As cybersecurity professionals lag in talent race, affluent households must be alert to the threats
Protecting assets is part and parcel of any wealth management strategy, and with the recent flare-up of tensions on the geopolitical front, investors are likely thinking of ways to build defense into their portfolios. But as the financial world becomes increasingly tied to the digital realm, the threat of cybercrime is becoming all too real.
“As the world becomes digitized, the cybersecurity landscape will continue to evolve,” Laurie Pezzente, senior vice president of Global Cyber Security and chief security officer at the Royal Bank of Canada, commented in a note published late last year. “This means our approaches to protecting Canadians today are different than they were five years ago and will be vastly different ten years from now.”
The dangers are clear for financial advisors, particularly as cybersecurity continues to take top spots in regulators’ priority lists. But in the war to protect clients’ wealth on the web, the industry is outmanned.
A 2018 report authored by Deloitte and the Toronto Financial Services Alliance has found that Canadian organizations will be looking to fill around 8,000 cybersecurity roles between 2016 and 2021. According to RBC, academic programs meant to fill that gap have until recently taken too long to complete and did not tap the entire Canadian population, which suggests a talent gap between cyber criminals and the professionals tasked to foil them.
Affluent households are particularly vulnerable. A 2017 study conducted by Campden Research found that 38% of ultra-high-net worth families, family offices, and family businesses around the world — whose wealth reportedly averaged US$1.1 billion — did not have a cyber security plan in place.
One possible crack in the defenses comes when no ground rules are laid out on the use of social media. In particular, those who carelessly divulge clues about their wealth status, property ownership, and investments online may find themselves targeted by hackers on the hunt for valuable data. Malicious actors can launch social engineering attacks by phone, text, or email to trick and steal from unsuspecting victims.
Even if they’re not active on social networks, high-net-worth-individuals (HNWIs) tend to have high status, and thus are more searchable online. Company owners, C-level executives, and prominent public figures are easy for cyber thieves to profile as potential targets of fake emails that contain dangerous links or files that contain malware.
“Hackers are able to perform sophisticated spear-phishing attacks with the information they receive from searching the internet,” Stacy Bertrand, manager of information security strategy and metrics at City National Bank, said in another blog post.
Such threats are easy enough to mitigate: clients and advisors who get a suspicious email shouldn’t engage with it. For unusual emails that seem to have come from a trusted contact, they should pick up the phone and verify that it came from the person that purportedly sent it.
Those who have a broad network of people who help in managing their wealth, Bertrand said, should be particularly careful and adopt a “trust but verify” process. “This means that people or companies who work with these individuals need to know what they are allowed to approve and what they need to call and verify,” she said.
