Raj Goel of New York’s Brainlink presented at world-leading financial consulting firm UBS on June 21st, providing key insight into cyber security concerns for members of the financial industry. His talk, “What Should CPAs, Wealth Managers, and Attorneys Know About CyberSecurity?” examined the latest developments in personal and business technology, and how poor practices, sub-par programming and more have made the user vulnerable.
Raj began by talking about the “Internet of Things” (IoT); that is, the interconnection via the Internet of computing devices embedded in everyday objects, enabling them to send and receive data.
“We think of toys, we think of cameras, we think of smart TVs – what about pacemakers, insulin pumps, cars?” said Raj. “You could argue that the Internet of Things is all of us because we all have one of these things (referring to a smartphone), and this is always on.”
It’s not going to stop anytime soon either. As the IoT and “smart” technology is applied to everything from fridges to children’s toys to cars and more, it just adds more potential targets to the list for hackers.
Raj then noted the most significant misconception in cybersecurity today, that one can be “too small” to be noticed by cyber criminals. In fact, nearly every member operating in the financial industry, whether they’re a wealth manager, CPA or attorney, is working with someone in the one percent. That makes people like them a target.
“Financially speaking we are in the .01%, which means we are the targets for 99.9% of humanity,” said Raj.
Raj then noted Wanna Cry — “It did a good job of ruining our weekend” — which struck on the evening of May 11th, encrypting the data of thousands of businesses in the UK (including the entirety of the National Health Service) and holding them to ransom. By the end of that weekend, Wanna Cry had infected thousands of networks in over 197 countries around the world.
That’s not the end of it though – whereas Wanna Cry was stopped by a chance when a 19-year-old UK resident analyzed it, Wanna Cry 2.0 is on the way, and it won’t have the weaknesses that the first did.
“This is our future,” said Raj. “The ‘Internet of Ransomware Things’. Your toaster will charge you bitcoins to toast your bread, your fridge will charge you a bitcoin to give you milk, your coffee maker will charge you bitcoins to make your coffee”.
Raj explained that this is likely because of how obsessed we are with getting the latest gadgets. Many of us are early adopters, but at the same time, there is no legal incentive for any manufacturer in the world to build a secure product. Whereas there are laws prohibiting someone from selling a shoddy car or dangerous food, it’s not the same when it comes to hardware and software.
“Right now there are only two industries in America with no consumer protections,” said Raj. “Illegal drugs and software, and I would argue that illegal drugs have better quality – they don’t want to kill their customers. The software guys have no such shame.”
Case in point: “smart” medical technology. Insulin pumps and pacemakers are extremely vulnerable to hacking because the manufacturers have no incentive to worry about it. The point of this technology is to keep the patient alive, not to stop cyber criminals, which makes them very easy to compromise.
Raj then moved on to examine key case studies in modern cybercrime, such as Patco Construction Inc., a Maine-based firm that was infected with a custom-built Zeus Trojan virus and subsequently robbed of nearly $600,000. Eventually, their bank recovered $243,000 but Patco was left with a $345,000 tab and had to deal with three years of lawsuits before the case settled.
As Raj explained, that’s why double — and even triple — verification is so important. By configuring that line of defense with your bank, you can ensure that what happened to Patco doesn’t happen to you.
Regardless, the list goes on and on and on. From faulty software to corporate negligence to human error and disgruntled ex-employees, there’s no end of examples of how cybercrime has and will continue to penetrate every aspect of the modern financial world.
So what can be done about it? Raj provided key recommendations to help users stay safe in this booming cybercrime era:
- Enable Two-Factor Authentication: Most organizations and services these days offer a secondary step for verification to ensure that hackers would need more than just your password to gain access to your accounts. While the methods may vary, a popular form of two-factor verification today is to have a confirmation code sent to your mobile device that you then use your password to log in. While it may take more time, it only adds to the security of your information.
- Use a Password Manager: Don’t try to manually manage the hundreds of passwords your organization uses. Password managers are cheap, will reduce your stress, and help with third-party vendors that aren’t as secure as they should be.
- Keep an Eye On Your Finances: Get your bank and wealth managers to provide daily updates via email and SMS so that you always know where you stand, and can act as soon as something odd happens.
- Upgrade Your IT: Keep in mind that if your IT is over 3-years-old, it’s definitely vulnerable to more modern hacking methods.
- Insure Your Business: Keep in mind that a lot of cyber insurance these days isn’t really worthwhile as it’s too new to an industry. Be picky, do your research, and find the right one.
- Educate Your Team: The more awareness the better, both in terms of limiting human error on your end and in stopping your staff members from unwittingly helping a hacker get what they want.