Special Feature

Cyber Smarts

Cyberthreats are becoming more devious, and financial advisors represent a key target. Part one of this three-part series on cybersecurity highlights the cyberthreats that advisors face. Part two, on Thursday, explores mobile security, and part three, on Friday, offers tips for minimizing the risk of an attack. Photo copyright: rabbit75123/123RF.

Technology

Cyberthreats are becoming more devious, and they present a key risk to both your business and your clients. Here’s what advisors need to know

By Danny Bradbury |

Twenty-five years ago, cyberthreats were far different than they are today. Virus writers built software to see who could make the biggest impression. Spread by floppy disk, viruses would make their presence known in style, displaying animations on infected machines before deleting the victim's hard drive.

Today's cyberattacks are stealthy and secretive. They infect machines via the Internet, and are after only one thing: profit. They will happily steal money, or data that can be used to get it. Financial advisors are a particularly juicy target because they hold the personal details – and contact information – for wealthy clients.

Big threats to small advisors


Just how bad is the cybersecurity problem overall? According to PricewaterhouseCoopers LLP's (PwC) 2016 Global Crime Survey, 28% of Canadian businesses have been affected by cybercrime over the past two years. The majority of them experienced no direct financial losses, but 31% lost up to $50,000, the consulting firm said, with a smaller proportion losing far more.

Small businesses are a particular target for attacks, according to the 2016 Internet Security Threat Report from Mountain View, Calif.-based cybersecurity company Symantec Corp., which found that 43% of all attacks hit businesses with under 250 employees.

What kinds of cyberthreats are most prevalent? The vast majority of them start out targeting human weaknesses, says Marcus Troiano, senior cybersecurity consultant at Milpitas, Calif.-based cybersecurity company FireEye, Inc.

"Threats in Canada tend to be similar to those currently targeting similar organizations in the United States, and globally," he says. "The vast majority of incidents start out with social engineering elements such as spear phishing, and transform into full-blown compromises of an organization's environment."

Phishing for data
Spear phishing is an evolution from original spam email attacks, which used emails pretending to come from a bank or other online service. They would try to persuade victims to click on a link and enter their account details. These days, attacks have become more sophisticated. Perpetrators research and include some information about their victims to make them sound convincing. Almost half of spear-phishing attacks in 2015 targeted the finance, insurance and real estate industries.

Spear phishing is a common way to distribute another common threat to Canadian financial advisors: malware. Malicious software designed to steal files and passwords is commonplace, and a lot of it arrives via email, Troiano says. Attackers will send supposedly legitimate files such as invoices or shipping notices, which infect machines when opened.
PDFs used to be the main culprit because of security flaws in Adobe products, but things are changing. "Attackers are increasingly leveraging macro-based malware in email attachments, and exploiting browser plugin vulnerabilities to establish a foothold and steal data," Troiano says.

Macros were executable commands embedded in Microsoft Office. Microsoft stopped them from running by default almost 20 years ago in Office 1997, forcing users to manually approve them. Now, attackers are sending malicious macros in documents and using social engineering to persuade users to approve them, reawakening an old threat.

Holding data to ransom
Ransomware is another key threat that is growing in Canada. The software, which encrypts the victim's files without asking, makes it practically impossible to retrieve data from a machine unless given the encryption key. The attackers will only send the key after the victim makes a payment, typically using the digital currency bitcoin, which can be sent instantly to an anonymous address.

According to the Symantec report, Canada ranked fourth on the list of countries hit by ransomware, topped only by the U.K., Germany, and the U.S. Canadians were hit by over 1,600 ransomware attacks per day in 2015, it estimates.
Some ransomware has become even more pernicious. A recent variant, called Jigsaw, not only encrypts files, but then deletes a set number each hour in a bid to encourage fast payment.

Ransomware can be a particular threat for financial advisors, according to Jamie Manuel, information protection manager at Symantec Canada.
"Any profession that deals with sensitive client information, especially financial data, needs to be sure it protects that information from malicious attacks," he says. "Given the type of data that financial advisors have access to, ransomware can be damaging if it gains access to and compromises a system."

The burning question for many will only arise after they are infected: Should they pay the ransom?

"We often see that information is not returned, even if the ransom amount is paid, which means in addition to falling into the hands of cybercriminals, that information can be lost for good," Manuel says.

Cyberthreats such as these could damage your business, but the cost could be just as great to your clients. Attackers may access your system to steal your clients' data so that they can target them for financial attack. They may engage in a ‘whaling' attack, pretending to be you and convincing clients to send money. Or they may send malware from your PC to compromise your clients' computers directly. The opportunities for cybercriminals are fruitful – and only your diligence stands in their way.

This is the first article in a three-part series on cybersecurity.

Up next: Mobile security