If it looks like cybersecurity experts are making things up as they go, that’s at least partly true, Theresa Payton said in her session at TD Ameritrade’s National LINC 2016 conference.
“We do know what we’re doing, but attacks are changing daily. The hackers are changing and the technology [being introduced] at work and at home is changing,” the former White House chief information officer and founder and CEO of Fortalice said during a keynote on Wednesday, and security strategies are forced to be nimble to keep up.
In fact, a new deviant of malware is discovered every 90 seconds, she noted. “Bad guys have tools. They know you’re using antivirus and anti-malware software, so they change one or two lines of code” to get around the software.
Protecting their firms from hackers is not a spending problem for advisors, Payton said, it’s a thinking problem. “Security doesn’t always require opening a checkbook.” but it does require advisors to think differently and creatively about where they are vulnerable, she said.
One huge vulnerability is the clients themselves because cybersecurity protections aren’t “designed for the human psyche.” She said 95% of breaches over the past two years have been a result of human error, and of those, 78% were because the user was tricked.
Emails from Nigerian princes promising untold riches are easy to spot as a scam, but advisors have to be aware of the ways hackers use social engineering to breach their firm’s cybersecurity. Hackers can mine employees’ or clients’ social media accounts for geotags, names of loved ones and their interests to the extent that they can “trick a coworker or loved one into thinking [they’re] in the trusted circle.”
“You have to be on social media — your clients are on social media, you have to have a presence — but what you want to think about is, ‘is there a way for someone to socially engineer our company, get in the door” and trick us into giving up valuable assets, Payton said.
She urged advisors to identify their top two most valuable assets: