Always prepare for the worst: An attack on technology-plumbing provider ION underscores how crucial it is to have systems in place to keep markets whirring regardless of partner issues. Make sure your firm has preparation, documentation, and a path forward from disruption.  

The derivatives trading market was teleported back to the 1980s in the past week as London-based ION Trading succumbed to a ransomware cyberattack from extortion group LockBit. With ION’s software locked up, traders and brokers around the world were forced to manually process deals using spreadsheets, telephone calls, and their own ad-hoc software. 

The interconnectedness of the markets and the many partnerships involved means that firms must have backup plans and fallbacks in case of outages like ION’s, to avoid dramatic ripple effects. While the incident has caused difficulties and delays, it has not turned into a major contagion or systemic risk for the entire financial system, thanks to people’s quick adjustments.  

The moral of the story? Companies need to take the position that they (or their partners) will inevitably be attacked and form a plan for continuity and recovery that avoids significant damage. 

“Cybersecurity is a means to an end, but really, what you need is your business to keep going following a cyber incident,” James Hadley, CEO of Insight Partners’ portfolio company Immersive Labs, previously told Insights Distilled. After all, financial services is the most targeted industry for cyberattacks, according to recent research. 

“Many large financial firms may think they are immune from ransomware because of all the resources they have invested in security. But, even if your organization is well-protected, your partners and vendors may not be,” intelligence analyst Allan Liska at Insight Partners’ portfolio company Recorded Future told Distilled.   

LockBit said over the weekend that it received a ransom and unlocked ION’s files, but ION is planning to rebuild new infrastructure for its derivatives platform instead of returning to the previous system, according to The Trade News. 

While it’s still unclear how LockBit first gained access to ION, the group has used attacks like “spear phishing” or other “malware-as-a-service” tools in the past, senior security expert for Kaspersky’s global research and analysis team, Marc Rivero, told Insights Distilled. Firms should “ensure employees are aware of phishing attacks, malware in general, and other basics of cybersecurity” to protect themselves.