Financial advice industry gets hard word on cyber security
Advisers have been warned of the dangers of cyber attacks that can damage their finances, their clients and their reputations.
Thursday, March 31st 2022, 6:00AM
by Eric Frykberg
Worse, these attacks happen repeatedly from automated systems designed to penetrate a company's software systems and extract a ransom.
The warning came at a webinar organised by Financial Advice New Zealand.
Jan Thornborough, who was formerly a unit manager at the National Cyber Security Centre, which is part of the GCSB says “cyber attack is like a heart attack for your business and open heart surgery is the only way to get back up and running.”
“If it's a ransomware attack, it can take your business completely out of action.”
Putting this right cost time and money in restoring a system and retrieving vital data. There was also a risk of clients' private financial information ending up on the dark web.
“It's not just big firms that are being attacked, most of these attacks are automated and random...and when they steal people's personal information they tend to try to rack up bank loans or run up debt.
”I know of organisations that have had attackers in their system for 18 months or two years and they are still not confident that they have got them out.”
This was a growing problem: a state watchdog had recorded 8,831 reports of cyber-attack last year, which was a 13% increase.
But this referred only to those cases that were reported, and really only scratched the surface.
Thornborough said hacked data was often on-sold, and even if a ransom was paid by the hacked company, a copy of the material was usually kept so it could be used again later.
The people who did this differed from other criminals in that they were often nine-to-fivers, who turned up in the office each morning to do a day's hard work trying to hack data.
This created a busy market, with stolen data being sold by a hacker to other organisations who would use it for blackmail.
In some cases, stolen passwords were on-sold in lots of 1000. And ransomware attacks sometimes produced a demand for 30% of a company's profits. A successful phishing operation could earn an attacker between $100 and $1000 each time.
Thornborough said prevention was better than cure, and companies had to take constant care to protect their systems.
And she gave some examples of how long it takes for hackers to “brute force” a password.
She said a simple password of four numbers could be broken instantly. Other, more complex passwords could take hours or even weeks to be cracked.
The best example she gave was a password 15 characters long. If this was made up of numbers, symbols and letters in both upper and lower case, the time required to crack it would be 15 billion years!
Thornborough said paying attention to these facts made good sense.
“Cyber attacks are a lot more common that physical attacks on your property, and the attackers often get away with them because they are in and out without people even being aware of it.
“The victims are left picking up the pieces for a very long time.”
« Two financial planning groups merge | Tough times ahead for NZ economy: Nikko economist » |
Special Offers
Comments from our readers
No comments yet
Sign In to add your comment
Printable version | Email to a friend |