Phishing attacks biggest cybersecurity threat

25 May 2021
| By Chris Dastoor |
image
image
expand image

Business email compromise (BEC), otherwise known as “phishing” attacks, is the most common and most serious cybersecurity issue for superannuation funds, according to a whitepaper from financial services technology provider SS&C Technologies. 

“The most valuable commodity on the dark web is sensitive, confidential client data, what security experts call personally identifiable information or PII,” the whitepaper said. 

“In the PwC 2018 Global State of Information Security survey for Mainland China and Hong Kong, customer records were the most commonly acknowledged target of security infractions.  

“Superannuation funds also hold valuable trade secrets, such as proprietary research or trading algorithms, which could cause serious financial and reputational damage if compromised. 

“And of course, there are the fund assets themselves – sophisticated thieves are not merely after data, but are employing nefarious means to steal money from funds, the financial gain is among the top motivators for a cyber-attack. 

“Apart from these direct risks, Superannuation funds also face regulatory pressure to make sure they have security controls and incident response plans in place.” 

The whitepaper said in early 2019, an email began circulating among fund firms that appeared to be from a legitimate researcher. 

“It referred to rumours that the European Securities and Market Authority was considering suspending short selling under Brexit, and offered a briefing document on the topic,” the whitepaper said. 

“When recipients clicked on the link to obtain the briefing, they were greeted with a blank page, raising suspicions that the email was planting malware in the firms’ systems. 

“Those fears were exacerbated when the purported attacker boasted about having compromised several firms in an online forum, and threatened more.” 

Anthony Caiafa, SS&C chief technology officer, said the company had invested heavily in security measures. 

“Including the deployment of a global Security Information and Event Management (SIEM) system to gather threat intelligence from a variety of sources and correlate it with our systems internally to ensure we have a secured environment,” Caiafa said. 

“We have also partnered with an industry leading provider of email protection solutions to flag and block suspicious emails and spam. 

“Whether this “phishing” attempt was an actual cyber-attack or an elaborate hoax, as some suspect, it nonetheless underscored the vulnerability of funds to cyber threats.” 

Read more about:

AUTHOR

Recommended for you

sub-bgsidebar subscription

Never miss the latest developments in Super Review! Anytime, Anywhere!

Grant Banner

From my perspective, 40- 50% of people are likely going to be deeply unhappy about how long they actually live. ...

10 months 2 weeks ago
Kevin Gorman

Super director remuneration ...

10 months 3 weeks ago
Anthony Asher

No doubt true, but most of it is still because over 45’s have been upgrading their houses with 30 year mortgages. Money ...

10 months 3 weeks ago

The fund’s inaugural chief retirement officer is looking to establish a new venture. ...

3 hours ago

The sovereign wealth fund remains cautious of the impact of high inflation as it announces a strong return in its latest update....

22 hours ago

In this latest edition, Anna Shelley, CIO at AMP, shares the fund’s approach to current market conditions and where it continues to uncover key opportunities....

23 hours ago