per-country basis. Since international trading is, by definition, international, this has severely limited the efficacy of these systems. 

Add to the simmering mix the reality that many individual investors simply don’t have the technical know-how to avoid scams and hacks. The Foreign exchange (Forex) market, in particular, has had a reputation for being a sort of online Wild West ever since it opened to retail traders in the late 90’s. Many jumped in (and continue to do so) without even a rudimentary knowledge of basic currency trading strategy, which contributes to the steady and still almost unbelievable 96% failure rate. Combine these poor trading skills with a mostly unregulated brokerage industry and you have a perfect storm preying on mass ignorance.

And this was before cryptocurrency was even a glimmer of a whitepaper in Satoshi Nakamoto’s probably collective head. If Forex is the equivalent of facing down the fastest gun in Dodge City at high noon with a cap pistol, trading cryptocurrency is even more dangerous.  

Leading governments, to their credit, have recognized this minefield. The European Union has identified “a need for closer cooperation at a global level to improve security standards, improve information, and promote a common global approach to network and information security issues." The US has also made similar moves, and it's most recent Cybersecurity Strategy reaffirms the need to “strengthen the capacity and interoperability of those allies and partners to improve our ability to optimize our combined skills, resources, capabilities, and perspectives against shared threats."

There is, however, a very fine balance to be drawn between security and freedom. Any restrictions put in place in order to improve the security of international trading networks risk limiting the ability of individuals and companies to invest across borders. Given the benefits that this kind of decentralized trading has brought the world economy, and over-eager implementation of cross-border cybersecurity systems also risks undermining the profitability of many firms.

The Future

Though these issues are far from being resolved, some consensus on the direction of travel is emerging. The Brookings Institute has recently outlined a number of key principles that will govern the way that international trade will be secured in the years to come.

One of the most important is to ensure access to information across international boundaries. Whilst this may sound like it would increase the opportunities for this data to be stolen, in reality this kind of information sharing limits the risks inherent in the localization of financial records. It is strange to note, in fact, that in this regard the way that international trade is being secured bears many similarities to the kinds of decentralized systems used in cryptocurrency exchanges.

Another key area for development will be in the standardisation of cybersecurity standards and policies across territories. The International Standards Organization (ISO) has recently developed a number of cybersecurity standards that aim to help countries to develop compatible ways of securing international trade. These policies can then be internationally integrated in trade agreements, ensuring that criminals and unscrupulous companies cannot escape justice by fleeing to another jurisdiction.

Finally, there is a building consensus – not just in government but also in industry – that a risk-based approach to cybersecurity needs to be adopted when it comes to securing international trade. This approach is one that has been developed in order to assuage the fears that regulation could stifle trade flows: instead of adopting a 'tick-box' approach to cybersecurity compliance, companies should carefully assess their threat profile before deciding which counter-measures to put in place.

Trust and Security

Ultimately, international digital trade is built on trust, and this will need to be maintained in order to ensure profitability for both individual and institutional investors. 

At the broadest level, as complex networks get harder to secure, there will need to be much more dialogue between policy makers and cybersecurity experts. Building bridges between these communities will support the development of effective cybersecurity practices without putting in place unnecessary trade barriers.

About the author: A former defense contractor for the US Navy, Sam Bocetta turned to freelance journalism in retirement, focusing his writing on US diplomacy and national security, as well as technology trends in cyberwarfare, cyberdefense, and cryptography.

Possibly Related Articles:
23266
Infosec Island Enterprise Security Security Awareness
cybersecurity Internet of Things IoT
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.