Cybersecurity threats to financial firms on the upswing in 2014

As cybercriminals and hacktivists get smarter, midtier wealth managers face greater risks.
JUL 02, 2014
The risk of cyberattacks in the financial services industry is on the rise in 2014, and wealth management companies, broker-dealers and registered investment advisers are not exempt. The threat is moving from large banks to midtier institutions and smaller firms as increasingly sophisticated cybercriminals and “hacktivists” pinpoint individual targets and seek easy entry points to do their damage, according to online-security experts. “Firms need to believe, first of all, that they are a probable target,” said William Stewart, a commercial cyberbusiness senior vice president at management and technology consultant Booz Allen Hamilton Inc. “For firms that say, 'We're too small, they won't bother with us,' it's not true. These sophisticated adversaries have multipronged attacks. They don't just launch malware against one target.” For example, a cybercriminal might buy identity information on the dark web (websites and other networks intentionally hidden from search engine crawlers) or break into a firm “so they can find out that this financial wealth management institution has some prominent people they're working with,” including bank executives and government officials, Mr. Stewart said. Then the criminal will send a plausible-looking e-mail to the targeted individual's business network to capture even more information when the recipient clicks on an infected document and allows the malware to get inside their network. “That's why these midtier folks are a target,” Mr. Stewart said, pointing to wealth management firms, regional banks and hedge funds. “They have valuable information because they're managing assets.” And when grouped together, these organizations are like a row of dominos that, when attacked, can create a cascade of systemic risks that could affect financial institutions of any size, he warned. Threats in the past have come from distributed denial of service, or DDoS (making a website temporarily or indefinitely unavailable), and data-destroying attacks from groups such as the Mideastern Izz ad-Din al-Qassam Cyber Fighters hacking collective. Now mobile platforms also are at risk, Mr. Stewart said. In short, the level of threat is monumental. But cybersecurity experts say financial institutions' resistance to revealing the extent of the problem makes it difficult to quantify the rise of cyberattacks. A security bulletin published in December by IT security vendor Kaspersky Lab reports that the number of attacks launched from web resources globally in all sectors increased to 1.7 billion in 2013, from 1.6 billion in 2012. Fully 45% of web attacks in 2013 were launched from malicious web resources in the U.S. and Russia. While large institutions are spending tens of millions of dollars on security measures, midtier firms typically can't afford that degree of protection, which puts them at risk, Mr. Stewart said. He estimated that only 5% to 10% of an average firm's IT budget goes to cybersecurity. Roel Schouwenberg, principal security researcher at Kaspersky Lab, said that in addition to cybercriminals' greater focus on midsize firms, another disturbing trend comes from politically motivated hacktivists whose activity is less obvious. Rather than steal from a company, for example, their aim may be to destroy someone's reputation. Hacktivists in 2013 were more involved than ever in the shutdown of stock exchanges, Mr. Schouwenberg said. “From my personal point of view, one of the most interesting developments this year will be more closures at stock exchanges attributed to cyberattacks, because 2013 showed the system isn't as robust as people thought it was,” he said. “We'll see more movement in 2014 and 2015 toward getting more money to hacktivists in foreign nation-states to disrupt the economy,” Mr. Schouwenberg predicted. “Cyberactivists go after targets with the best return on investment because they just want to make money, but hacktivists want to wreak havoc and they're unpredictable. They may go after a target whether it makes business sense or not.” Both the Securities and Exchange Commission and the Financial Industry Regulatory Authority Inc. have identified cybersecurity as a heightened risk in the examination priority letters they released this month. While the SEC gives the issue a brief mention in its Jan. 9 letter, saying staff will focus on “information leakage and cybersecurity,” Finra, in its Jan. 2 letter, goes further in addressing the problem. Finra wrote that cybersecurity will remain a priority this year because of the persistent issues reported across the financial services industry in this area. “The frequency and sophistication of these attacks appears to be increasing. In light of this ongoing threat, Finra continues to be concerned about the integrity of firms' infrastructure and the safety and security of sensitive customer data,” the Finra letter noted. The Finra letter said evaluation of such controls may take the form of examinations and targeted investigations. In addition, the Securities Industry and Financial Markets Association is on high alert about cybersecurity. SIFMA in October released findings from a July 18 cybersecurity exercise called Quantum Dawn 2, which simulated a systemic cyberattack on the U.S. financial system. In the exercise, 500 participants from 50 different financial groups ran through their response to dealing with a crisis, including how they would share information within the sector and within government agencies. Karl Schimmeck, SIFMA's managing director of financial services operations, said that what makes cybersecurity so difficult is that the need differs from one firm to the next. “Your threat profile is typically unique to your firm,” Mr. Schimmeck said. “Financial services is a network of small, medium and large firms, and we need protection at all levels. Each one can be a gateway into the system.” He highlighted one glimmer of hope: financial firms' willingness to share with one another because cybersecurity is viewed as a noncompetitive topic. The Financial Services Information Sharing and Analysis Center, a nonprofit group founded in 1999, now serves as the primary group for information sharing between the federal government and the financial sector. FS-ISAC, which has about 4,000 members, shares data about physical and cybersecurity threats and vulnerabilities to help protect critical U.S. infrastructure. Similarly, the Financial Services Sector Coordinating Council for Critical Infrastructure Protection and Homeland Security works to minimize operational risks in financial services. Mark Clancy, managing director for technology risk management and chief information security officer of Depository Trust & Clearing Corp., whose firm is a member of both groups, said he sees nothing on the horizon that will change the growth curve for cyberattacks, because the financial sector has been productive for criminals. Looking ahead, Mr. Clancy said that while DDoS attacks so far have made up the bulk of cybercrime against financial firms, the bad guys are figuring out new ways to strike. “Unfortunately, criminals will start to figure out the broker-dealers,” he said. “When criminals start to understand the industry better, broker-dealers can expect to see more attacks. The key to remember is that on the other side of these attacks is a human. Humans innovate.”

Latest News

LPL building out alts, banking services to chase wirehouse advisors, new CEO says
LPL building out alts, banking services to chase wirehouse advisors, new CEO says

New chief executive Rich Steinmeier replaced Dan Arnold on October 1.

Franklin Templeton CEO vows to "do what's right" amid record outflows
Franklin Templeton CEO vows to "do what's right" amid record outflows

The global firm is navigating a crisis of confidence as an SEC and DOJ probe into its Western Asset Management business sparked a historic $37B exodus.

For asset managers, easy experience is key to winning advisors' businesses
For asset managers, easy experience is key to winning advisors' businesses

Beyond returns, asset managers have to elevate their relationship with digital applications and a multichannel strategy, says JD Power.

Why retaining HNW clients ultimately comes down to one basic thing
Why retaining HNW clients ultimately comes down to one basic thing

New survey finds varied levels of loyalty to advisors by generation.

Stocks drop as investors digest Microsoft, Meta earnings
Stocks drop as investors digest Microsoft, Meta earnings

Busy day for results, key data give markets concerns.

SPONSORED Out with the old and in with the new: a 50% private markets portfolio

A great man died recently, but this did not make headlines. In fact, it barely even made the news. Maybe it’s because many have already mourned the departure of his greatest legacy: the 60/40 portfolio.

SPONSORED Destiny Wealth Partners: RIA Team of the Year shares keys to success

Discover the award-winning strategies behind Destiny Wealth Partners' client-centric approach.