As a High Net Worth individual, or indeed anyone who owns an investment product, you expect the financial services firms looking after your money to be extra-secure. But they're not - far from it. The EU is suffering a growing cyber security gap, with almost a third of those quizzed suffering a breach during 2018. And it looks like phishing is outranking ransomware in popularity right now. Here's the news.
Cyber threats, data breach and the UK financial services sector
As reported by Citywire, it looks like 'wealth firms' are not keeping up with today's fast-growing digital dodginess. The industry's regulators and various specialists have all given stiff warnings following a worrying discovery by the Financial Conduct Authority, which noticed a dramatic 187% increase in tech outages through 2016 and '17.
Apparently far too many wealth firms use outdated, manual processes to protect themselves, and the most ignorant of all feel they're safely under the radar, of no interest to cyber threats. As a result many of them are ignoring the issue. Email security is one of the simplest things to deal with, but they're not even doing that, and the result is 'a lot of email compromise.’
It seems ironic that some of the old-school methods firms used pre-digital remain the safest and most secure, simply because they keep information offline. Take the humble landline, a relatively safe bet. Sadly regulatory pressures to standardise, automate and record every single communication mean it's hard to stop vulnerabilities and impossible to roll back time to the pre-digital age. Digital isn't going to go away. It's here for good, and so are cyber threats.
Some wealth firms cite the cost of cyber security as an issue, but you'd think the cost would come second to the excellent digital security that their customers deserve, that we all deserve. It looks like almost a fifth of the extra tech outages in 2018 were down to cyber security failures, according to the FCA.
In 2018 the FCA's report on Cyber and Technology Resilience revealed smaller financial services firms were relying on manual processes or no process for detecting attacks. Bigger firms tended to be more likely to have defensive systems in place, but a 'widespread lack of staff training' isn't helping. Just 47% of financial services firms give people in high risk jobs the extra training they need.
If you're an investor, a saver or anyone else with an investment product, you might like to ask your provider for reassurance that your data is properly secure and their systems protected.
The EU's growing cyber-security gap and Britain's comparative cyber-confidence
An excellent article on the Professional Security site claims 29% of EU businesses they surveyed saw a cyber breach in 2018, but just over half of them feel their digital systems are properly secure despite being attacked. So says the 2019 Thales Data Threat Report – Europe Edition, which contains research and analysis from IDC.
Over 84% of EU organisations quizzed say they use - or are planning to use - 'digitally transformative technologies' in future, things like the cloud, big data, mobile payments, social media, blockchain tech and the Internet of Things. And while it's great from a business perspective, it's also leaving sensitive data exposed. It's clear many EU companies still aren't that concerned about data breach prevention, which isn't seen as a priority. Instead they're focusing best security practice and brand reputations.... and it's a dangerous situation, leaving them very vulnerable.
It's about time every EU organisation that deals in any way, shape or form with the digital world took a long, hard look at their encryption and access management protocols and technologies, and secured every element of it before it's too late. In a world where just 55% of EU businesses believe their digital processes and systems are very or extremely secure, it's time for change. The UK is the most confident of all at 66%, but that isn't exactly impressive. Come on, people!
Phishing beats ransomware hands down
Last week we reported that ransomware is down. Now, as reported by Channelweb, there's some agreement, with just 17% of IT decision makers polled in CRN's latest research claiming they've suffered a ransomware attack. 23% of UK firms asked feel phishing, not ransomware, is the biggest threat right now. The research involved 156 IT decision makers from UK private and public sector companies.
Ransomware dominated the media from 2016-17, forging ahead of attacks from cybercriminals, endpoint security, compromised business email systems and DDoS attacks in the risk stakes. Four percent of those attacked by ransomware actually paid the fine demanded by the attackers, and 46% had been affected more than once. Now phishing seems to have taken over.
It's interesting to note that 4% of all people who responded had been compromised thanks to a breach in a partner company's system, two suffering a phishing attack thanks to partner data theft or breach. 62% of those asked said some of the devices at their workplace were still running Windows 7, which is quite frankly ridiculous, and of them a third felt upgrades wouldn't be carried out to all devices, despite the danger and despite Microsoft stopping support for Windows 7 from early 2020.
Get qualified, know how to stay safe from cyber threats
The Cyber Essentials Plus and Cyber Essentials Schemes provide all the insight and wisdom you and your people need to stay safe from cyber threats and spot cyber attacks – contact us to find out how.