Print this article
Cyber-Crime: The Ever-Evolving Threat That Wealth Managers Must Care About
Josh O'Neill
25 September 2017
Cyber-crime is evolving. Family Wealth Report last week held a conference about cyber-security issues and family offices and a report from that event is forthcoming. For more details on that event, held in New York City, see here.
No longer are digital threats confined to computers and systems connected to the internet. The reality is that the number of hacks and data breaches occurring on the back of physical infiltrations is rising, and this poses a serious threat to private banks and wealth managers.
Criminals rob banks “because that's where the money is,” infamous US bank robber Willie Sutton once said in response to a question of motives.
If bank robbers follow the money, then an obvious target might be an institution storing swathes of personal data tied to potentially trillions of dollars of assets globally.
“It really is the crime of our time,” Terry Wilson, a director at the , a firm that provides business insurance against cyber attacks. “The biggest challenge is the people side of things.”
It is inherently difficult for institutions to stay steps ahead of the hackers hunting them as it is unknown what form the next attack will take. In many cases, the panelists explained, hackers will exploit a weak point in a company’s cyber defence, carving out a permanent entry point if left unattended. Once a firm realises its systems have been breached, the relevant person will typically perform what is known as a “patch”. This is a quick, cost-effective fix that like repairing a broken link in a chain instead of replacing it means leaks can be plugged without firms having to revamp their entire systems.
But the results of patching can be crippling.
Not only does patching contribute to the pressing issue of legacy systems - when a bank’s digital foundations are rotten because old software has been piled on top of over years - it can also be a drawn-out process, Wilson said.
“I have seen some firms with a 14-day procurement policy to implement a patch,” he said. “I find that incredible. Would you leave your building open for 14 days? If you were a wealth manager, would you leave your client’s account open for 14 days? That’s exactly what organizations are doing in terms of their IT systems. Hackers think: ‘they deserve it’.”
Not paying the price
One of the driving forces behind cyber-crime is the fact that “the risk to cyber criminals is very low, yet the financial yield is very high,” Wilson suggested.
One supporter of legislation against cyber-crime, Lamar Smith, once said: “Our mouse can be just as dangerous as a bullet or a bomb.”
The longest jail sentence ever handed to a cyber criminal was 27 years, after a Russian hacker was earlier this year found guilty of stealing millions of payment card details. The severity of this sentence, however, is extremely rare and most prison terms will not exceed 10 years.
“It is a huge attack on the legal system,” Wilson said. “We need to raise the risk level for criminals.”
At a time when data is considered a valuable commodity, collaboration is key to making headway, the panelists agreed.
“Information, best practice and intelligence should be shared, and organisations should work with law enforcement to pursue criminals,” Wilson said.