Managing billions, love your hacker
31 January 2018
Cyber crime is a massive challenge, but you must recognise the opportunity as well.
Cyber security attacks have battered the balance sheets and reputation of many of the globe’s biggest businesses in the last few years. Sony, TalkTalk and the NHS have all become victims of costly phishing or ransomware hits.
The financial services sector is by no ways immune. According to Accenture’s ‘Cyber Security For Asset Managers’ report last year, the average number of targeted security breaches a typical financial services firm faces is a huge 85 per year.
A third of the attacks will result either in a “problem or destruction”, with 59% taking months to detect and 14% not being discovered for a year or more. Worryingly 48% believed they were at greatest risk from internal cyber criminals rather the more traditional attacker in the shape of bored hacker, organised criminal or government.
What’s at risk at being attacked? Quite a lot – proprietary algorithms and research, trade routing and execution patterns, institutional and private client accounts, growth strategies, sales prospects and new client information to name a few.
The regulatory fist is tightening as well. Moody’s has suggested that asset management firms could face a credit rating downgrade if they can’t protect critical data and under the GDPR legislation in 2018 companies can be fined between 2% to 4% of their turnover if they have not properly protected personal data in the result of a breach.
Andrew Hall, client relationship director at Willis Towers Watson, says: “The majority of cyber threats have a financial motive and a reliance on accessing personal data. Asset managers are very much in the eye of the storm particularly if you are handling a diverse amount of information around the world. The greater the reach, the greater the vulnerability.”
Accenture suggests asset management firms need to develop solid perimeter cyber security, cyber risk management and control techniques throughout business processes to lessen the threat.
They need to understand their vulnerabilities and the types of attacks out there such as botnets, malware, phishing, ransomware and social engineering where employees are manipulated to give up vital information.
They should look at real time network monitoring using intelligent automation to spot and block suspicious activity.
“Moody’s has suggested that asset management firms could face a credit rating downgrade”
Companies should consider restricting access to sensitive data for certain individuals, ensure their partners or suppliers strategies are equally as robust and ensure that employees understand the danger of working on their smartphones or in public Wi-Fi areas.
A cyber response strategy is vital including how to end the threat, to notify all parties including clients immediately protecting their reputation.
“It is vital to recognise where and how personal data is being stored in the cloud or in databanks. You need to ensure your housekeeping is in order such as ensuring that software is well managed and maintained and you know who is handling your data,” says Hall. “What are the levels of access and how are these being controlled? This will help detect violations and minimise impact. You also have to be able to recover this data and personal loss in a breach. You need to recover your reputation and maintain business confidence.”
He says this requires leadership from the top of an organisation and not delegated to specialist departments. “It is about that leadership, culture and everyone having a sense of responsibility to improving cyber security. You need to increase the cyber IQ of your company,” he states. “Constantly carry out assessments, don’t leave it to an annual check. Also upgrade software and legacy architecture. This could all lead to your company holding a competitive advantage if customers believe you are the most secure and most willing to communicate with them about the threat.”