Financial services industry under attack by cyber criminals - expert


The financial services industry is under attack by cyber criminals because it has information that is of great value to hackers.

This was the warning sent out by Tebogo Legodi, digital lead at Sanlam Employee Benefits, at the Sanlam Benchmark 2019 event hosted on the Spier Estate near Stellenbosch on Monday.

'Skilled and ruthless'

"Cyber hackers are professionals. They probably have their own ‘benchmark symposiums’ too.

"They are skilled and ruthless and some are probably even sponsored by states," she told delegates.

"Information security is no longer a nice-to-have. It is also required by the Protection of Personal Information Act and there could be fines of up to R10m or imprisonment of up to 10 years for missing some of the required components."

She further noted that the King IV Report for Corporate Governance addressed IT governance in detail for the first time.

"If you do not already have an information governance framework, you are already at a threat," said Legodi.

"According to the Allianz Risk Barometer for 2019, those surveyed named the cyber security as the most feared threat as far as business interruption is concerned."

She said financial services entities are beginning to realise the value of the data they have and that they are under attack by a new generation of criminals. According to research by IBM, there are about 17 billion cyber-attack incidents daily, and the most attacked industry is financial services, because of the data they have.

The third most attacked sector seemed to be consultants, as they also have a lot of information in their systems, making them "vulnerable and lucrative" for cyber criminals.

Research by Refinity shows that the typical cost of a cyber-breach for a business is about $4m, and the total cost of cyber-attacks in the world each year is estimated to be about $600bn - more than the cost of natural disasters.

Legodi said cyber criminals can sell the data they hack back to a company or can exploit it further by selling it to a third party with the ultimate aim being identity theft. "Poor internal security practices can enable phishing, social engineering by studying your social profile and weak passwords to wreak havoc," cautioned Legodi.

Key enablers for cyber resilience are aware people, a culture of being cyber savvy, training to combat cyber risk, and a structure which enables cyber security.

"Data loss can occur anywhere. It is not just an administrator’s problem. We need a collective effort in the financial services industry for cyber security resilience," said Legodi.

"Cyber risk cannot be ignored. We must also be mindful that the degree of cyber resilience can vary among fund managers. We must make cyber security as part of the culture in our industry."

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24
Rand - Dollar
Rand - Pound
Rand - Euro
Rand - Aus dollar
Rand - Yen
Brent Crude
Top 40
All Share
Resource 10
Industrial 25
Financial 15
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Voting Booth
What potential restrictions on unvaccinated South Africans may make the biggest difference to public health, the economy?
Please select an option Oops! Something went wrong, please try again later.
Limited access to restaurants and bars
10% - 38 votes
Limited access to shopping centres
17% - 66 votes
Limited access to live events, including sport matches and festivals
28% - 110 votes
Workplace vaccine mandates
46% - 179 votes