With news breaking of the largest bank theft ever — one that has netted as much as $1 billion from 100 banks and other financial institutions in 30 countries since late 2013 — the specter of cybercrime has reached new heights.
Russian hackers infiltrated financial institutions around the world in a complicated, long-running offensive, the cybersecurity firm Kaspersky said Monday. Most of the victims were Russian, although targets included banks in the U.S., Japan and Europe.
Meanwhile, over the year ending in October, more than 500 million financial records were stolen, the FBI reported. Perhaps just as scary, the average breach goes undetected for seven months.
The White House has taken notice. On Friday, President Barack Obama signed an executive order encouraging the government and the public to share information about cyber threats.
Meanwhile, the PureFunds ISE Cyber Security ETF (HACK), which invests in cybersecurity firms, hit an all-time high on Tuesday. The fund, introduced in November, has more than doubled in size over the past six weeks to $231 million in assets, ETF Trends reported.
Tom Giachetti, the securities attorney who writes the monthly Compliance Coach column for Investment Advisor, spoke at the recent TD Ameritrade Institutional conference on How to Survive Today’s SEC Exams: Giachetti. One of his major points: if you have an RIA firm, you must have a cybersecurity policy for your own firm, and your vendors, that withstands muster from SEC examiners.
The staggering scale and growing complexity of cyberattacks should give everyone in the financial services industry pause, along with anyone who uses a credit card. With seemingly every transaction at risk for theft by hackers, the FBI warns that all companies should be beefing up their cybersecurity efforts.
The cybersecurity firm Kroll offers tips to safeguard its data. Chief among them is the need for businesses to hire an outside party to conduct periodic risk assessments. Doing so ensures employees won’t be pressured to gloss over potential problems for fear of putting their jobs at risk.
Businesses shouldn’t rely on encryption alone to secure data because professional hackers can break the codes. It’s also important, Kroll noted, to keep up to date on security patches for software.
Finally, it’s not just the primary business that must be vigilant. In the case of Home Depot, and Target the year before, hackers accessed data by stealing passwords from vendors. Holding suppliers to the same security standards as a company’s own employees is critical.
Despite all the warnings and horrific stories, there appears to be no sign that hackers will be stopped anytime soon.
Individuals would do well to monitor their credit ratings to make sure any credit or identity theft is caught before too much damage is done. It’s also wise to frequently change passwords and to not use the same one for multiple websites.
As a reminder of what can happen to your financial data, read on to learn about six major cyberattcks from the past year targeting financial data. Hack attacks are listed in reverse order of the number of financial consumers affected.
This was the mother of all hacks, based on media coverage anyway, allegedly perpetrated by the North Korean government in retaliation for “The Interview,” a movie about journalists sent to assassinate Kim Jong-un, the reclusive country’s dictator.
(Cybersecurity experts say the hack is more likely an inside job. The FBI maintains that North Koreans are responsible and says the skeptics aren’t privy to all the evidence.)
The hack unleashed embarrassing emails between studio execs revealing their thoughts about stars and even President Barack Obama. The movie’s opening was delayed amid security concerns, and Amy Pascal, many of whose emails were leaked stepped down as co-chairwoman of the studio.
The fallout in financial terms included the theft of Social Security numbers and financial information for 50,000 employees and their dependents. The final accounting of the problems caused by the hack attack is not yet known.
5. U.S. Postal Service