That was the message of industry leaders, compliance experts and government officials who gathered at the
For investment advisors with a small pool of clients, the threat of a cyber attack that could compromise investors' personal identifying information is especially acute, according to
'BRING DOWN' AN ADVISOR
"I think the risk to IAs in particular is kind of scary because one data breach can bring down an IA, I think, very quickly because of the kind of notifications and the kind of relationships they have with their clients," Stark says. "There's really a direct correlation as opposed to a retail data breach where you may still shop there afterwards. But if your money is in custody with someone and they're handling your wealth and suddenly it's at risk, you might feel differently."
The potential for a cyber attack to bring down a practice suggests that firms can no longer afford simply to relegate security to the IT department. Several participants at the
"Probably 10 years ago maybe this was viewed by some as an IT problem, that this was something that was a central focus of your IT department. But for asset managers today and broker-dealers and fund complexes, this has to be a central business imperative," says
Several speakers also stressed the importance of sharing information about attacks and emerging threats with regulators and through outfits such as the Financial Services Information Sharing and Analysis Center. At the same time, some industry officials suggested that lawmakers and regulators should enact safe harbor provisions to shield firms that do report information about a breach from legal liabilities.
The red flags regulation aims to address one of the most common threats to advisors working with individual investors in a wealth management practice that draws on a combination of technical tradecraft and social engineering. Increasingly, advisors are fielding phone calls from fraudsters who have gained access to someone's identity, often through a phishing email, and try to pass themselves off as a client asking for a wire transfer to an offshore account, or some similar con.
"It's the account takeover that is the number one risk, and that seems to have grown a lot in frequency over the last year or two," says
"The financial services industry is probably one of the most advanced in terms of thinking about cybersecurity, and there's a reason for that, and that is financial service firms over the years have become technology firms," says
But they have also become targets. Of the critical infrastructure industries, financial services is perhaps the most frequently targeted, followed by the energy sector, according to
"Finance probably wins the cybersecurity threat award," Zelvin says. "You are a massive target."
|Copyright:||(c) 2014 Financial Planning. All rights Reserved.|
|Source:||Source Media, Inc.|