The online attack on Sony Pictures Entertainment in the fall that federal authorities linked to the North Korean government raised alarm bells about the hacking threat posed by foreign governments. But brokerage firms based in the United States remain most concerned about an attack carried out by a loose band of hackers or employees with a grudge.
A report released on Tuesday by the Financial Industry Regulatory Authority, the industry’s self-monitoring organization, said a study of about 20 brokerage firms found the threat of an online intrusion by a nation or a terrorist group ranked near the bottom of the industry’s concerns.
Worries about state-sponsored breaches were highest at big investment banks. But few of the largest firms questioned by Finra put such attacks at the top of their list.
All the firms said they had little concern about a hacking carried out by a competitor.
The results of the study were included in a Finra report that focused on best practices that brokerage firms should enact to prevent serious attacks that can compromise a customer’s personal and financial information. The organization conducted the survey last year to better understand what brokerage firms, both large and small, are doing to guard against a serious breach.
In another sign of just how important the threat of an intrusion has become for the financial services industry, the Securities and Exchange Commission issued its own report on Tuesday that examined how prepared Wall Street investment banks and brokerage firms were to repel hackers bent on gaining access to their digital networks. That examination of more than 100 registered firms found that the overwhelming majority “have been the subject of a cyber-related incident.”
The most common attacks involved hackers introducing malware into a firm’s network or the use of fraudulent emails seeking to persuade brokers to improperly transfer a client’s money.
The Finra report recommended that all brokerage firms assess their security as well as review the safeguards put in place by their vendors. These reviews should focus on things like data encryption, the number of employees who have access to a network, the frequency of software patches and updates, the security of data storage facilities, and measures taken to secure wireless and mobile systems.
The report said about 80 percent of firms questioned already conducted some form of periodic security self-assessment. But the regulatory agency said it was “concerned that the remaining firms either had no program in place or were in the nascent stages of establishing a program.”
The report does not identify the firms that Finra examined. From time to time, the agency conducts so-called sweep investigations, or studies of a select group of brokerage firms that are supposed to represent a cross-section of the large and small firms that it oversees.
Finra also recommended that brokerage firms institute strict measures to restrict who at a firm can gain access to sensitive systems and data. The report also suggested that firms establish a plan for quickly terminating employees’ and vendors’ ability to gain access to a particular system when it was no longer relevant to their job.
Better safeguards about employee and vendor access to a firm’s network are one way to prevent an attack by a company insider.
Morgan Stanley recently was the victim of an insider threat when it discovered in December that a broker had stolen account information on more than 300,000 of its wealth management customers and tried to sell the data on the Internet. The firm quickly fired the broker after learning of the matter, and federal authorities are now investigating.