Financial services industry under attack by cyber criminals - expert

The financial services industry is under attack by cyber criminals because it has information that is of great value to hackers.

This was the warning sent out by Tebogo Legodi, digital lead at Sanlam Employee Benefits, at the Sanlam Benchmark 2019 event hosted on the Spier Estate near Stellenbosch on Monday.

'Skilled and ruthless'

"Cyber hackers are professionals. They probably have their own ‘benchmark symposiums’ too.

"They are skilled and ruthless and some are probably even sponsored by states," she told delegates.

"Information security is no longer a nice-to-have. It is also required by the Protection of Personal Information Act and there could be fines of up to R10m or imprisonment of up to 10 years for missing some of the required components."

She further noted that the King IV Report for Corporate Governance addressed IT governance in detail for the first time.

"If you do not already have an information governance framework, you are already at a threat," said Legodi.

"According to the Allianz Risk Barometer for 2019, those surveyed named the cyber security as the most feared threat as far as business interruption is concerned."

She said financial services entities are beginning to realise the value of the data they have and that they are under attack by a new generation of criminals. According to research by IBM, there are about 17 billion cyber-attack incidents daily, and the most attacked industry is financial services, because of the data they have.

The third most attacked sector seemed to be consultants, as they also have a lot of information in their systems, making them "vulnerable and lucrative" for cyber criminals.

Research by Refinity shows that the typical cost of a cyber-breach for a business is about $4m, and the total cost of cyber-attacks in the world each year is estimated to be about $600bn - more than the cost of natural disasters.

Legodi said cyber criminals can sell the data they hack back to a company or can exploit it further by selling it to a third party with the ultimate aim being identity theft. "Poor internal security practices can enable phishing, social engineering by studying your social profile and weak passwords to wreak havoc," cautioned Legodi.

Key enablers for cyber resilience are aware people, a culture of being cyber savvy, training to combat cyber risk, and a structure which enables cyber security.

"Data loss can occur anywhere. It is not just an administrator’s problem. We need a collective effort in the financial services industry for cyber security resilience," said Legodi.

"Cyber risk cannot be ignored. We must also be mindful that the degree of cyber resilience can vary among fund managers. We must make cyber security as part of the culture in our industry."

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24
Brent Crude
All Share
Top 40
Financial 15
Industrial 25
Resource 10
All JSE data delayed by at least 15 minutes morningstar logo
Company Snapshot
Voting Booth
Please select an option Oops! Something went wrong, please try again later.
Yes, and I've gotten it.
24% - 93 votes
No, I did not.
51% - 197 votes
My landlord refused
25% - 97 votes