With advisers continually having to be on their toes to protect themselves and their clients from the growing threat of cyber crime, writes Tom Ellis, strong cyber-security measures are now a financial services essential
Half a billion records have been lost around the world as a result of data breaches, the Financial Conduct Authority (FCA) warned delegates at last year's FT Cyber Security Summit, while 430 million new malware variants were discovered in 2015 alone.
By themselves, such numbers would be enough to make most people a bit queasy about their digital security but - as the regulator's then director of specialist supervision and current acting chief operating officer Nausicaa Delfas also told the Summit - at the time of making her speech last September, there had already been 75 cyber-attacks on financial firms in 2016. In comparison, there were just 27 in the whole of 2015 and a mere five in 2014.
To add to any growing 'cyberchondria' you might now be experiencing, this time last year, using the 31 January self-assessment deadline as cover for their fraud, a group of cyber-criminals had the audacity to break into HM Revenue & Customs' online tax returns in an attempt to steal £100m of taxpayer's money.
And, if they can target the taxman, they can certainly target the investments and pensions of your clients.
Still, rather than sitting in fear and seeing the internet as a cloud-based no-go area with a cyber-mugger lurking in every shadow, you can harness its power to help protect your clients and add extra levels of security to your business.
Financial planning firm Capital Asset Management, for example, this month revealed it had invested in the cybersecurity system FailSafe - a purpose-built, cloud-based document-sharing proposition to help financial firms and their clients share sensitive information securely.
"Over the past few years we've reported several incidents to the police," says Capital director Don Frasier. And while the firm did not have any breaches that passed the "first level of security", he adds, Capital has now deemed both emails and the postal system have become too unreliable for the sending of vital client information and documents.
"We have had few attempts," Frasier continues. "But they have tended to be obvious emails from ‘clients' asking for some money, when a quick follow-up telephone call to said client found they had asked for nothing of the sort. There had been criminal activity on the accounts - it does exist.
"We have also previously had 'intercept' incidents, where we have had client reports undelivered, from us to them, and we have had important documents, from clients to us, lost in the post."
Although Frasier and the firm are happy with the FailSafe service, he admits it was neither cheap nor easy to find and procure the right technology to protect the firm and its clients.
"It certainly took us the best part of a year to do all the associated due diligence," he says. "It wasn't cheap in time and the service we bought isn't cheap in money - but we see this as an investment going forward and we would happily recommend it to other firms."
Writing in his regular Professional Adviser column last year, IRESS executive general manager Mark Loosmore said detecting attacks was becoming harder. "Many hackers will use tactics that are - on the surface at least - deliberately simple but are in fact specifically designed to lure individuals within a company," he said. These simple tactics really can catch firms out.
By the same token, however, the FCA's Delfas pointed out that simple steps can be very effective in protecting against cyber-attacks. At the Cyber Security Summit, she explained most attacks were caused by "basic failings" that can be traced back to issues such as poor perimeter defences, unpatched or end-of-life systems, or "just a plain lack of security awareness" at a firm.
Delfas said the FCA now expected good governance from firms and for their 'security culture' to be driven from the top down, adding: "We strongly encourage firms to evolve and instil within themselves a holistic ‘security culture' - covering not just technology, but people and processes too."
Technology is continually becoming cleverer and more complex - and the same goes for cyber-criminals. Whether it is simply becoming more aware as a firm, taking small, culture-changing steps, or beginning a search to upgrade security and document-sharing systems, a business can always do more to protect itself and its clients from the growing threat of cyber crime.
'Can help iron out rough edges'
How do mergers affect investors?
Our video series continues
Three advisers have their say…
Regulator's data bulletin