Ever since the introduction of smartphones to the workplace, the IT departments at asset management and investment firms have been trying different methods of integrating them with the wider IT strategy. What began as a consumer technology quickly became a tool that enabled businesses to be more agile and allowed employees to stay connected while out of the office.
However, when it comes to valuable asset management and investment data, this new mobile workplace has brought unprecedented challenges along with it.
The security challenges facing asset management and investment firms
Security is one of the biggest problems facing financial services firms today. The volume of sensitive data that these firms handle means a breach could be catastrophic. In 2017, there were many high profile security breaches with companies from almost every industry being hit. From WannaCry which spanned over 150 countries and infected over 300,000 machines, to NotPetya, the headlines were constantly filled with stories of security breaches.
According to Accenture’s High Performance Security Report 2016, financial services firms are experiencing an astounding number of cybersecurity breaches. Reportedly, a typical financial services organization faces an average of 85 attacks every year, with an estimated 1 in 3 succeeding.
Research by IBM showed that in 2016, the financial services sector had been attacked more than any other. In the UK, there were two big banks which were hit in 2017, Lloyds Banking Group and Tesco UK. Others include a UK Institution that was infected with the Retefe banking trojan, which ultimately led to 9,000 customers having their accounts emptied. In Ukraine and Bangladesh, two banks lost $10 million and $81 million respectively as a result of sophisticated cyber attacks. In just the past year, successful DDoS attacks have targeted finance companies in Canada, USA, the UK, France and Greece.
How are the criminals getting in?
Asset management firms have been accused of becoming complacent in the area of IT security in the past and mobile is widely acknowledged to be the weakest link in the enterprise IT infrastructure. Wandera’s latest Mobile Data Report investigates the current status of mobile usage and security in asset management and investment firms. It is designed to provide insights and best practice guidance on keeping mobile devices secure and managing data consumption. The report analyzed data from 25,000 corporate mobile devices given to employees across 64 asset management and investment firms to find out where they are exposed.
Years of hard work to defend businesses against email phishing has left many organizations complacent in staying protected from phishing conducted over mobile apps, social media and other more novel approaches. In 2017, 81% of successful mobile phishing attacks took place outside of email, as reported in Wandera’s recent mobile phishing research. Looking at the devices being used by employees at asset management and investment firms, Wandera found an average of 53 phishing attacks per month per 100 devices. That means, on average, around half of all employees will be exposed to a mobile-based phishing attempt every month.
Malware is among the most troublesome of problems for security teams, and mobile has become the most fertile ground for hackers to operate in. Research from Gartner in 2017 showed that mobile malware had grown by 100% year-on-year, and a concerning number of new attacks are focused on iOS, not just Android. Analysis of the number of times that known (and unknown) malware was prevented from being installed in the Wandera network reveals how common malware infection typically is for asset management firms. Around 9 corporate-owned devices in an average 100 device asset management and investment firm attempt to download malware every month.
Data leaks and man-in-the-middle attacks
Security is often an afterthought when creating apps. Developers tend to be more focused on making sure the app is user-friendly and intuitive to use, as well as getting it out to market as quickly as possible. Without following rigorous secure development practices, apps that leak sensitive PII can find their way on to the official app stores presenting a very real problem. According to our research, for every 100 devices in a financial services firm, there will be almost 1000 connections to leaking sites and apps each month.
When a leaking site or app is being used on an open Wi-Fi network, the unencrypted information can be harvested by a malicious actor or “man-in-the-middle”. Depending on what is being leaked, this Wi-Fi risk could lead to credit card theft, identity theft, or even the reuse of login credentials to access a corporate network.
Man-in-the-middle attacks are increasing inside asset management and investment firms. In the average 100 device company, approximately four will be vulnerable to a MitM attack over the course of a month. Couple this with the amount of leaking data and a hacker could gain access to the corporate network with very little effort.
Protecting your organization
Mobile security is an area which can no longer be ignored. Asset management and investment firms should make sure they have the tools in place to protect against mobile attacks. For more information on the threats facing financial services firms and how best to protect your mobile estate, download our latest Mobile Data Report. http://go.wandera.com/AssetManagementMDR-TrinityMaxwell.html