Origo CEO Anthony Rafferty (pictured) believes the ever increasing pressure from cybercriminal activity will see all financial services firms seek to reduce risk to their business and their reputation through a robust defensive strategy, including use of encrypted email as a matter of business hygiene and sooner rather than later.
This month it has been revealed that both the FCA and HMRC have been putting their staff through extensive and intensive cybercrime training, as cybercriminal activity has increased significantly during lockdown and is expected to continue to rise in the years ahead.
Data obtained by The Parliament Street think tank1 under the Freedom of Information (FOI) Act showed that the FCA has sent 4,430 of its employees on compulsory cyber and information security courses over the past two financial years, while HMRC has spent £262,251 putting its staff through a series of cybersecurity training courses over the same period.
At the recent Cybersecurity conference hosted by PIMFA2, when asked how vulnerable email is in the more online environment we now inhabit, Heather Adams, Managing Director UKI Risk, Accenture said: “A lot of attackers have lasered in on email servers as a target in the past year… It is a significant area of vulnerability.”
Rafferty says: “It should come as no surprise, that both the FCA and HMRC are looking to rapidly expand their employees’ knowledge of cybercrime in order to help protect UK consumers – and their own organisations – against cybercrime activity and that email security should be highlighted by companies such as Accenture.
“Criminals have found a new multi-billion pound business which they can operate remotely, is very hard to trace back to its origin and only needs one person to make one mistake for them to exploit it financially.
“But it’s not just government organisations that need to be protecting themselves against cybercrime. All financial services providers from large corporates through to small financial advice firms need to have in place robust defences to protect them and their customers – B2B and B2C.
“Typically, this takes two forms – first is the human side, which is making staff aware of cybercrime and the various forms it takes, putting in place defensive strategies and procedures and training staff to use them, as well as having defined protocols to follow should criminal activity be detected.
“Second, is to use technology to create barriers to help protect against unauthorised access. Criminals will go for the weakest link and, as has been shown during the Covid-19 pandemic, invariably this is email.
“Creating a barrier through encrypting emails and particularly for those containing confidential information or transactional instructions, and enabling them only to be opened by the intended recipient, can help protect against this kind of intrusive criminal activity.
“Cybercrime is a growing business and cybercriminals are becoming ever more adept at it – it is after all, their day job. Email encryption is a simple and effective protective step to deploy and we believe will become de rigueur for all financial services companies over the next 1-3 years as the pressure from cybercrime increases and firms and organisations seek to reduce risk to their business and their reputation through a robust defensive strategy.”
2 Financial Crime and Cyber Resilience 2021: https://www.pimfa.co.uk/event/financial-crime-cyber-resilience-conference/