© The Financial Times Ltd 2015 FT and 'Financial Times' are trademarks of The Financial Times Ltd.
July 19, 2013 4:55 pm
Wall Street’s banks and brokerages came under a sustained cyber attack last Thursday as hackers attempted to bring down online banking and trading operations at 50 top institutions.
Websites were subjected to distributed denial of service (DDoS) attacks to put them out of action, and a ‘malware’ infection was aimed at trading platforms, in an digital offensive dubbed “Quantum Dawn 2”.
If this sounds more like a film than reality, that may be because the cyber warfare was part of a simulated exercise to test financial institutions’ ability to withstand global threats.
It came two months after eight members of an international cybercrime ring were indicted for allegedly hacking into the systems of global banks, stealing customer data, and inflicting $45m of losses on the global banking system.
But, as the multinational banks have increased their efforts to thwart such security breaches, the cyber criminals have been forced to target smaller prey – and these include London’s wealth managers and stockbrokers.
“We are seeing a trend [for cyber criminals] to target smaller institutions who have higher value customers,” explains Stephen Bonner, a partner within KPMG’s information protection and businesses resilience team in the UK.
“Very effective work by large retail banks to protect online retail banking is moving the attacker away to easier targets,” he warns. “We’re seeing them attack smaller institutions that historically didn’t have enough customers to make it worthwhile.”
Mr Bonner says that this “displacement” phenomenon in the cyber security landscape has also pushed the online security to the top of the agenda for UK wealth managers and stockbrokers.
Rathbone Brothers, a wealth manager with about £20bn of funds under management, says it is aware of attempts to hack in to its client data.
“We’ve got 40,000 clients, and the fraudsters are just becoming more sophisticated,” says Andy Pomfret, chief executive of Rathbones. “You constantly have a few people trying to [hack] in.”
Rathbones has emulated the big banks in putting its systems to the test, by having so-called “ethical hackers” attempt to access its data.
Mr Pomfret says he also encourages his investment managers to talk to their clients as much as possible, to reduce the risk of identity theft. “It’s much harder for someone to impersonate a client when you’re actually talking to them,” he says.
Rathbones is not alone. According to the Association of Private Client Investment Managers and Stockbrokers (Apcims), cyber criminals are targeting the clients of UK brokerages.
In recent months, one Apcims member firm found that online fraudsters had set up a website identical to its own, and urged clients to buy certain shares – in an online version of a “boiler-room” scam.
“It turned out [the firm’s clients] were buying into a Ponzi type fund, which means you don’t get your money back,” explains John Barrass, Apcims’ deputy chief executive.
Although the scam was caught quickly, Mr Barrass says the attack has served as a “very big warning sign” to financial companies about the need to protect themselves against cyber crime.
Many UK companies have increased their spending on methods to combat cyber attacks.
KPMG says the number of wealth managers and brokers that have approached the firm for advice on online security has roughly doubled in the past 18 months.
Charles Stanley, the stockbroker and wealth manager, sends its IT staff for cyber security training at the Chartered Institute of Securities and Investment (CISI). It is one of many seeking to make its staff more aware of the risk.
“Over the past year or so, I’ve seen much greater attendance from middle ranking firms, from the wealth management side and from the wealth management [business] of the big global banks,” says George Littlejohn, a senior adviser at the CISI.
KMPG says that wealth managers have one advantage over the large banks in tackling cybercrime: they are “closer to their clients’ behaviour”, and therefore more able to detect unusual activity in their accounts.
However, they also bring one disadvantage. “With the very high-net-worth individuals, they expect a much more personal touch,” says Mr Bonner. “[They] are less willing to accept some of the inconveniences of higher security.”
Copyright The Financial Times Limited 2015. You may share using our article tools.
Please don't cut articles from FT.com and redistribute by email or post to the web.