One of the earliest financial malware incidents was the Aids Trojan, or PC Cyborg virus, in 1989.
Distributed via floppy disks, it encrypted file names on infected computers and demanded a $189 ransom to a PO box in Panama for decryption. Although not highly sophisticated, it foreshadowed the rise of ransomware.
Today, the cybersecurity landscape has evolved, marked by growing complexity and uncertainty.
A recent incident at Bunq, a Dutch online bank, illustrates this change. An employee received a deepfake video conference invite from the chief executive, requesting a significant money transfer. While this sophisticated cyber attack failed due to human acuity and proper training, a similar incident cost a different firm a lofty $25.6mn.
These cases highlight the rising threat of advanced technologies like deepfakes, making it increasingly challenging for financial advisers and their firms to distinguish fact from fiction.
Market buzz overcrowds more humdrum reality
Financial advisers will hear much about advanced attacks driven by artificial intelligence and see a lot of hype about AI-driven cyber security solutions in the market. However, the reality is more straightforward when it comes to what attacks financial advisers are targeted by.
Our data shows that external cyber attacks in the financial industry in 2024 come from threats we are already familiar with. The old cyber security classics of phishing, exploiting known security weaknesses and supply chain security issues still make up the bulk of attacks.
In 2024, software supply chain breaches were the most prevalent, affecting 35 per cent of organisations. These breaches are particularly dangerous because they can affect a large number of users and organisations simultaneously.
Since the compromised software is often trusted and widely used, the breach can go undetected for a long time. The financial industry is a high-value target due to its vast sensitive customer data. Attackers often find easy entry by infiltrating software vendors within the complex financial ecosystem.
For example, a recent breach at Santander, a Spanish multinational bank, exposed personal data of 30mn customers and employees through a third-party database.
Incidents like this prompt strict regulations, such as those from the Bank of England and Dora (the Digital Operational Resilience Act), which emphasise concentration risk and third-party dependencies.
Around 30 per cent of organisations we surveyed found that exploitation of existing software weaknesses was very close by on the list for financial advisers and their firms to watch out for.
Strategic web compromises surged to 27 per cent, also known as watering hole attacks. These occur when attackers compromise a frequently visited website, causing visitors to unknowingly download malware or be redirected to malicious sites.
A recent example (2023) is debt collection agency NCB, affecting 1.1mn individuals. Visitors to the compromised site were unaware their data was at risk. NBC was informed of the breach three days later, leading to a class-actions lawsuit. The breach aimed not just to extract data but also exploit it.
