Bloomberg reports: The U.S. Securities and Exchange Commission is examining the exposure of stock exchanges, brokerages and other Wall Street firms to cyber-attacks that have been called a threat to financial stability.

The SEC held a roundtable discussion of those risks in Washington today as it weighs a proposal to require stock exchanges to protect their critical technology and tell members about breaches of important systems. More than half of exchanges surveyed globally in 2012 said they experienced a cyber-attack, while 67 percent of U.S. exchanges said a hacker tried to penetrate their systems.

Dennis Fisher writes: Costin Raiu is a cautious man. He measures his words carefully and says exactly what he means, and is not given to hyperbole or exaggeration. Raiu is the driving force behind much of the intricate research into APTs and targeted attacks that Kaspersky Lab’s Global Research and Analysis Team has been doing for the last few years, and he has first-hand knowledge of the depth and breadth of the tactics that top-tier attackers are using.

So when Raiu says he conducts his online activities under the assumption that his movements are being monitored by government hackers, it is not meant as a scare tactic. It is a simple statement of fact.

“I operate under the principle that my computer is owned by at least three governments,” Raiu said during a presentation he gave to industry analysts at the company’s analyst summit here on Thursday.

The comment drew some chuckles from the audience, but Raiu was not joking. Security experts for years have been telling users — especially enterprise users — to assume that their network or PC is compromised. The reasoning is that if you assume you’re owned then you’ll be more cautious about what you do. It’s the technical equivalent of telling a child to behave as if his mother is watching everything he does. It doesn’t always work, but it can’t hurt.

Raiu and his fellow researchers around the world are obvious targets for highly skilled attackers of all stripes. They spend their days analyzing new attack techniques and working out methods for countering them. Intelligence agencies, APT groups and cybercrime gangs all would love to know what researchers know and how they get their information. Just about every researcher has a story about being attacked or compromised at some point. It’s an occupational hazard.

But one of the things that the events of the last year have made clear is that the kind of paranoia and caution that Raiu and others who draw the attention of attackers employ as a matter of course should now be the default setting for the rest of us, as well. As researcher Claudio Guarnieri recently detailed, the Internet itself is compromised. Not this bit or that bit. The entire network. [Continue reading…]

Last year, CSIS reported: After years of guesswork and innumerable attempts to quantify the costly effects of cybercrime on the U.S. and world economies, McAfee engaged one of the world’s preeminent international policy institutions for defense and security, the Center for Strategic and International Studies (CSIS) to build an economic model and methodology to accurately estimate these losses, which can be extended worldwide. “Estimating the Cost of Cybercrime and Cyber Espionage” posits a $100 billion annual loss to the U.S. economy and as many as 508,000 U.S. jobs lost as a result of malicious cyber activity.