Costs associated with cyber-attacks on the financial sector are soaring. Research by cybersecurity and anti-virus provider Kaspersky Lab found financial firms face losses of around £700,000 on average for each cyber-security incident they face.
Cyber threats are becoming more sophisticated, and the sheer variety of issues security researchers are facing is a huge problem. Here David Emm, principal security researcher at Kaspersky Lab, takes a look at a few of the threats your small to medium financial advice business should be aware of:
1) Targeted attacks
You’re a smaller business, but you’re not immune.
Targeted attacks on global financial organisations are likely to be conducted through smaller third parties that often have weak protection or none, and can be used as an entry-point into a larger organisation they do business with. Targeted attacks infiltrate the target’s network and steal information from their servers.
Along with malicious software designed to infect unprotected computers, targeted attacks are the only forms of security incidents financial organisations experience more any other industry. Just because you don’t see a vulnerability doesn’t mean it doesn’t exist. Cybercriminals invest time and resources in developing tools that exploit vulnerabilities in software used throughout an organisation.
Conduct a risk assessment to highlight all potential security weaknesses - before it’s too late.
2) Social engineering and phishing
Phishing is the process by which a cyber criminal attempts, usually via email, to obtain sensitive information (passwords, credit card details or other confidential data) by posing as a legitimate person or organisation.
Financial phishing has always been one of the easiest ways for cybercriminals to earn illegal money. You don’t have to be a skilled programmer, and you don’t have to invest lots of money into supporting infrastructure. Most phishing schemes are easy to recognise and avoid - but judging by what we see in our statistics, lots of people are still not cautious enough when it comes to dealing with financial and other personal data online.
Never click attachments or links in emails or other messages if you have any doubts about their legitimacy.
3) Human error
Despite the variety of threats targeting businesses, particularly those in the financial sector, cyber-attacks are so often reliant on humans and their mistakes. According to Kaspersky Lab research, 36% of all security events experienced by organisations can be put down to “inappropriate IT resource use by employees”.
Businesses could go a long way towards dealing with the problem by focusing more on developing a culture of awareness and education within the company. Having security built into staff, both in terms of their devices and their mindsets, is key – you can shape people’s mindsets and behaviours, but it takes time.
It’s difficult to simply write a policy and get people to read it, you have to be creative (poster campaigns, cartoons, internal competitions) to get people on board.
Five things you need to do right now
Finance is in an unusual position in terms of cyber-security. But there are simple steps you can take to reduce your exposure to risk.
1. Ensure updates are applied to software so secure versions are being used
2. Deploy appropriate technology to block attacks
3. Back up data
4. Use up-to-date internet security software
5. Ensure employee awareness and education – it can be the biggest step towards your business’ security, as human error is one of the biggest threats of all.