Cybercrime has gone far beyond the world of science fiction to hard reality as firms, including wealth management organisations, have been targeted. This article explores the risks.
Every reader should know about keeping passwords secure and being careful about whom they let near their private information. In the world of private banking, however, even some of the more robust institutions have fallen victim to cybercriminals.
The stakes are large: a single successful hacking attack can destroy reputations built up over hundreds of years within seconds.
Spending on fighting the menace is increasing year on year and with more and more business transactions taking place online the problem is likely to get worse, industry figures say.
Cybercrime costs the global economy $445 billion every year, according to a study by the Center for Strategic and International Studies, a US organization, and Coutts, the UK private bank, estimates security could end up representing about 30 per cent of private banks' technology budgets.
“It is an issue we take very seriously,” said Adam Wethered, co-founder at wealth manager Lord North Street (now merged with multi-family office SandAire). “The answer is to have good internal and external IT services, which means having the right processes, standards and disciplines in place,” he said.
Yet wealth management firms who cannot combat this threat have lost clients instantly and figures show they do not return, experts have told this publication.
“Of course the primary hit from the crime is the loss of money but then its reputation and the disruption to the internal systems,” said Sarah Stephens, head of cyber and commercial at Aon Risk Solutions. “It is the soft costs that actually become the bigger problem.”
Unsurprisingly, wealth management companies based in the UK, US and Germany are the prime targets for hackers hunting monetary rewards. The hackers often work together in what are known as “cyber syndicates” – 100-man teams focused solely on breaking down corporate security systems. And evidence shows they are becoming increasingly more sophisticated, recently developing a practice commonly known as “spear phishing”.
In this instance the hacker will send what looks like an authentic email from a wealth manager to a client or individual asking for specific personal financial information or log on details. If the individual falls for the spear phisher's ploy, the attacker can masquerade as that person and gain further access to sensitive data or move money around.
According to Kroll, the global risk consulting firm, other tactics include setting up bogus WiFi networks at airports and hotels, which travelling wealth managers inevitably use.
The fraudsters then send an email to a clearing bank asking for large sums of money held on behalf of clients of the wealth manager to be moved to other accounts.
These emails are usually flagged up as suspicious by security and as a result the clearing bank will email the wealth manager to ask for clarification. However staff at the latter will never see this email, as the fraudsters will have set up an email filter, and can confirm the transaction themselves.
“The hackers are highly technical and becoming increasingly skilled at targeting financial firms,” said Stephens. “It’s a critical issue for firms and the bad guys are just as sophisticated as the good guys. It requires constant vigilance.”