In recent years Investment Managers have been targeted by a range of malicious social engineering attacks that aim to exploit the companies and can lead to significant financial loss.
Liberty Specialty Markets, in collaboration with cyber security advisers NCC Group, has developed a report that provides an overview of recent social engineering developments and some practical tips on how investment managers can protect their firms from these manipulation techniques.
This includes identifying:
- common forms of social engineering including phishing, vishing, smishing, pretexting and business email compromise
- defensive actions that can be taken to help staff detect attempts at social engineering
- protective business processes that can be applied including call backs, transfer verification and transaction anomaly reporting
- organisational technical controls such as multi-factor authentication, passphrases and email verification controls
- how to respond to a social engineering attack, including preparation, detection, containment and post-incident activity.
This trending topics paper shines a light on one of the most significant threats that investment managers face, and is a good practical reminder of steps that can be taken to reduce risk.