Cyber criminals shift their focus to financial advisers

Cyber criminals shift their focus to financial advisers

Digital experts have warned that hackers could increasingly target financial advice firms now retail banks are splurging on cyber security to protect customers’ cash.

Cyber security has become a hot topic in recent months, with the government launching the National Cyber Security Centre to address weaknesses in the IT systems of financial firms, particularly big players such as banks. 

In February, Lloyds joined forces with the likes of Barclays and Santander to share information about cyber threats, just weeks before the banking giant became a victim of an attack which caused a temporary collapse of its digital services.

Edward Parsons, head of cyber defence at digital security firm MWR InfoSecurity, said retail banks have traditionally been the main target for hackers.

However, he said there is a possibility that improvements made to the digital security of retail banks could displace a lot of crime activity and push it into other financial services sectors, such as financial advice and wealth management.

“The major risk from a financial adviser point of view is you are trusted with customer data that includes personal financial information, which is central to your business.

“An attacker might steal that information and either directly monetise it by selling it to a disreputable broker, or monetise it themselves by targeting clients.”

Last month, the head of adviser support service Panacea revealed he had been the victim of a cyber attack and warned that the hacker was trying to get hold of contact lists. 

Earlier this year, discretionary fund manager Hawksmoor was affected by a phishing scam, but said it was taking “immediate steps” to prevent the issue from happening again.

Mr Parsons said on face value it would make sense for hackers to go after the small firms which might not have robust cyber security systems in place.

However, he said there was something called “security by obscurity”, meaning companies with a relatively low profile are less likely to be targeted when compared to larger players such as high street banks.

The cyber boss also suggested some financial services organisations might be too complex for outsiders to be able to understand, or some might hold information which is not directly monetisable.

“If they can hijack someone’s bank account then they can make payments on their behalf and immediately get money out. But if an organisation does not have that kind of functionality, then attackers are less likely to target them.”

Matthew Webb, head of cyber at insurance group Hiscox, said: “Even when you look past the banks, financial advisers and wealth managers are rich sources of data.”

He described this data as a “treasure trove” for the hacker, and therefore said it was no surprise that these companies are seen as a lucrative target.