Nasdaq spends to fend off "constant" hack attacks
NEW YORK (Reuters) - The operator of the Nasdaq Stock Market is "under constant attack" from would-be hackers and will spend more on security as a result, its top executive said.
"As we sit here, there are people trying to slam into our system every day," Robert Greifeld, chief executive officer of Nasdaq OMX Group, said in an interview on Wednesday. "So we have to be ever-vigilant against an ever-changing foe."
The exchange operator sits at the center of the U.S. financial system, which has increasingly come under siege from computer hackers and counts itself among those, including Citigroup Inc, that have had recent cyber breaches.
Intruders entered Nasdaq's systems last year, leaving "suspicious files" on the exchange's servers and sparking an investigation involving the FBI. Trading platforms were not compromised, the exchange said, although some Internet-based client applications were vulnerable.
"We're (now) in normal state in that we resolved that particular issue," Greifeld said.
Nasdaq, which runs stock and derivatives trading venues in the United States and Nordic Europe, provides and stores sensitive market data.
Earlier on Wednesday, the company boosted 2011 cost projections, in part because of higher information security expenses.
Expenses should now total $950 million to $965 million this year, up from the $920 million to $940 million estimated in February.
Chief Financial Officer Lee Shavel said the environment had changed in the last few months.
"You can throw as much money as you want against something like this, but as we looked at the level of attacks that have been experienced really across the industry ... we decided it was appropriate for us to up the amount of resources," he told Reuters.
The list of hacker victims has grown long and well beyond Wall Street this year. Sony, Google Inc, Lockheed Martin, and even the International Monetary Fund have all been breached, at times exposing clients' personal information.
Some cyber experts fear financial institutions have inadequate defenses, due in part to distractions during the financial crisis that led them to ignore IT systems.
Two-thirds of U.S. banks plan to raise spending on fraud-detection and authentication systems in 2011, including the largest ones, according to a Gartner Research poll of 76 banks.
The hacker wave has prompted calls from the White House and the Securities and Exchange Commission for new laws and rules to protect personal information and safeguard capital markets.
Financial institutions, cognizant of reputations and possible systems vulnerabilities, appear increasingly willing to put cash on the line to get ahead of possible attacks.
"We recognize that we're under constant attack," Greifeld said, "and by that I mean literally constant attack."
(Reporting by Jonathan Spicer; Editing by Lisa Von Ahn)