Some businesses were driven to quickly put systems in place as the pandemic drove a sudden move to remote working. This has however meant that despite most businesses having a cybersecurity strategy in place, they haven’t had the time to understand everything that these new technologies can do, according to George Ralph, global managing director at RFA, a cybersecurity provider to the financial services sector.
A lot has changed over the last 18 months, Ralph said, with the majority of fund groups and fund administrators having a solid hybrid cloud setup. But the pandemic and the move to a hybrid working environment has exposed some of the security risks in systems as the number of endpoints increased significantly, he added. As a result, breaches have come more commonplace.
Ransomware attacks up sharply
Indeed, ransomware attacks were up 435% in 2020, according cloud messaging software provider Retarus, as compared to 2019 and malware increased by 358%. The group said cybercrime is projected to cost the world $10.5 trillion annually by 2025.
Ralph said fund administrators and managers have started moving towards technology such as managed detection response services and using behavioural analysis to monitor for anomalies. They are also using collaborative tools like Teams and Sharepoint, but more education is needed on how these apps work, he added.
“The platforms have wider capabilities firms aren’t aware of such as data capture and security functions. Spending time helping them understand how their systems and apps work is something we have been very much focused on, given the speed at which many firms had to put these systems in place,” he said.
Refine and tailor cybersecurity
“Ultimately, cybersecurity is part of the wider digital transformation scope, where now you have the systems in place, you need to refine and tailor them to your specific firm to ensure long run security.”
Key vulnerabilities for fund administrators include how distributed the network is, how many endpoints there are and how data is transferred within the workforce, Ralph said. Another key vulnerability stems from whether fund admins understand their data journey, even the basics of how data travels within the cloud to the endpoint, as data in transit is at greater risk.
He added: “In terms of reporting data, some firms often don’t have a handle on where it is, where it is stored and how to visualise it, putting it at risk. In terms of client data, should that be breached, you face reputational and regulatory risks.”
Embedded in all aspects
Chief security officer Peter Kavanagh at Apex Group, a global financial services provider, said cybersecurity has become embedded in all aspects of the company’s business, from initial project design to day to day working practices.
“We take the possibility of data breaches and system breaches very seriously. Employee training and awareness is key, and in addition we always deploy appropriate measures centrally using layered controls and strict principles. An example would be our use of Multi Factor Authentication on every account to reduce the risk of business email compromise and safeguard data,” he said.
Latest intelligence
The group also makes sure to use the latest cyber and threat intelligence to enhance its security model.
“This includes the introduction of additional security technologies, reducing the attack footprint while improving our monitoring of the environment. We have increased our training and awareness programs for employees and are continuing to formalise our cybersecurity frameworks in line with industry best practices,” Kavanagh added.