Cyber Security Breaches Lead To Slowed Hiring For J.P. Morgan

J.P. blog update courtesy efinacialcareers’ “Morning Coffee”. profiled earlier in February the uptick in PE firms hiring younger bankers however, other Wall Street businesses are easing up on hiring bankers and looking for more cybersecurity employees after recent breaches.

Much of the hiring that takes place on Wall Street is, unfortunately, reactive. Junior bankers are replacing pricey seniors while sell-side firms are backfilling seats left vacant by staffers who are jumping to the buy-side. And then of course there is headline chasing, when banks load up on compliance, risk and cyber security pros after news of a big scandal breaks.

And that’s not to say it’s a PR move. When J.P. Morgan discovered a massive breach to its internal network last June, one that reportedly had ties to Russia, it pulled out all the stops to improve its defenses to mitigate against a repeat occurrence. Apparently grown frustrated with a lack of help from the U.S. government, the bank has reportedly been recruiting defense contractors and people with military backgrounds, according to Bloomberg.

J.P. Morgan has already grown headcount within its digital security staff to 1,000, more than double the size of Google’s security group, according to the report. The bank has even built a security services facility in the backyard of the National Security Agency, making it easier to recruit talented defense pros. From the sounds of it, J.P. Morgan has essentially built itself a mini defense agency.

Meanwhile, hiring continues to slow in the front office. Headcount at the 10 biggest investment banks on Wall Street fell for the fourth year in a row in 2014, down 4% to 51,600,according to a new report. Fixed income units took the brunt of the punishment, with banks cutting nearly 10% of front office FICC employees during the year.

Despite a revival in dealmaking, investment banking divisions cut their staff by 1% year-over-year. And that’s with revenue up 6% compared to 2013. With greater needs in the back and middle offices, banks are trying to do more with less when it comes to revenue generators.

For the original article, click here.


Cyber Gang Beats Global Banks Out of Billions-Phishing Catches Whales blog update courtesy of  David E. Sanger and Nicole Perlroth of the New York Times.

According to a just released investigation conducted by cyber security firm Kapersky Labs, a modern day gang of cybercriminals using seemingly simple email-based phishing techniques has beaten global banks, including the world’s biggest brokerdealers, out of at least $1billion during the past year alone.

When notorious 20th century gentleman bank robber Willie Sutton was asked by a news journalist (not Brian Williams!) why he robbed banks, the answer Sutton purportedly was: “Because that’s where the money is..” Though Sutton later disputed making that comment,  robbing banks in the 21st Century no longer requires wearing a ski mask and passing a teller a note that says : “This is a stick-up, give me all of your money.” Instead, according to the last series of bank heists, the weapon of choice starts with a phishing strategy that includes sending an email to a targeted bank employee that purportedly came from a sender known to the recipient, and includes an invisible piece of bait (commonly referred to as ‘malware’) embedded within the email message. That malware, which is chock full of computer code that enables access to critical systems ultimately lodges into the bank’s belly, enabling the ‘phisher’ to move tens of millions of dollars out of the bank and into the nets of phisher accounts in other banks.

In a report to be published on Monday, and provided in advance to The New York Times, Kaspersky Lab says that the scope of this attack on more than 100 banks and other financial institutions in 30 nations could make it one of the largest bank thefts ever — and one conducted without the usual signs of robbery.

The Moscow-based firm says that because of nondisclosure agreements with the banks that were hit, it cannot name them. Officials at the White House and the F.B.I. have been briefed on the findings, but say that it will take time to confirm them and assess the losses.

Kaspersky Lab says it has seen evidence of $300 million in theft through clients, and believes the total could be triple that. But that projection is impossible to verify because the thefts were limited to $10 million a transaction, though some banks were hit several times. In many cases the hauls were more modest, presumably to avoid setting off alarms.

The majority of the targets were in Russia, but many were in Japan, the United States and Europe.

No bank has come forward acknowledging the theft, a common problem that President Obama alluded to on Fridaywhen he attended the first White House summit meeting on cybersecurity and consumer protection at Stanford University. He urged passage of a law that would require public disclosure of any breach that compromised personal or financial information.

But the industry consortium that alerts banks to malicious activity, the Financial Services Information Sharing and Analysis Center, said in a statement that “our members are aware of this activity. We have disseminated intelligence on this attack to the members,” and that “some briefings were also provided by law enforcement entities.”

The American Bankers Association declined to comment, and an executive there, Douglas Johnson, said the group would let the financial services center’s statement serve as the only comment. Investigators at Interpol said their digital crimes specialists in Singapore were coordinating an investigation with law enforcement in affected countries. In the Netherlands, the Dutch High Tech Crime Unit, a division of the Dutch National Police that investigates some of the world’s most advanced financial cybercrime, has also been briefed.

The silence around the investigation appears motivated in part by the reluctance of banks to concede that their systems were so easily penetrated, and in part by the fact that the attacks appear to be continuing.

The managing director of the Kaspersky North America office in Boston, Chris Doggett, argued that the “Carbanak cybergang,” named for the malware it deployed, represents an increase in the sophistication of cyberattacks on financial firms.

“This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert,” Mr. Doggett said.

For the full story, please visit the NY Times by click here


Cybercriminals Assault BrokerDealers; Most BDs Bamboozled by MITB and Phishing Schemes blog update courtesy of extract below from 3 Feb WSJ story by Matthias Rieker

Cybercriminals Attack BrokerDealersMore than half of U.S. brokerage firms surveyed by regulators said they had been targeted by email scams aimed at tricking them into wiring away client money.

In many cases, brokers fell for the impostors and their firms had to reimburse their clients. Of the brokerage firms that received the fraudulent emails, 26% reported losses of more than $5,000, according to the Securities and Exchange Commission.

The SEC last year sampled 106 firms—57 broker-dealers and 49 registered investment advisers—to assess the industry’s cybersecurity risk.

On Tuesday, the regulator said 88% of the broker-dealers and 74% of RIAs it examined for its report had experienced some form of a cyberattack. The agency didn’t say in what years the attacks occurred.

The wealth-advisory industry has long been struggling with what security experts and advisers say has been an onslaught of fraudulent wire-transfer requests, many resulting from client email accounts being hacked. Fifty-four percent of broker-dealers and 43% of RIAs said they had received fraudulent emails seeking to transfer client money.

  • Fifty-four percent of broker-dealers and 43% of advisers said they had received fraudulent emails seeking to transfer client money.

For example, a former Morgan Stanley Smith Barney adviser—whose client’s email had been hacked—wired a total of $521,500 in four requests over two months last year. Also, a former Wells Fargo adviser failed to confirm two wire transfers for a total of $67,532 over two months in 2012 that turned out to be from an impostor.

The Financial Industry Regulatory Authority, Wall Street’s self-regulator, suspended and fined both advisers last month. Neither admitted or denied the allegations, and their firms fired them, according to Finra. Morgan Stanley and Wells Fargo declined to comment on the cases.

Like most firms, Morgan Stanley and Wells Fargo have strict procedures on how to thwart such scammers, but some advisers haven’t been vigilant enough to ensure the requests are actually from their clients. Of the broker-dealers that reported losses from fraudulent emails, a quarter said the losses were the result of employees not following the firms’ authentication procedures, the SEC said.

SEC chairwoman Mary Jo White says assessing the readiness of market participants and providing investors with information on how to better protect online investments from cyberthreats is an important focus of her agency.

Finra said that last year it brought 37 cases related to the improper transfer of investors’ money to third-party accounts.

“Cybersecurity threats know no boundaries,” SEC Chair Mary Jo White said in statement. “That’s why assessing the readiness of market participants and providing investors with information on how to better protect their online investment accounts from cyber threats has been and will continue to be an important focus of the SEC.”

The SEC also said it found that 58% of broker-dealers but only 21% of RIAs are insured against losses from cyberattacks. One broker-dealer and one adviser reported that they had filed claims, the SEC said.

For the full story from the WSJ, please click here