HIGH-QUALITY
USE HARD COPY REPRINTS , PDFS , AND PLAQUES TO
TECHNOLOGY & OPERATIONS
PROMOTE ACCOLADES WITH
HIGH-QUALITY
CUSTOM REPRINTS AND AWARD LICENSING
USE HARD COPY REPRINTS , PDFS , AND PLAQUES TO
SHOWCASE SUCCESS
ACROSS YOUR :
website office social media
marketing campaigns and more
Start now at : fa-mag . com / reprints
to alter wiring instructions on home closings just before the money is transferred out of the clients ’ custodial accounts .
Meanwhile , social engineering attacks designed to dupe company employees are becoming much more widespread . Cybercriminals will pose as clients or employees by gaining access to their personal devices and online accounts to initiate fraudulent transactions . They also employ “ SIM-card swapping ” tactics that allow them to redirect calls sent to a client ’ s or employee ’ s cell phone as well as “ deep fakes ”— AIgenerated clones of downloaded voices and images taken from videos in improperly protected social media accounts — to pose as the client or employee on confirmation calls and convince wealth managers that the transactions are genuine .
That means figuring out what exactly happened is not a straightforward process . Rather , it requires “ reverse-engineering ” the attack to determine how it was initiated and why it succeeded .
The first step is to determine how and why money was transferred out of a client account , including everyone and everything involved . Did an employee authorize the transaction ? Why ? Were cybercriminals able to access company systems ? If so , did employees follow company protocols and what transaction confirmation steps did they execute ?
A correctly configured company system should be compartmentalized and segmented — which means that if a cybercriminal has been able to breach one part of the network , they can still be blocked from the rest of it . Companies should also have logs that automatically record it every time the system is accessed — and by whom and with what credentials .
Networks should also track the levels of activity over time , automatically identifying anything unusual . For example , an employee accessing company systems in the middle of the night could be a potential red flag . A cybercriminal may have stolen that individual ’ s credentials and used them to log in .
It is likewise essential to conduct a virus scan to identify any lingering malware or code that must be removed — things such as malicious files , registry entries and network connections . These scans are far more sophisticated than typical antivirus checks and use deep scanning , behavioral analysis and forensic tools to uncover hidden threats . Of course , accomplishing all of this requires IT professionals with a great deal of cybersecurity and forensic experience , including the ability to analyze breaches and remediate them .
The first rule of cybersecurity is that everything connected to the internet has been or will be breached eventually . Blockchain has been breached . So has the cloud .
Unfortunately , cybersecurity has been an afterthought for most wealth management firms , which have been more focused on keeping their IT systems inexpensive and easy to work with rather than making sure the systems are secure .
Unsurprisingly , many firms rely on locally managed IT service providers . These are usually very small companies that largely sub-license and manage off-theshelf software packages for all kinds of small businesses , and they have less insight about the needs of wealth managers , whose firms are very different and far more attractive targets to cybercriminals . Even worse , few of these providers have material cybersecurity expertise , much less the ability to help analyze and remedy a breach .
The first rule of cybersecurity is that everything connected to the internet has been or will be breached eventually . Blockchain has been breached . So has the cloud . Even the CIA and the Department of Defense .
At some point , so too will every wealth manager . The only question is whether they will be able to navigate the path to recovery .
MARK HURLEY is the CEO of Digital Privacy & Protection . STEVEN RYDER is the chief strategy officer of Visory .
30 | FINANCIAL ADVISOR MAGAZINE | JANUARY / FEBRUARY 2025 WWW . FA-MAG . COM