As managing director and corporate information security officer at DTCC, Mark Clancy works with government networks as well as financial firms to stop cyber threats targeting the financial sector. In June Clancy testified before a Congressional subcommittee about the closure of the Government Information Sharing Framework, a program that helped both businesses and federal agencies share information on these threats. WealthManagement.com talked to him about the threats to smaller firms, and how they can protect themselves.
"It’s an ecosystem challenge. What we’ve seen the bad guys moving down the food chain to tap smaller institutions to get what they want, because those smaller firms might have a relationship with the big institutions. The challenge is smaller shops don’t run their own capabilities [in-house]. But because the smaller institution has a trusted relationship with a larger institution, which the bad guy wants, they exploit that channel. One way this works is they may impersonate the smaller institution and make a request from the larger institution, which would be granted. They wouldn’t do that with a request from, say, an uncle from Nigeria. There’s been an escalation of techniques from hackers. But also institutions are getting better at defensive ways that work, so the bad guys then have to innovate. It’s all part of this cyber arms race.”
"If you’re a smaller firm, and you’re using a service provider for a trading platform or order management, you want to see if they’re engaged with these types of programs where the private and public sectors are share information. That might mean being a member of a trade association to get alerts on cyberthreats; a smaller firm can get the benefit of that infrastructure. That’s the best model for an individual advisor to use."