Are Advisors’ Cyberdefenses Strong Enough? Dalbar-ThinkAdvisor Survey Seeks Answers
At least 12 major cybersecurity breaches affecting hundreds of millions of people took place in 2017. These major breaches were largely caused by hackers getting through inadequate or relaxed technical barriers.
The credit agency Equifax breach, finally made public in September, months after it happened, involved 143 million people, whose private data — from Social Security information to driver license numbers — were stolen.
In December, Alteryx, a data analytics firm that had purchased data from Experian — another large credit-reporting agency — exposed the data of some 120 million American households.
Today, experts estimate that personal information for more than half the adults in America already is in the hands of cyberfelons. What can be done by broker-dealers and other financial-services companies?
“Authentication is now the primary defense, since the felons have already stolen the data,” said Lou Harvey, CEO of Dalbar, an independent financial-services market research firm, in an interview with ThinkAdvisor.
The speed at which cybercriminals launch attacks means the industry has no choice but to be more vigilant in protecting the precious information it keeps for its investors, so it can give more peace of mind to advisors and their clients.
The public already sees cybercrime as a major threat. Research by Bitdefender, a cybersecurity technology provider based in Bucharest, Romania, finds U.S. citizens are more concerned about stolen identities (79%) than email hacking (70%) or home break-ins (63%).
One major problem for the financial-services industry is that authentication methods are “severely outdated,” according to Harvey. “Many institutions have not yet recognized that cyberfelons already have the data to beat these practices. Millions of clients’ assets are at risk.”
To determine the state of current authentication practices today, Dalbar, a Boston-based research firm; ThinkAdvisor; and 15 major financial-services firms are working together to study and locate the real threats in cybersecurity authentication and then will “create a roadmap to improving protection,” Harvey says.
By surveying broker-dealers, RIAs, mutual fund and insurance companies, and retirement plan providers on current practices, this confidential study will gauge current authentication methods and hence shape ways to improve them.
Findings will be shared with participants, so they can “be made aware of the state of readiness and can compare their own practices to that of the industry,” explains Harvey.
“Advisors also can use the survey questions in an RFP to select product and survey providers. This might be particularly useful in the retirement area,” Harvey said.
Today’s authentication practices largely rely on the of use private data, such as passwords, PINs and Social Security numbers — information that cyberfelons already possess.
Companies also have moved toward two-factor or multi-factor authentication, which include both a password and security questions. There also are different levels of access with certain data, Tier 1 being non-personal data, such as bank balances, and Tier 2 being transactional and/or related to changes in the profile of account-holders.
More recently biometrics, such as fingerprint, facial and voice recognition, are being used by financial firms after such practices took off on smartphones.
Still, criminals also are breaking through these protections.
“The threat [has changed] from the inconvenience of data loss to the economic impact of the loss of personal wealth,” Harvey said.
“The ability of felons to pass through traditional authentication practices with the data they have requires a total re-think of how authentication is done,” he explained.
The Dalbar-ThinkAdvisor survey is an important step in this much-needed process.
It will be followed by a private forum in which institutions can discuss the details of their practices and other plans that are underway, Harvey adds.