Recent cyber attacks are just the tip of the iceberg for Canadian Wealth Management Firms

Cyber-attack capabilities exist to crash a car, disable a home security system, shut down a hospital or make an industrial control system explode. This said, one of cybercriminals best earners are Financial Services companies. The industry is taking steps to sharpen their response but it’s still playing catch up against very sophisticated adversaries.

In a year already marred by natural and health crises, cyber security failures remain a critical threat in Canada. The increased reporting of cyber incidents among Canadian companies was noticeable even before the COVID-19 crisis hit.

Wealth management firms present an attractive target for cyber-criminal groups looking to make an easy buck. The media focusses on the big companies that have fallen victim to cyber attacks (e.g. Desjardins, BMO, and Simplifi). This is just the tip of the iceberg; it’s the small guys that get hit the most.

Kuntie Kunan-Wright, Vice President, BFL Risk and Insurance Services said, "the frequent stories on successful cyber attacks in the media has led to a changing mindset amongst many small to medium-sized Financial Advisory firms. They are increasingly receptive to their risk advisors and insurance brokers in viewing cyber insurance as a necessary complimentary risk management tool in their fight against falling victim to a cyberattack."

Many advisors working from home present easy pickings for hackers.

The work-from-home phenomenon has made advisors and thousands of other professionals more vulnerable. The rapid uptake of often unfamiliar technologies such as video conferencing software and VPNs has left workforces exposed. When an entire workforce is remotely accessing your network, it’s harder to spot an attacker.

Cyber criminals have been successfully exploiting the pandemic and there’s been a noticeable rise in COVID-19-related phishing scams. Attackers take advantage of people’s anxieties, tricking them into clicking on malicious links, delivered under the guise of urgent health updates or government support.

What does the new normal look like?

The genie can’t be put back into the bottle. We expect that as we emerge from the pandemic, financial advisors and their clients will continue to spend more time working from home. Both Financial Advisors and their clients need to be aware of hackers’ capabilities to reconfigure home routers, intercept internet traffic and inject malware capable of stealing passwords and their confidential data.

At BOXX, we expect that the rise in the number of employees and clients using their own devices (BYOD) will also lead to the spillage of confidential files across home networks and personal devices, making it extremely difficult for firms to control sensitive information. One prevalent "kill chain" technique involves the compromise of weak remote access channels and the deployment of ransomware. This can shut down the entire firm’s operations while incident responders desperately try to restore systems, identify the source and prevent future intrusions. More sophisticated and destructive attacks involve the compromise of user computers and exfiltration or manipulation of confidential data.

How is the Wealth management industry responding?

Kunan-Wright says, “Conversations with clients have progressed from an introductory stage to discussing the specific cyber and data  risks and how insurance can respond, what they can learn from recent security events and how they can build a more cyber-resilient business to secure them, their advisors and their clients."

This risk that a single internet-enabled device could result in crippling financial consequences is too big to ignore. In these uncertain times, strong cyber security practices are more important than ever.


For more information, please feel free to contact the following members of the BOXX team:

Vishal Kundi:

Michelle Diniz:

Chris Masaki:

Mike Senechal: