A deep dive into how cyber-attacks affect financial services firms

In this article, we interview Kerrie Machin, a partner at Mitigo Cybersecurity. Kerrie’s 20 years’ experience of working with financial services firms enables him to highlight common vulnerabilities and identify a business’s exposure to risk. His keen eye for detail has allowed him to deliver robust packaged solutions that provide real protection from cyber-attacks – allowing business leaders to get on with doing what they do best.

Share this post

What is a cyber attack?

This is when cybercriminals infiltrate systems or networks in order to deny access to the users or steal data – with an aim to forcing you to pay money to them via a ransom or tricking you or your clients to pay money fraudulently.

What are the main types of cyber attack affecting financial services firms?

Ransomware attacks are one of the main ones – this is where cyber criminals will look to do one or two things. First, they will encrypt your data and your networks, which means you can’t access that information. They will request a ransom or payment to be made to decrypt the system. Or they will steal a copy of your confidential client or business information, and they will threaten to publish it on the dark web unless a ransom payment is made.

Email account takeover is the second – this is where the criminals will infiltrate your email accounts with a view to stealing confidential information or will send bogus emails to your clients to trick them into paying fake invoices.

Who are the cyber attackers?

These are often referred to as hackers. They can be organised gangs based anywhere in the world, often in Russia, or they can be individuals who either write their own ransomware software and infiltrate companies on their own, or they purchase or subscribe to ransomware software which is available on the dark web. Cyber criminals can also be state-sponsored, or even disgruntled employees.

Our financial services firm is only small, surely, we are not a target?

This is not true: criminals look to exploit vulnerability. It is a numbers game, so if they can infiltrate your system, they can then decide how they can exploit that vulnerability. Smaller firms are often easier prey because they don’t understand or manage their risk properly. This is usually because they don’t have the time or the expertise.

What makes financial services firms attractive to cyber criminals?

It is the fact that they hold sensitive confidential client data. Data has value to you and the criminals. Criminals know that you don’t want to tell your clients that your data has been compromised due to a lack of security.

In your experience what are the consequences for financial services firms if they suffer a cyber attack?
The first one is downtime. A ransomware attack could lead to 3-4 weeks of downtime which means the business would be unable to trade (in some instances). An attack can lead to reputational damage, which means you can lose some of your clients. It can also result in regulatory investigation from the FCA, and potential penalties, not forgetting fines from the ICO. Financial loss is another consequence, which can happen especially if you were to pay a ransom or pay money fraudulently to criminals, not to mention the monetary repercussions of the above.

What are the cyber criminals trying to achieve?

They want to make quick, easy money by any means necessary.

So, what can I do to protect my financial services firm from cyber attacks?

Well, there are lots of things that you need to do, but the first thing is to conduct a cyber risk assessment to understand your risk. But some quick wins which could help you make a start include:

  • Utilise MFA where possible
  • Carry out cyber awareness training for your staff
  • Ensure that the appropriate controls and alerts are configured on office 365
  • Ensure your Anti-Virus is up to date and correctly configured
  • Ensure your back ups are tested to withstand a ransomware attack
  • Ensure your firewalls are tested
  • Have a regular patching regime
  • Have a disaster recovery plan – what is your plan if you do suffer a cyber attack? What are you going to do?

However, it is important to mention that this is not an exhaustive list, but it will help you make a start.

What should I do if our financial services firm suffers a cyber attack?

Contact a cyber security specialist immediately, not your IT provider – this is not an IT problem.

Even if my firm suffered a breach, won’t the cyber insurance cover this?

The insurance policy may well cover the cost of the remedial work, and the ransom payment, but you are still going to have downtime. You are going to have to tell your clients that their data has been compromised, which can affect your reputation.

You will have reporting obligations to the FCA and the ICO. You also need to understand how the cyber criminals got in and stop this from happening again. Your insurance could form part of your recovery plan, not replace it: there’s lots more to think about.

CYBER SECURITY UPDATES

Sign up for the latest advice and information about keeping your business cyber secure.

Share this post