Experts urge financial advisors remain on alert for possible Russian cyberattack

How to find the best cybersecurity insurance plan for your RIA

no known major, successful cyberattacks have disrupted the U.S. 金融体系 since the conflict between Russia and Ukraine began, U.S. authorities and cybersecurity experts are warning American businesses, 包括独立咨询公司, 保持警惕.

上个月底, the White House warned that Russia could be planning to launch cybersecurity attacks in response to U.S. 对俄制裁. 虽然没有具体的威胁迫在眉睫, there is “evolving intelligence” that Russia is “exploring options for potential cyberattacks,” 根据乔·拜登总统的声明.

而 infrastructure companies such as energy suppliers are most at threat, cybersecurity experts warn that financial services companies also have targets on their backs. 总统的声明是 由FINRA共享, which urged brokerages to implement best practices to strengthen cybersecurity defenses.

即使是很小的, 独立咨询公司, which can still have access to millions of dollars in assets as well as clients’ sensitive personal information, 需要做好准备.

“All financial firms are currently on heightened alert,Carlos Legaspy说, Insight Securities的总裁兼首席执行官. “The 金融体系 is part of that critical infrastructure. Extra vigilance is being placed on ransomware attacks because the goal by Russian agents would be to cripple, 不一定要偷, 客户的身份.”

钓鱼式攻击, 恶意行为者在哪里使用社会工程, 比如一封欺骗的电子邮件, to trick a victim into giving up their credentials, have particularly been on the rise in recent weeks, 莱恩·菲克尔说, chief technology officer and chief information security officer at AE 财富管理.

“Financial services firms should take this opportunity to be proactive in a number of areas to prevent these exploits,菲克尔说. “For smaller firms who do not have dedicated internal infrastructure and security resources, a qualified services provider should be hired to ensure all devices and software are patched, and proper security controls are in place and actively monitored.”

Educating and training staff remains one of the most cost-effective methods of preventing attacks, Fickel说. But one thing every firm should do is implement multifactor authentication wherever possible, 他说. MFA requires verifying credentials with two mechanisms (such as receiving a code texted to your phone after you input your password), which can make systems much harder for malicious actors to access.

然而, even basic cybersecurity practices are still not being followed by many firms, 大卫·墨菲说, a former consultant for the National Security Agency’s computer network operations team and manager of cybersecurity at consultancy firm Schneider Downs. “Password weakness continues to be a significant problem, and the second thing is general [software] patching … Some things aren’t automatic updates. You have to manually go through and update systems.”

This is the first time the intelligence community has mentioned a specific increased threat from Russia to the general public, 他补充说. 即使俄罗斯不发起攻击, it's important for firms to keep up their awareness and comply with evolving SEC standards regarding cybersecurity reporting. 

“即使在乌克兰冲突结束之后, 我认为它只会随着时间的推移而增加,墨菲说.

For reprint and licensing requests for this article, 点击这里.
技术 网络攻击 网络安全