As Cyberthreats Mount, Advisors Have a Target on Their Backs

Attorney Brenda Sharton is an old hand at helping companies navigate data breaches. In a typical week, she would work on recovery efforts from two or three cyberattacks—a steady but manageable pace.

Then came the novel coronavirus pandemic, and the volume of attacks skyrocketed.

“Over the course of a long weekend we had nine of them,” she says of one period late last winter. 

Hackers thrive on crisis and disruption, says Sharton, litigation partner and global co-chair of the privacy and cybersecurity practice at the law firm Dechert. As businesses follow tentative return-to-office plans even as the Delta variant surges, she worries about another burst of cyberattacks, which this time could include even more financial advisory practices.

Hackers eye all sorts of businesses, but wealth management companies make particularly alluring targets, thanks to their proximity to vast sums of money and the detailed Information they hold on wealthy clients.

“The two holy grails for these people are money movement and data access,” Wealthcare President Matt Regan says of today’s breed of cybercriminals. “Bank robbers rob banks because that’s where the money is, and this is where the money is.” 

Experts paint a troubling picture of increasingly sophisticated—and successful—ransomware and other attacks aimed at high-value targets, in some cases with demands for millions or tens of millions of dollars in exchange for encryption keys to unlock a captive system or the return of sensitive data.

Last week brought a fresh reminder that regulators remain concerned about how wealth management firms are protecting client data. The Securities and Exchange Commission announced settlements with three brokerage firms—Cetera, Cambridge Investment Research, and KMS Financial Services—stemming from security breaches, with the companies collectively agreeing to pay $750,000 in civil penalties and take steps to improve their security posture. 

In each of those cases, hackers gained access to client information through compromised email accounts of employees or contractors, according to the SEC. All told, the email hacks exposed the personal information of more than 11,000 clients across the three firms, the SEC said. 

With twin prizes of money and sensitive information in their sights, hackers already have been barraging advisors with cyberattacks in recent years. One of their favorite tactics is to obtain log-in credentials to access a firm’s systems. SOURCE