Cyber Attacks–How Secure Are We?
Global hacker trends and tips for keeping your business safe from cybercrime are covered by a security expert and Thematics portfolio manager.
In a recent webinar, Frédéric Dupraz, co-portfolio manager of the Thematics Safety strategy, spoke with former US FBI special agent and cybersecurity expert Jeff Lanza about cybercrime threats facing financial firms, investors, and everyday citizens.
Lanza spent more than 20 years at the FBI investigating cybercrime, organized crime, human trafficking, and terrorism. He is the author of numerous books including Cybercrime: How to Stay Safe from Online Fraud and Identity Theft. In this conversation, Lanza shares his thoughts on the current and future state of cybercrime and the importance of staying vigilant, and offers tips for how to safeguard your information and avoid being targeted. Here are some highlights:
Q: Cybercrime seems to hurt all of us. What might the future of cybercrimes look like?
Cybercrime can range from nation states to governmental military organizations to someone hacking on a small island in the middle of the Atlantic Ocean. Unfortunately, a lot of cybercriminals are out of the FBI’s reach. Because they are not within the jurisdiction of law enforcement agencies around the world, these criminals are not going to be extradited to the United States to face charges and there are no consequences or deterrents. So the crimes continue.
As for the future, I think ransomware is the next variation of cybercrime as criminals try to mutate around our defenses. They are holding companies’ files hostage and, in some cases, exfiltrating those files and holding them for ransom until money is paid. I think we may even see cybercrime protection as a service offered by criminals – meaning, you pay us money and we’ll make sure you don’t get hacked.
Q: If my data is accessible online, am I compromised or not?
Q: How has the Covid-19 pandemic impacted the digital world and network security?
I think an important component of securing us during these pandemic times is a lot of good education and telling people how important it is to avoid links in emails from unknown or suspicious senders.
Q: It seems like the financial industry is highly proactive in cybersecurity. But is it exposed to more risk?
The cybercriminals had all the credentials they needed to do the transfer. But it would have been a billion-dollar transfer if one of the criminals hadn’t spelled a word wrong in one of the transfer requests. Someone at the Fed saw the misspelled word and stopped all further wire transfers until they got it figured out.
So this type of crime can occur on a big level, but can also occur in financial advisors’ accounts, because email accounts are being hijacked by cybercriminals. They simply change the beneficiaries, routing number, and account number to their bank account. Even if a financial advisor were to call and verify the wire transfer, they may not verify the specific instructions and then the money goes to the criminal’s account. So the rule is, always verify wire transfers by phone and the specific instructions regarding those transfers.
Q: Banks have improved online authentication, so is it more difficult today to hack into bank accounts?
But then the criminals mutated and changed their ways and started committing “business email compromise.” This is when they hijack email accounts or set up domain names that look like the company’s name – only there is an extra letter in the name, or they switch letters around, and people don’t notice. A lot of money has been lost this way. That’s why having alerts on your bank accounts is really important, so you’re notified when money moves.
Q: What is your recommendation on handling a ransomware situation?
Jeff Lanza is not an employee or associated person of Natixis Investment Managers and is independently responsible for the information provided as well as for any expressed views or opinions on any topic. Views and opinions are not those of Natixis Investment Managers and should not be relied upon as advice.
THEMATICS ASSET MANAGEMENT – An affiliate of Natixis Investment Managers. A French SAS (Société par Actions Simplifiée) with a share capital of €150 000. RCS Paris: 843 939 992. Regulated by the AMF (Autorité des Marchés Financiers), under no GP 19000027. 43, avenue Pierre Mendès France, 75013 Paris, France.