There’s a lot to fear in the cyber world: rogue nation states, professional cyber criminals and would-be hacktivists, just to name a few. Their weapons of choice vary in scope and substance, but regardless of the threat actor, investment management firms must employ rigid and resilient protections to ward off the equally sophisticated cyber threats that continue to surface.
During a webinar earlier this year in which we detailed various levels of cybersecurity firms should consider, we asked our attendees to identify what they determined to be the most concerning cyber threat to their business.
Let’s break down these numbers a bit and explain why these cyber threats are eliciting the most fear.
Unauthorized access or theft of data (31%)
Nearly a third of firms selected this as their biggest cybersecurity fear, making it the most common fear among our respondents – and we can understand why. There are a number of ways threat actors and hackers can gain entry into a firm’s systems/network (we’ll talk about those below), but ultimately, that unauthorized access/theft of the company’s data or sensitive information is what could lead to its downfall. From malware threats to social engineering scams to denial of service attacks, threats that results in your firm’s data and assets ending up in the wrong hands are a serious concern.
Malware or ransomware (27%)
The second most common cyber fear identified is one we’ve probably all encountered at some point (albeit likely on a very low-level scale): malware. Between growing malware threats and those of their sophisticated counterparts – ransomware – it’s no wonder this is at the top of some firms’ list of fears. Infected malware has become a relatively easy way for hackers to gain access to firm networks, and thus, get their hands on sensitive material. Ransomware threats have also grown exponentially, understandably concerning many hedge funds and private equity firms safeguarding assets in the millions and billions of dollars.
Phishing/spear-phishing scams (27%)
If you’re a frequent reader of this blog, it should come as no surprise to you that phishing scams were high on our respondents’ list – since we talk about phishing red flags and best practices on the regular here. One of the fastest growing and most sophisticated social engineering methods, spear-phishing campaigns are regularly targeting end users and cleverly tricking them into sharing their credentials, opening malicious content or, in far too many cases, making wire transfers. Read here for some smart IT security tips to avoid succumbing to phishing attacks.
Insider threats – malicious or accidental (15%)
Unfortunately, time and again we see investment management firms with the most sophisticated technologies in place still fall prey to cyber-attacks – and it’s generally at the hands of an internal user. Whether that employee acted maliciously or unintentionally, the threat remains the same and can cause irreparable harm to the firm’s business operations, financial standing and/or industry reputation. That’s why we continually educate our clients on the threats insiders pose to a firm’s security posture and remind them that frequent and ongoing information security awareness training is the best way to avoid these situations in the future.