As criminals get more sophisticated in their hacking methods, the consequences of a possible cyber breach grow increasingly alarming. All industries are under threat, but financial services - and the plethora of valuable client information that each firm holds – presents an attractive proposition for would-be cybercriminals.
This October is Cybersecurity Awareness Month and in an attempt to help firms mitigate cyber-risks, IIROC has announced plans to provide regulated firms with assessments of their cybersecurity risk profile.
James Burron, Chief Operating Officer, AIMA Canada - Alternative Investment Management Association, believes that all types of organization, both big and small, are at risk of a breach if they don’t take the adequate precautions.
“Hackers are not just going after the big companies; they know that smaller companies don’t have the resources to guard against a breach but do have information that’s valuable,” Burron says. “In their systems, an asset management firm has information on trading, algorithms, the types of stocks they buy, and their positions. If the hacker has screen shots and key strokes, they can see everything. With that type of information, they may approach a competitor fund and ask for a payment.”
Even standard account and subscription forms hold a lot of valuable information that hackers are actively searching for. With a name, address and social insurance number, a hacker may be able to create fraudulent credit cards in a client’s name.
Although the number of reported cyber related crimes has remained relatively flat over the past few years, Burron thinks those figure are skewed and that many firms don’t report hacks due to the reputational damage it could cause.
In terms of hacking tactics, business email compromise and ransomware are on the increase while phishing remains the top vector for cyberattacks, with 43% of victims citing the problem. In many cases, the hack is only made possible by the victim clicking on an errant link or downloading a file they shouldn’t.
Your firm may have strong firewalls and cyber protection software, but it’s also down to advisors to think about every email they receive. If something looks suspicious, don’t take the risk. Increasingly, hackers are creating email addresses that look exactly like that of a client or senior executive within an advisor’s firm. The hacker will then send out emails from that email address requesting the advisor send out personal information or even make a money transfer. You may think that’d you’d never fall for this (and you may not) but these emails use language and terminology that perfectly fits the sender it purports to be from. Some very savvy individuals have been caught out by this trick. Vigilance is imperative.
Financial firms boosting cyber security spending
Regulator to grade firms on cybersecurity