Just like the financial markets, digital threats are hard to predict. However, with the right insights, experience, and strategy, managed funds firms protect themselves and grow alongside their client portfolios. Successful fund managers capitalize on new opportunities. Meanwhile, cybercriminals develop paradigm-shifting hacks and exploits, catching financial institutions off guard.
Successful funds experts explore their evolving threat landscapes, anticipating the next attack before it strikes against their firm’s reputation.
How cyberattacks infiltrate your organization’s defences
Managing a fund takes time and dedication. The bigger the portfolio, the more focus it pulls. Managed funds companies typically prioritize fund management rather than sharpening the barbed wire on their digital defences. However, this focus creates vulnerabilities across the industry, leaving lucrative gaps for scammers to exploit.
Recent research shows that, in 66% of financial services companies, every employee can access thousands of confidential files and documents. In the industry, cyberattack response times average over 200 days, with remediation periods extending to almost a year. High profile-hacks, data breaches, and compliance fines point to serious vulnerabilities across the sector. When firms let their defences fall into disrepair, they suffer. When they fail to update their authentication and internal access, when they lack threat intelligence, and when they lack remediation tools, they invite attacks and spook investors. Lack of awareness also deepens existing risks, so threat research offers a great place to start.
How digital impersonations impact fund managers and their reputations
The finance industry relies on trust. Professional fund managers spend years cultivating reputations for strong fund performance and sensible asset allocation, creating a loyal client base. Scammers exploit this loyalty, impersonating professionals and their firms to trick targets across the internet.
Funds companies use social media to connect with their clients, educate investors, and make valuable new connections. When impostors steal your names, images, logos, and brand voice, they compromise those relationships, and jeopardize the outlet altogether.
Similarly, cybercriminals register domain names that look like your firm or your services to setup fake websites. When your hard-earned clients inadvertently open these pages, scammers extract login details, card information, and access to their portfolios. These breaches wreak havoc on investors and fund managers alike, whether the cybercriminal uses these data directly, or sells it on the dark web.
Of course, scammers direct their attacks toward investors and finance clients themselves, as well as fund management organizations. Consumer-side attacks bankrupt investors new and old, wreaking havoc on lives and livelihoods and undermining trust in the industry as a whole. For example, an attack style known as pig butchering combines tactics from relationship scams and investment scams to win trust and “coach” targets into investing more and more funds. The name “pig butchering”, or Sha Zhu Pan, references the “fattening up” process as scammers groom their targets to increase their portfolios before disappearing without a trace.
Beyond the money, scammers steal financier reputations. Their tactics evolve as fast as the markets, so well-managed funds firms stay ahead of any developments.
Evolving trends in phishing attacks
We’ve been using the term ‘phishing’ since 1995, so most industry professionals feel like they know what to expect from these communication scams. However, decades down the line, phishers wield cutting-edge technology and deceptive tactics powerful enough to steal millions every year. Their attacks increasingly harness the AI revolution, using machine learning boost email frequency and believability.
Fund managers and c-suite executives present high-value targets for cybercriminals, who launch focussed campaigns known as spear-phishing attacks to compromise businesses over email and other channels. For example, hackers recently deepfaked the voice of a company director to scam a bank manager out of $35 million for a fraudulent company acquisition. Despite the manager’s experience, the hackers bypassed security checks and convinced their target, bolstering their attack with deceptive emails and invoices. The use of voice phishing (vishing) and other AI-enhanced scams pose serious threats to managed funds firms, and each successful attack triggers dire consequences for reputation and compliance.
Compliance fines and reputational damage
Cybercriminals often seek to compromise a company’s whole infrastructure, siphoning resources and breaching vital databases. Large-scale phishing attacks draw plenty of media attention, and customer data breaches draw attention from regulators too. EU Data Protection Authorities (DPAs) and the European Securities and Markets Authority (ESMA), the United States Securities and Exchange Commission (SEC), the UK Financial Conduct authority (FCA), and other international bodies issue steep fines to anyone in the fund industry mismanaging their client’s assets.
Hacks and fines reach headlines every year. In recent months an investment research firm leaked almost 90 million sets of client data. The US’s OCC (Office of the Comptroller for Currency) also issued a separate $60 million dollar fine to an investment company for data protection failures. Lapses in data security tarnish businesses, tanking trust in their efficacy. With a recent PwC study stating that 85% for customers would ‘take their business elsewhere if they don’t trust a company is handling their data responsibly’, managed funds firms maintain a vested interest in diversifying their threat intelligence.
Conclusions: How fund managers understand threat landscapes
To navigate their evolving threat landscapes, successful financiers take a two-pronged approach to digital risk protection: shoring up their existing infrastructure, and embracing new tools to keep their business safe. Forward-thinking fund managers meet AI-powered threats with AI-powered solutions, collaborating with risk protection experts to disarm threats before they strike. Learn more about proactive digital strategies, and how fund managers deploy them to tackle risks online, in our tailored guide for the banking and financial services industry.