“Fast forward two years  through my criminal trial—my $2 million software company is gone, the family business is gone, the tea parties with (my daughters) were stolen from me,” said Sileo. “This time it was not technology that had two faces. It was Doug—a man that I loved and trusted like a brother stole and used my banking login credentials to steal from our clients. He exploited my trust to fund some really sick habits, then he cut the rope and let me fall.”

Rock bottom came two years later, while Sileo was still poring over documents and working late into his evenings to help mount his defense. He found that he had no time to spend with his young daughters. That was when the emotional devastation of identity theft and cybercrime was laid bare for him.

Sileo’s story is an example of a widespread problem, he said. If statistical averages held true, 54 percent of the advisors in attendance should have experienced a breach within the last 12 months, he said. Most breaches, 80 percent, target small or medium sized businesses. The average recovery from loss of assets due to cybercrime is a mere $280.

Today’s hackers aren’t just cracking passwords with technology and diving into dumpsters for scraps of personal and financial information, he said. They’re exploiting human trust and weaknesses through social engineering, said Sileo. They’re posing as bank employees and IRS agents on the phone to attempt to trick victims into giving up personal information voluntarily. The same kind of criminals also look for vulnerabilities in the staff at financial firms.

“You need a reflex and a response,” said Sileo. “What we’re building first and foremost is a reflex that happens when anybody requests information.” This reflex should ultimately lead to staff instantly hanging up the phone on suspicious callers. Staff should be trained to be skeptical of calls, slow down, and think through their responses firs, he said.

E-mail phishing scams—perhaps someone notifying staff of expired software licenses or a bitcoin windfall—are another area where identity thieves attempt to exploit human weaknesses within financial firms.

“You’re reflex should already be ‘baloney, B.S., hogwash,” said Sileo. “You’re never getting something for nothing. You’re just downloading malware onto your systems. The reflex has got to be automatic.”

There’s a related flavor of cybercrime known as “spearphishing,” where a criminal has already accessed a little bit of a victim’s personal information and uses that knowledge to draw more information out or to convince an advisory firm employee to click on a link to a malicious site.

Now spearphishing is AI-enabled. Criminals are using AI to mine social media profiles before contacting a victim to make their scam more believable.

There’s also ‘whaling,’ where cybercriminals are targeting executives instead of the rank and file in hopes of a bigger payday.