By Tracey Longo/ FA-Mag.com
Nearly 75% of the chief information and security officers at financial services firms plan to ask for more money in 2020 to battle cybersecurity threats.
That’s according to a new survey from the Financial Services Information Sharing and Analysis Center, which polled 300 compliance professionals at its annual conference.
The findings mark a sea change in the budget priorities of these security chiefs, a result of the escalating risk that cybercriminals pose to secure financial transactions, said Steve Silberstein, the center’s CEO.
He added that financial companies’ employees and third-party vendors are becoming areas of increasing concern as hackers target them seeking vulnerabilities.
Every week, regulators see more examples of cybercriminals’ evolving ability to target staff, existing customers and financial transactions using websites, e-mail and phone calls that mimic advisory firms and broker-dealers. Regulators from both the Financial Industry Regulatory Authority and the Securities and Exchange Commission point out this problem at FINRA’s annual conference in Washington, D.C., earlier this month.
The onus is on all firms, even small ones, to ensure they have instituted comprehensive and effective security awareness and training, said Greg Markovich of FINRA’s Chicago district office.
Letting cybercriminals hack or trick staff or customers “is a brand hit not only for you, but also for us,” Markovich warned information officers at the FINRA conference.
Can Employees Spot The Fakes?
“We see a lot of phishing and tags directed toward our reps,” said Amie Caban, the chief information security officer at New York City-based Guggenheim Partners, also speaking at the conference.
To combat the increasingly sophisticated attacks “we invest pretty heavily,” Caban said. “Interactive tutorials are mandatory for all our employees and contractors. If you have access to our network, you are required to take our training.”
Guggenheim also conducts simulated phishing campaigns, sending trick e-mails that could be from cybercriminals to all employees to test their ability to spot fakes that could cost the firm millions of dollars.