For advisors and broker-dealers, the threat of cyberattacks and compromised data keeps them up at night. A 2018 poll done by the Investment Adviser Association found over 80% of advisors think cybersecurity is their top compliance challenge.
And Investment Advisor’s latest survey of independent broker-dealer executives revealed that nearly 70% see cybersecurity as their greatest long-term technology concern.
It’s no wonder. In mid-January the Securities and Exchange Commission charged nine defendants in connection with hacking into its Electronic Data Gathering, Analysis and Retrieval, or Edgar, filing system and using non-public information to use for illicit trading in 2016 (for which they made about $4 million in illegal profits).
The cybersecurity firm Bitdefender says that nearly half of financial institutions experienced a breach in the past year, with close to 60% having an advanced attack or finding signs of suspicious behavior in their infrastructures. In addition, an often-cited report from Raytheon-owned Websense concludes that “the number of attacks against the finance sector dwarfs the average volume of attacks against other industries by a 3:1 ratio.”
As for the recovery costs from data breaches, financial firms spend more than the overall U.S. corporate average of almost $7.4 million in 2018, according to the latest study conducted for IBM.
Plus, there are broader issues at stake — such as how vulnerable the U.S. financial markets are to both cyberattacks and cyberterrorism. Could a cyberattack on a stock exchange, banking system or the Federal Reserve potentially disable or even halt the global financial system?
To look at these critical issues, ThinkAdvisor spoke at length with Sid Yenamandra, the co-founder and CEO of cybersecurity firm Entreda.
Yenamandra, who is well-versed in the potential causes of a major cybersecurity-related disruption, breaks this subject down into three areas — (1) the overall threat posed to the industry by cyber attacks; (2) what cyber insurance is, what risks are facing cyber insurers and how these risks can affect the broader financial system; and (3) what actions financial firms are and should be taking to improve their cybersecurity.
ThinkAdvisor: How could a cyberattack imperil our financial system?
Yenamandra: Cyberterrorism is the next frontier in terms of any sort of terrorist attack that could occur as a top threat-maker, and I completely agree that a cyberattack could cause the next financial crisis either directly or indirectly.
Here’s a couple of examples that were cited in a recent Harvard Business Review article that are on point.
First, an attack on a bank. A cyberattack could be leveraged to trigger a run on a bank. And it’s been demonstrated in past real-life incidents. With the recent hack that occurred — and it’s not the first time — on the [Society for Worldwide Interbank Financial Telecommunication or] Swift codes, where a small bank was compromised.
The Swift codes were used to basically issue a bunch of illegal transfers, some of which actually went through. The Swift system is the central nervous system of most banks, so it’s the key [area where a cyberattack] could bring down the banking system.
Second, there’s a difference between a hacktivist and script kiddie. A hacktivist is typically someone who is a bit more organized in terms of what they’re trying to actually accomplish.
A script kiddie is generally an unsophisticated hacker building something to solve a particular problem that gets blown out of proportion and has unintended consequences, which is what happened with the hacking of Twitter, Facebook and some of the big systems [recently] — that is, the denial-of-service attacks that happened. That could certainly have ramifications, but it’s not something that would actually cause the next financial crisis.
TA: What’s the difference between a cyberattack and cyberterrorism? And how should firms address these risks?
Yenamandra: The distinction would be the scope and the impact of the attack. A lot of times, hackers are targeting the vulnerabilities of a single organization. Now, you may be part of a sweep where your organization is one of 50 organizations that hackers are targeting to see if they can exploit the vulnerability. But those [threats] tend to be more opportunistic then they are targeted.
A cyberterrorist activity, on the other hand, is a cold-blooded, premeditated attack to try to bring down something to cause mass-scale harm, [such as to] cause a financial crisis by bringing down the banking system or affecting a large network of folks, like an attack on the stock market. That’s not just a cyberattack, that’s cyberterrorism.
A firm can do a lot to prevent a cyberattack. But on cyber terrorism side, that’s harder to protect against, because you’ve got nation-state actors, an organized crime unit, pretty large scale and sophisticated threat actors that are doing big things.
How would you prevent a threat actor a nation state from bringing down the stock market? If you’re an organization that’s investing heavily in funds that trade on the market, there’s nothing you can do with any organization that’s going to prevent that.
The best you can do from an operational standpoint is to essentially have some sort of insurance program in place that can protect you from loss of revenue in the event of cyberterrorism. Many insurance policies do actually have that as part of the underwriting.