Cybercrime can no longer be dismissed as the remit of the ‘young geek in the garage’
February 2, 2015: The opportunities and threats represented by technology are something ever present in our daily lives and no less a cause for thoughtful consideration and handling in the wealth management industry, where it can be criminally utilised to target individuals’ long-term savings. Firms such as those represented by the Wealth Management Association (WMA) are actively vigilant against a constant threat of attacks due to the potential high value stakes for the discerning cyber-criminal.
This is highlighted by the costs suffered in large financial centres, such as the US, from this kind of crime — $100 billion a year according to the Center for Strategic and International Studies. In the UK, GCHQ estimate that the worst breaches cost each organisation on average between £600,000 and £1.15 million. The global annual figure for cybercrime comes in at a staggering $560 billion, according to figures from KPMG.
It’s no wonder this area has been recognised by US and UK authorities at recent talks as needing critical attention. As Prime Minister David Cameron said, “This is an evolving threat, which poses a real risk to our businesses, and that is why we are taking our co-operation with the US to an unprecedented level.”
Resulting plans from these talks include mock cyber attacks on commercial banks later this year as part of tests on the robustness of critical infrastructure. The first tests will focus on Wall Street and the City, followed by others.
If we could have been a fly on the wall of those conversations between Mr Cameron and President Obama, what would they have considered? How could some of these threats impact the financial industry? How is it being fought against by firms?
First and foremost must be the recognition that cybercrime is a big business – high risk and high reward for those criminals diligently applying organised, highly skilled techniques to mount ever increasing attacks on firms. GCHQ are shortly due to publish a report, pointing out the threats faced by British businesses from cyber-attacks.
Cybercrime can no longer be dismissed as the remit of the ‘young geek in the garage’ and while it may be a constant battle for the financial firm, the criminal often needs to only ‘get it right’ once to potentially make off with huge amounts of money or valuable data.
As WMA members heard at the WMA financial crime conference this week, there are many different forms of attack such as Malware Infections, Worms, Data Theft, Denial of Service, Crypto-extortion and Cloud self-provisioning – all motivated by multiple reasons, i.e. greed, hacktivism, espionage, ideology, etc., and this only looks set to continue to increase as criminals become ever more sophisticated.
But it’s important to remember firms are not taking this lying down and are fighting back. A survey by accounting firm EisnerAmper illustrates this, showing 62% of company directors citing cybersecurity and IT risks as an important concern, up from 53%. And a study by PwC for the UK Department for Business, Innovation and Skills shows that the number of security breaches has decreased even as the scale and cost has nearly doubled.
Firms increasing spend on information security internally is a great start, but the problem cannot be answered by entirely digital means – people need to be part of the solution.
Staff need to remain constantly vigilant and, as a representative from the Financial Conduct Authority emphasised at the WMA conference. Another key aspect is ensuring that the senior management at a firm ‘buys in’ to the process and provides the support necessary. Simply buying a protection package is not enough. The work is never ‘done’ and the process is ongoing. Criminals will keep coming up with new and innovative ways to pose a threat to a financial firm and, therefore, the response needs to be equally flexible and altering to remain resilient.
Education and awareness for the general public is also something that was likely to be high on the agenda as the leaders from the two countries met. Making people a key part of their own defence is essential — and it’s not just certain parts of society that need to be targeted. While there may be a perception that a younger demographic is more technologically fluent, it is estimated that nearly 2.3 million people aged between 70 and over 100 years old are now using internet banking – assumptions can’t be made and the risk is there for everyone. But there are many ‘common-sense’ things the average person can do to limit their susceptibility, such as securing social media profiles, managing the information publically available about them and ensuring anti-virus software is up to date, to name but a few.
At a governmental level, in the UK there are numerous solutions being worked on such as the Cyber Security Information Partnership (CISP) launched in 2013 and 80 new cyber specialists being hired at the cyber-crime unit of the National Crime Agency (NCA), police forces and regional organised crime units across the UK. In the Wealth Management arena specifically, WMA are leading the way with industry information-sharing initiatives, a dedicated financial crime conference with multiple experts providing practical assistance on the cyber security area, and support material for members firms and their clients.
As reporting requirements come up for changes in 2017 due to new European regulations, there will be bigger penalties for failing to report data breaches, making it more likely for the public profile of this area to come ever more under the spotlight.
So, as the fly on that wall, we can be pretty certain that cybersecurity will be on the agenda for a long time to come as the rate and scale of these attacks shows little sign of abating. More inter-governmental work, such as the cyber games begun this year, is also to be expected as well as sharing of information and best practice to ultimately improve the resilience of UK, US and other firms around the world.
The firms themselves are stepping up to the challenge. With the collective vigilance of the client/individual on the street and governmental support, cyber criminals will have their work cut out for them.
Liz Field is CEO of the Wealth Management Association