PIMFA has added Mitigo Cybersecurity as a PIMFA Plus partner, offering the trade body’s member firms a cybersecurity solution to help them protect against cyber-attacks and business disruption.
PIMFA raised member firm’s awareness of the threat from cybercrime at its Virtual Festival in June, pointing out that ‘every financial services firm, large or small, is now a target for cyber criminals’.
It also highlighted what it described as a ‘new trend in ransomware attacks’ as ransom demand cases grew threefold in the last 12 months.
Ransomware is a type of malicious software which encrypts a firm’s data so it is impossible for the firm to access any information. Cyber attackers then demand a ransom, promising in return to provide firms with the key to decrypt their own data.
Mitigo has identified stated ransomware attacks as the among the three largest threats to a firm’s operational resilience and data security and studies have already identified a 20% rise in ransomware attacks globally this year (2).
PIMFA added that in the last 12 months a new trend has emerged which has seen criminals steal a copy of firms’ data as a first step, before they then encrypting the firms data. They then seek payment for the decryption key, after which they threaten to publicly release the confidential data they have stolen from a firm, its business dealings and its clients piece by piece, unless a second payment is made.
Automated attacks are capable of finding vulnerabilities in a firm’s technology, poorly trained staff and any inadequate policies or procedures, putting businesses and their clients at risk.
And the newly created National Cyber Security Centre (NCSC), which launched a reporting service during lockdown that allowed people to forward suspicious emails directly to the agency for further investigation, said recently it had received more than 1.8 million reports, which has resulted in over 16,800 malicious websites being blocked or taken down.(4)
Mitigo provides three services that can help keep PIMFA member firms safe from cyber-attacks. These include on-site technology assessments, penetration testing and vulnerability scanning; eLearning, testing and simulated phishing and policies, personalised staff cyber security handbooks and risk management framework. Mitigo also provide a cyber incident emergency response and investigation service, and can assist with reporting obligations to regulators and clients.
The FinTech Origo has also been raising awareness of cybercrime amongst the financial services industry. Managing director Anthony Rafferty (left), said: “Cybercrime poses a threat to all sizes of companies, from the largest assurers and asset managers to smaller financial advice businesses.
“Alongside the news that National Cyber Security Centre (NCSC) received more than 1.8 million reports of suspicious emails during lockdown, the most recent data published by the Information Commissioner’s Office (ICO) has revealed that ‘phishing’ by cybercriminals was the second highest reported incidence of the ‘inappropriate disclosure of data’ by company staff.
“The most common incidence of data breach reported to the ICO, however, was information being emailed to the incorrect recipient.
“Education on cybercrime to help staff spot suspicious emails and activity, is one of the best ways to protect a firm against cybercrime. Key to this is having a well-documented policy, including robust procedures and monitoring of processes.
“Alongside this, implementing secure technology – such as employing military-grade encrypted email which can can help secure against hacking, ensure the right person has accessed the information, and provide an audit trail for security and regulatory purposes – within standard working practices is now becoming essential, particularly when exchanging personal and sensitive information with clients or between organisations.
“We are operating in a world where there are threats to our information on many levels and putting in place preventative measures should be de rigueur for any size of firm within our industry.”