There’s no doubt that digital technology has revolutionized the financial services business. Even the most technophobic among us of have embraced the convenience of being able to handle banking, bill paying or buying and selling investments at anytime from anywhere via our smartphones or tablets. But just because we can complete financial transactions from the physical safety of our own homes doesn’t mean that those transactions are secure, because online criminals will steal whatever they can.
In the Equifax data breach last year, cybercriminals managed to steal 146 million U.S. consumer financial records. And that was far from the only major attack. According to IBM, some 200 million financial services records were hacked in 2016, representing a 900% increase over the previous year.
While any breach of security is one too many if it’s your data that’s been compromised, as a whole, the financial services industry is getting better about cybersecurity. According to Accenture’s 2018 State of Cyber Resilience for Financial Services, so far this year, financial firms managed to stop 81% of cyberattacks. Surprisingly, despite the frequency of cyberattacks, only 18% of 800 financial IT security professionals participating in the study said their firms have increased spending on cybersecurity in the past three years and only 30% expect to spend significantly on defense in the next three.
This seems somewhat short-sighted since cybercriminals are persistent if nothing else. Think of all those emails you get from banks, some which you don’t even have an account with, warning you of suspicious activity. They are attempts so obviously fake that it’s hard to believe anyone falls for them, but enough people must or they wouldn’t be so prevalent.
It turns out that when it comes to cybersecurity, people are almost always the weakest link in the chain. Across industries, more than half of all data breaches are due to human or system error, according to Larry Ponemon, of the Ponemon Institute, which specializes in cybersecurity research. Cybercriminals know this and are increasingly using a variety of techniques to use unwitting insiders to steal financial data.
Employees, particularly those at small, independent financial advisory and asset management firms, can be the biggest security vulnerabilities. Hackers have learned that the easiest way to acquire network login credentials is to simply ask for them, using ‘phishing’ email as mentioned above. When the recipient clicks on the link to update their security credentials what they’ve really done is opened the door to their firm’s data vault.
Another common targeted hack is the ‘man in the middle’ where the recipient is seduced into visiting a third-party website, which installs malware onto their computer and all the systems it’s connected to. When this intercept is placed between two entities that are likely to execute large cash transfers it can be very costly as Nautilus Minerals, a Canadian firm discovered. The firm lost $10 million that it thought was being transferred to a shipbuilder in Dubai, but was actually hijacked into some unknown third-party account.
It does a financial services firm no good to have stringent security protocols if they are not followed. Enforcing safe password practices may be inconvenient, but it’s really your first line of defense. Other suggestions for beefing up your training and security procedures is available from the Small Business Administration’s cybersecurity portal. Training employees to spot these attempted security breaches doesn’t have to be complicated or expensive, but it can have a tremendous impact on your business’s ability to defend itself from cybercriminals.
And remember, hackers are constantly updating their techniques, which means whatever protects you today, may not be effective tomorrow. So whatever you do, never let down your guard when it comes to cybersecurity.
Be prepared in case you do find yourself in a cyber-security crisis situation.