In recent years, financially motivated cybercriminals have increasingly been seeking out wealth management and other financial services firms. These institutions face a unique set of challenges when it comes to data security, privacy, and compliance, as the range of personal and financial information they hold is very attractive to cybercriminals.
Ransomware is among the leading cyber threats faced by financial services organizations. Most ransomware attacks threaten to release confidential data until the ransom is made, however, a threat actor may release the data regardless of whether or not the ransom is paid.
One of the reasons wealth management firms are such a target for ransomware is due to the fact that they usually have fewer resources dedicated to cyber-security practices such as patch management, user awareness, and other cyber security tools and training. This makes them easier to breach and many threat actors are lazy looking for low-hanging fruit.
Sign up for a No-Cost Compact NIST Cyber Security Framework Assessment
Impersonation Through Business Email Compromise (BEC)
BEC is when cybercriminals compromise legitimate business email accounts And monitor email traffic looking for valuable information to steal or transactions that may include wire transfers. This threat has become increasingly more popular for malicious actors as more organizations move to cloud-based email services, where cybercriminals can more easily access employee credentials with phishing pages that look identical to their log-in screens. One way to slow the threat actors down is to implement multi-factor authentication on your email accounts which would prevent an unauthorized user from logging in without having the second factor being a mobile device or authentication key fob.
Similar to impersonations through BEC, wealth management firms have been subject to payroll scams. Institutions experiencing these scams report their payroll department receives emails impersonating employees requesting changes to their direct deposit accounts. Cybercriminals are able to do this by sending the actual employee a spoofed email log-in page and then harvesting their credentials to send these payroll requests.
Lack of Security Awareness Training for Employees
Another one of the leading causes of cyber-attacks is simple human error. Human error includes poor password use, allowing individuals to maintain access to information they no longer need for business reasons, and not being able to recognize phishing emails. Human error is prevalent at any organization, however, as we mentioned above many wealth management firms lack the security resources such as employee security awareness training that would otherwise mitigate this type of risk.
Unfortunately, wealth management firms deal with many of the same threats as large financial institutions do, except with limited IT resources. Not only do they suffer data theft or leaks due to cyber-attacks, but they also have to deal with the loss of credibility in the market.
The ever-changing and increasingly complex cyber security landscape is difficult to keep up with when you’re trying to run a company. But all is not lost. Wealth management firms can mitigate their risk of cyber-attacks with managed security solutions.
Here at Kyber security, we can help you establish a detailed cyber security plan, security training, and awareness, enact a comprehensive cybersecurity policy, and initiate and maintain a reporting system for cybersecurity events.