US warns wealth managers against Russian cyberattacks

The fallout from Russia’s invasion of Ukraine is hitting the US consulting industry as government agencies last week warned wealth managers to protect themselves and their clients from increasing attacks.

US officials have already blamed Russia for at least two rounds of attacks on Ukrainian websites in February – the largest in the country’s history – and alerted US financial institutions to be on the lookout. watch for increased cyber activity.

The Department of Homeland Security (DHS) has set up a page specifically warning of cyberattacks emanating from Russia, and the Securities and Exchange Commission (SEC) and Financial Industry Regulatory Authority Inc. (Finra) has echoed these concerns in public notices.

“While there is currently no specific credible threat to the American homeland, we are aware of the possibility that the Russian government may consider escalating its destabilizing actions in a way that could impact many others outside of Ukraine,” the DHS Infrastructure and Cybersecurity Agency said. said in the letter.

The advisory “recommends that all organizations – regardless of size – adopt an enhanced cybersecurity posture and the protection of their most critical assets”, and proposes specific actions that can reduce vulnerabilities and improve preparedness, found here.


While ensuring cybersecurity obligations are met, Finra also reminded advisers to be vigilant about new sanctions the US government has imposed on Russia, which could complicate compliance issues.

The notice highlighted five major Russian financial institutions, as well as “Russian elites close to Russian President Vladimir Putin,” who are now the target of the Treasury’s Office of Foreign Assets Control following a White House executive order.

Wealth managers make attractive targets for foreign hackers due to publicly available records of assets under management, which hackers could potentially interpret as an ability to pay a large ransom. Wealth managers also hold some of the most sensitive customer data directly linked to financial information – a potential goldmine for cybercriminals.

“Most hackers are highly skilled computer scientists and unfamiliar with economic or financial systems,” said John O’Connell, chief executive and founder of cybersecurity consultancy The Oasis Group.

“When a hacker looks at even a medium-sized company with billions in assets, they’re going to think that company is making a ton of money.”

A growing problem

Ransomware attacks – a type of attack in which cybercriminals gain access to files and keep them until a ransom is paid – are on the rise. Attacks in the United States quadrupled in 2020, with three-quarters of victims being small businesses, according to DHS.

The cybersecurity industry has seen renewed interest from investors following the Russian invasion of Ukraine, which has organizations get ready for possible cyberattacks. Shares of cybersecurity software companies rose this week, according to Bloombergwith analysts expecting increased spending on security-related services as companies and businesses prepare for war.

“Clients are now asking advisors, ‘How do you protect my money, information and wealth?'” said Michael Hallett, chief executive of cybersecurity provider CleverDome.

“We’re in a digital war zone,” Hallett said. “Mobile applications are almost always connected to the Internet. It is inherently insecure.

Ransomware attacks, however, can take weeks or months to unfold; potential hackers from foreign countries could probably strike much faster.

“The most concerning options are destructive attacks like the ones you see in Ukraine,” said O’Connell of the Oasis group.

Destructive malware, for example, can enter a computer and randomly delete information or overwrite hard drives to effectively shut down the system, and it can do so within hours. These attacks have the potential to wipe out all of a customer’s information and documentation in an account, such as personal financial data, signed approval documents, performance reports and more.

“Imagine they go into your customer accounts and start randomly deleting files,” O’Connell said. “The good Lord himself could not recover this data.”

There is also a huge risk of reputational damage to a company that gets hacked, especially if personal information is copied by hackers, deleted from company servers, and then made public.

“For a wealth management firm, that would be debilitating, and that’s probably an understatement,” O’Connell added.

For more information on North American Financial Planning, please click

Dolores W. Simon