Defending Against Cyber Threats Amid Financial Market Volatility

Written by Travis DeForge, Director of Offensive Cybersecurity at Abacus Group.

As a former Military Intelligence and Deception Operations officer for the U.S. Army, I witnessed firsthand how timing an attack during periods of heightened stress and uncertainty can significantly enhance its success. This principle is not confined to military operations, it also applies to the world of cyberattacks. Cybercriminals thrive on chaos, leveraging moments when organizations are distracted to gain initial access or exploit previously established footholds. 

When adversaries launch cyberattacks aimed at deploying ransomware, exfiltrating sensitive data, or executing wire fraud, they often strive to remain "under the noise floor", acting so subtly that their presence is undetected until the critical moment of impact. In times of significant market volatility, financial services organizations, including hedge funds, face additional “noise” as their focus shifts toward capital preservation and navigating the turbulent financial landscape. This reprioritization often creates opportunities for malicious actors to ramp up their efforts, capitalizing on the resulting distractions and vulnerabilities. 

Market volatility doesn’t just create financial uncertainty; it also amplifies the risks of cyberattacks. Seward & Kissel recently highlighted this in their article Steps to Take During Extreme Market Volatility, emphasizing the importance of evaluating technical systems to handle increased activity and defend against potential breaches. In such an environment, it’s crucial for financial firms to adopt proactive measures to minimize the likelihood and impact of cyber incidents, allowing them to focus on fund performance without compromise. 

Key Steps to Bolster Cybersecurity During Market Volatility

Enforce Comprehensive Multifactor Authentication (MFA): MFA is a fundamental yet critical best practice for securing access. However, breaches often reveal instances where exceptions to MFA were made. In today’s threat landscape, ensuring MFA is deployed universally across all users—without exceptions—is an absolute necessity.

Audit and Strengthen Processes for Bank Transfers: The widespread reliance on ACH and wire transfers, especially during times of margin calls, creates a prime target for social engineering attacks. Conduct a thorough review of your cybersecurity posture, focusing on workflows involving financial transactions. Identify potential weaknesses and implement both technological enhancements and process improvements to reduce vulnerabilities.

Enhance Staff Education and Security Awareness: The rise of generative artificial intelligence has led to a dramatic increase in the sophistication and volume of phishing emails and impersonation attacks. Malicious actors now use AI to craft convincing pretexts for social engineering schemes and even clone voices during live calls to facilitate wire fraud. Regular security awareness training for staff is essential to combat these evolving threats and ensure everyone remains vigilant.

By prioritizing these measures, financial services organizations can mitigate the risks posed by malicious actors during periods of market volatility. Staying ahead of these threats will not only protect sensitive assets but also empower firms to maintain focus on their core mission—delivering exceptional fund performance. 

At Abacus Group, we understand the unique cybersecurity challenges financial firms face during turbulent market conditions. Our team combines deep technical expertise with an understanding of your business priorities—helping you stay secure, agile, and focused. Contact us today to get started.