Cyber offence, defence and learning to play chess

Wealth Management and Private Banking

19 July 2016

Wealth Management and Private Banking

A Meeting of Minds Wealth Management & Private Banking June 2016

Experts: Stuart Laidlaw and James Mertek, Cyberlytic

Key message

With the continued danger posed by hackers, cyber-terrorists and criminals, cyber security is of paramount importance to the wealth management space. Despite its importance, the unfortunate reality is that cyber-attacks are becoming more, not less commonplace. Firms will need to have multiple layers of depth to protect the most important client data.


  • Cyber-crime is an incredibly lucrative industry and is only likely to become more so as coding and scripting because a core part of education.
  • It is incredibly hard to prosecute as hackers base themselves out of jurisdictions with no extradition agreements
  • Attacks are not just increasing, but they are becoming increasingly more difficult to counter, with some attacks requiring the immediate removal of affected computers and platforms from networks
  • It is absolutely critical that firms know precisely where their crown jewels are, to ensure they are protected to the utmost.

Key themes

Every year, it is estimated that USD445 billion of money is stolen as the result of cybercrime – but it is not just money which can be stolen with intellectual property also being at risk.

Of the incidents of cybercrime which occur, 75% of them happen across five industries, with finance and insurance being the most affected, followed by manufacturing, information and communication, retail and wholesale and health and social services.

The reality of cybercriminal activity is that it is cross-border in nature and it is not easy to prosecute people as a result.

In the UK alone, last year, there were 7 million reported cybercrimes – one every 4 seconds, with hackers and criminals from up to 50 countries at any one time attacking the UK’s cyber infrastructure.

Yet despite the obvious threat posed by those from outside of the UK and the difficulty in tracking those responsible down, the most likely to attack are insiders, specifically disgruntled employees.

There are any numbers of different ways that hacking is carried out but one of the most recently developed and most insidious types of attack is ransomware. As the name suggests, the hack itself effectively holds a server or computer network to ransom, insisting that money is paid in order to preserve the integrity of the server.

To further highlight the level of sophistication this type of attack has developed, ransomware developers have even started to set up payment hotlines to expedite ransom payments!

And the challenges don’t just stop there. With increasing user numbers, social media and professional networking sites make it much easier to gain information about the types of scripting and coding platforms used by various financial services institutions.

One such case came to light recently after a Bangladeshi bank worker’s LinkedIn profile revealed that they worked using SEQUEL coding. The subsequent hit on the bank saw them lose GBP80 million as Chinese nationals in a casino in the Philippines monitored the bank’s close of day behaviour to siphon off funds.

There were questions asked about whether it was a good idea to use cloud providers or outsource cyber security.

“It’s important to know where your crown jewels are. There’s not one answer for everything. You may have cloud computing for some aspects of your operation (and have outsourced security for those items) but equally, you want to keep the most critical stuff in-house.” 

That said, outsourcing for some firms in this regard makes sense given the expense of building an in-house team and to develop and constantly update several lines of defence. In that sense, it is cheaper to look for an external provider.

Although, without being able to vet the staff of those firms, there is a trade-off with regards to who is accessing your data and how you can monitor their behaviour.

There were also concerns about response times around hacking and cyber-attacks. 203 days is the average length of time it takes to work out that a company has been hacked and a further 60 days to remediate the situation.


Wealth managers and private banks need to look at ways to protect the most valuable data they possess – client data. By building multiple layers of security, firms stand a better chance of preventing single attacks bringing their business to the ground. If done correctly, security of data and information can become a differentiator