Cyber-attacks get personal

By Lora Benson | Aug 05, 2016
Financial services is a key target for cyber-attacks and hacker’s tactics are becoming increasingly personal. IRESS’ Mark Loosmore looks at the signs to watch out for and steps to guard your business

Mark Loosmore, Executive General Manager, Wealth, IRESS

Cyber-security is a constant and evolving threat which already costs the UK financial sector over £700 million each year to prevent attacks.* 

Businesses need to continually monitor potential weaknesses and develop techniques to protect themselves: a particular challenge given that many hackers use deliberately simple tactics that are designed to lure specific individuals within a company.

As an initial phase of many cyber-attacks, hackers will survey a company’s individual employees, particularly the social networking activity of senior executives. One real-life example demonstrating the simplicity and scale of this approach involved a social network post by a senior staff member asking for advice on a planned family holiday. Using this seemingly insignificant piece of information, hackers created a false email address deliberately similar to that of a friend and contact of the executive, with whom they hadn’t spoken for some time. An email from this address was sent to the executive discussing the family holiday, containing a link to an apparently legitimate holiday website that was actually a front for malware which infected the entire company network. 

It’s not just executives of major financial institutions who could be targeted in this way. The close proximity that financial advisers have to sensitive client information and their finances, plus the prominent social media profiles of many in the industry increases the likelihood of being a focus for hackers.

Having appropriate information security management practices in place is critical and firms should seek to adopt these not only across their own business, but also engage with third party providers regarding their approach to cyber resilience. The internationally recognised ISO/IEC 27001:2013 standard provides an excellent best practice framework. 

A key element of the ISO/IEC 27001 standard is promoting information security awareness within an organisation, building a culture of vigilance and individual responsibility. This is something that could be adopted by organisations of all sizes, with programs offering guidance and training at an individual level adding a crucial element of human oversight in preventing this type of attack. 

* Figure taken from The cyber threat to banking: a global industry challenge, BBA in association with PWC

IRESS is the leading software provider to the financial services industry, known best for its market-leading solutions including The Exchange, XPLAN, Trigold and MSO. 

Its systems offer front, middle and back-office functionality for clients that range from financial service institutions through to independent operators. 

IRESS strives for excellence in relationships with clients and industry bodies alike, working with the industry to face challenges and keep pace with industry developments.