There are two categories of people: those who have been hacked and those who are going to be hacked. That’s what an FBI official in the agency’s cybercrime department told a standing-room-only client event on cybersecurity hosted last year by LJPR LLC, a Troy, Mich.-based registered investment advisor with roughly $700 million in assets under management. The gathering attracted nearly 300 people and also included the managing director for online security at Charles Schwab, LJPR’s main custodian.  

“Cybersecurity is one of the biggest concerns my clients have,” says Leon LaBrecque, a managing partner at LJPR. “They’re afraid somebody will steal their identity or their money or get loans in their names. We do tax returns, and we’ve had a couple of clients who’ve had their Social Security numbers co-opted and someone filed their tax returns before we did.”

Cybercrime is the seedy underbelly of the Internet revolution, if not its Achilles’ heel. Distressing news headlines about data breaches have become all too common, from stories of external data theft involving the likes of Target, JP Morgan, Home Depot, Sony and Anthem, to internal incidents such as the Morgan Stanley advisor accused of stealing account data from as many as 350,000 clients (some of that data later appeared for sale online).

According to a February report issued by the U.S. Securities and Exchange Commission, most of the firms examined by the agency said they were the subject of a cyber-related incident—88% of broker-dealers and 74% of RIAs reported they experienced cyber attacks directly or through one or more of their vendors. The majority of the cyber-related incidents involved malware and fraudulent e-mails.

In that vein, 54% of broker-dealers and 43% of advisors received fraudulent e-mails seeking to transfer client funds, and 26% of those broker-dealers reported losses related to fraudulent e-mails of more than $5,000. The SEC said no single loss topped $75,000, though one advisor had a loss of more than $75,000 stemming from a bogus e-mail. The client was made whole.

Furthermore, 25% of the broker-dealers that had losses tied to fraudulent e-mails said the incidents resulted from employees not following the firms’ identity authentication protocols. And the one advisor that reported an outsized loss said employees didn’t follow its identity authentication procedures.

Brian Hamburger, president and CEO at MarketCounsel, an Englewood, N.J.-based business and regulatory compliance consulting firm, says most of the juicy data that hackers want typically resides at broker-dealers and custodians. But smaller, independent advisors with less-robust defenses are also vulnerable.

“For better or worse, technology has a tendency to scale itself,” he says. “So while cyber attacks might be focused now on the large pools of aggregated data, it’s easy to surmise that over time hackers will be able to scale their efforts and make it worth their while to go after firms that have less defenses, even if they have less attractive data.”

Depending on what you read, it’s easy to get spooked about this stuff. A report last year from Privide, a cybersecurity firm in Walnut Creek, Calif., said cyber thieves are increasingly targeting high-net-worth families and their professional advisors, including wealth managers.

Among the factoids in the report, some of which were attributed to other entities: 30 million new types of computer viruses and malware were discovered in 2013; one-third of the world’s computers are infected with malware; 740 million personal records were exposed in data breaches in 2013; and nearly $5 billion was stolen from U.S. bank accounts in 2012 by hackers using malware. In addition, European banks last July reported the discovery of new malware that could bypass the two-factor authentication used to protect customer bank accounts.

Anyway, you get the point we live in a scary world considering that much of our vital personal information in the computer age is potentially exposed to nefarious characters, some of whom would love to drain other people’s bank and investment accounts for their own benefit.

So, what is the financial advisory profession doing to protect client assets? And should we be worried, or can we have a degree of confidence that the firms entrusted with our money have what it takes to thwart would-be cyber thieves?

Weakest Link
The good news is that financial services firms, including broker-dealers and custodians who store client assets, are increasingly vigilant about playing defense and keeping up with the latest threats. The not-so-good news is that sneaky minds are always cooking up new threats, and it costs money to combat those crooks.

Last year, the global consulting firm Deloitte issued a cybersecurity report that said financial services firms will need the highest increase in security spending to avert cyber attacks, and that reaching an ideal state of protection would require a 13-fold rise to $292.4 million per company to fend off 95% of cyber attacks.

Furthermore, the report found that 44% of global financial services firms said a lack of sufficient funding is the main barrier to implementing an effective IT security program.

Sounds disturbing, if not daunting, but it’s not a hopeless situation for U.S. securities firms. “Clearly, it’s a high-priority issue, but the broker-dealer community has shown pretty good resilience in dealing with cyber threats,” says Daniel Sibears, executive vice president of regulatory operations and shared services at the Financial Industry Regulatory Authority. “They can’t prevent all threats—I think everyone would admit that. But they’ve done a good job understanding what their vulnerabilities are, and they’ve put in place good incident response plans. And as incidents occur or gaps are identified through practicing incident response plans, improvements occur.”

First « 1 2 3 » Next
To read more stories , click here