As “phishing” attempts and other cyberattacks get more and more sophisticated, businesses are finding it harder to protect themselves from threats. The financial services industry is the primary target of cyber thieves, and no organization is too small to fall victim. Our Cybersecurity issues for investment funds whitepaper explores this topic in more detail.
There are several factors that make funds attractive to cybercriminals. Client data, trade secrets, proprietary research, trading algorithms and access to the funds themselves are some of the top motivators for cyberattacks. Business email compromise (BEC) or “phishing” attacks are the most common. Investment funds are also likely targets of ransomware attacks, in which an attacker shuts down critical operations in demand for payment.
It’s difficult to pinpoint the overall cost of cyberattacks, due in part to the prevalence of attacks and also the many different cost components. Those cost components include numerous quantifiable factors like fines, direct financial losses and the cost to repair damage. Other factors are less easily quantified, such as reputational damage.
The good news is that there are steps you can take to minimize the risk to your firm. The important thing to remember is that it is not a question of “if” but “when” an attack will occur. Employee training helps catch cyber attempts before any damage can be done. Policies restricting the use of personal devices for business purposes help further mitigate threats.
Firms must also ensure their technology and service providers, vendors and other third parties are meeting cybersecurity expectations. SS&C builds, manages and owns the technology infrastructure supporting our fund administration, giving us more control over security measures.