The following article originally appeared in Wealth Briefing.
The UK wealth management group hasn't elaborated on the details of how its business was targeted. WealthBriefing talked to an expert about the issues involved.
Recent reports that UK-based Succession Wealth has been targeted by cyber attackers is a reminder to the sector of the threats that exist in the space.
“While purely speculative at this point, the verbiage in Succession Wealth’s statement would seem to indicate that there is a possible chance that this is a ransomware situation which would be quite serious. The ramifications would be based on the impact, which isn’t publicly known right now,” Christian Scott, chief operating officer and chief information and security officer, Gotham Security, an Abacus Group Company, told this news service.
Succession Wealth, which since last August has been completely owned by Aviva, the insurer, has reportedly said earlier this month that it is probing the matter, and has told the appropriate authorities. It hasn’t elaborated on specific details. WealthBriefing has contacted Succession Wealth for comment. It had not received a reply at the point of going to press.
“The security of our clients’ information is our top priority and, as a precaution while the investigation is ongoing, we have quickly introduced additional security measures,” the company has been quoted as saying in various media reports.
“Organizations are having a tough time adapting to the increasingly sophisticated tactics of malicious actors, particularly when it comes to multi-factor authentication bypass attacks as well as post-user-compromise detection and containment,” Gotham Security’s Scott continued.
“Many organizations have become too reliant on a one-time snapshot approach to monitoring the external attack surface of their perimeter via annual network penetration testing. Many organizations fall short when it comes to internal safeguards, such as practicing the principle of least privilege and having effective segregation controls.”
“Wealth managers can better protect themselves by incorporating social engineering alongside their network penetration testing to truly emulate a sophisticated malicious actor targeting their organization,” Scott continued.
“Network penetration testing alone is not enough because it only focuses on technical vulnerabilities rather than the human factor, and 80 per cent of security incidents involve people. Organizations should also consider increasing the cadence of their security testing beyond an annual basis because the security climate changes so quickly.”
Cybersecurity remains an important issue for the world’s wealth management industry. In the US, new Securities and Exchange rules are due to come into play in the spring of 2023 forcing listed companies to report their cyberattacks to core stakeholders, such as investors, customers, and regulators. At present, 85 per cent of such cyberattacks are unreported by organizations because businesses fear a loss of confidence from the public (source: Public Finance, 15 October).
A study of more than 250 single-family offices in 12 countries finds that almost three-quarters of them suffered a breach caused by cyber-attackers, yet 72 per cent don’t have an incident plan to handle the risks and 61 per cent don’t have processes to spot breaches.
About Gotham Security
Gotham Security, acquired by Abacus Group in January 2023, is a boutique cybersecurity firm founded in 2013 and based out of Manhattan, focused on providing high-quality penetration testing, malicious adversary simulation, threat intelligence services, and cybersecurity strategy services. Our team is comprised of elite white hat hackers, known as the go-to "cyber strike team." We are not just excellent at red teaming, more importantly, we know how to communicate cybersecurity threats in a practical way to organizations. We work with a growing number of Fortune 1000 companies across all major sectors of business, including multi-billion-dollar hedge funds, major insurance providers, international options trading exchanges, and more.
About Abacus Group
Abacus Group is a leading provider of hosted IT solutions and services focused on helping alternative investment firms by providing an enterprise technology platform specifically designed for the unique needs of the financial services industry. The innovative and award-winning Abacus Cloud platform allows investment managers to source all technology needs as a service, offering the capacity to scale on demand to meet current and future cybersecurity, storage and compliance requirements. The company has offices in New York, NY; San Francisco, CA; Boston, MA; Dallas, TX; Greenwich, CT; Los Angeles, CA; Charlotte, NC; Miami, FL; and London, England.
These Stories on Blog