We asked Stuart Laidlaw, CEO of UK-headquartered cybersecurity firm Cyberlytic to answer 5 questions on the hugely important topic of cybersecurity and, specifically, for wealth managers.
1. Cyber risk and cybersecurity is clearly a hot topic today and one that seems to be frequently in the news. How big a risk is cyber risk to wealth managers and why?
Cybersecurity should be taken seriously by all businesses. The threats are real and are being driven by criminals looking to monetise cybercrime. The financial services sector is a top target as financial data and the underlying systems potentially yield the biggest return. Attack vectors can be varied and it’s not always about directly impacting financial systems, quite often stealing personal data to sell on to other threat actors is incentive enough. The risk to wealth managers is particularly high as these businesses are unlikely to have spent the hundreds of millions of pounds being spent by the global banks, whilst the push towards digitizing wealth management processes provides potential weaknesses that could be exploited. The personal information of high net worth individuals are always going to be seen as a top target, which is why it is important wealth managers take the risk of cyber attack seriously.
2. When you look at the nature of the threat and the profile of this sector, what would you highlight as the main risks to a wealth management business?
It very much depends on the business and how it operates, but significant cybersecurity risk within this sector will be associated with data loss. Data, often described as the ‘new gold’, is the target of cyber attackers. Data loss prevention is not solely dependent on adopting a defensive posture. Significant risk is easily associated with insider threat, for example; disgruntled employees or those susceptible to bribery should be considered a key risk. At the end of the day, if the data you own is considered valuable, then if you are unlucky enough to be targeted by an attacker, there are plenty of ways that data can be stolen. Put in basic monitoring solutions and be aware of these risks; take suitable measures to mitigate them.
3. What steps should wealth management businesses take in order to establish and maintain a solid cybersecurity process, infrastructure and capability?
It is important to understand what data is retained by the business and what the impact might be if that data was stolen? Not only the financial cost and likely fines but, in the wealth management sector, it is likely any breach would cause irreparable damage to the company’s reputation. Once you know what is important, it is worth spending some time to understand how the data could be compromised. For example, if you use a web portal that provides a way of interacting with your clients, then it might be a good idea to invest in some web security. Think about your network, devices and people; are they adequately trained to do the basics right? It is then a case of putting appropriate controls and technology in place to counter the threats.
4. A large challenge around this topic seems to be the speed of change and the element of the unknown. Is there any advice that you could give to wealth managers as to how they can remain well protected from the threat?
If you do the basics right, then you’re going to prevent around 90% of attacks according to the National Cyber Security Centre (https://www.ncsc.gov.uk/smallbusiness). This includes things such as; making sure only those that need access to systems are given it, password good practice, basic staff awareness to avoid employees clicking on malicious links and regular system patching.
Beyond that, once you know what digital assets you have and a broad appreciation of the threat landscape, then buy point solutions to deal with those threats. It needn’t be as daunting to implement as you might think and the visibility modern systems provide can be easy to interpret and act upon.
5. You have an in-depth knowledge of the cybersecurity landscape and its developments. What would you highlight as the most interesting developments in cybersecurity that can perhaps be deployed today by wealth management businesses?
Artificial intelligence or to be specific, machine learning, is changing the way companies defend and respond to cyber attacks. Security practitioners realise that conventional systems, which rely on static rules and signature detection, will continue to be outsmarted. Machine learning offers many benefits, including adapting to continually evolving and more sophisticated threats. From a wealth management perspective, AI takes the hard work out of security by providing effective outcomes without requiring constant analyst attention. The AI works in the background to complement IT processes and deliver comprehensive security.
Our thanks to Stuart and the rest of the team at Cyberlytic for their views. Click on their business profile or solution profile for further understanding of who Cyberlytic are and what they can do for you.