Practices warned on jump in industry cyber attacks

LexisNexis Risk Solutions director of fraud and identity Cameron Church said the incidence of cyber attacks had jumped last year as cyber criminals grew more sophisticated and the pot of money from stimulus programs such as early super release became more attractive.

“Last year was a unique year across the board, but what we’ve seen is the number of bot attacks targeting the financial services sector has increased by 2 per cent,” Mr Church said.

“That might not seem like a great number but if you consider that for the [Asia-Pacific] region we saw a total of $142 million worth of bot attacks, an increase of 2 per cent on that is fairly substantial.”

Mr Church said criminals typically gained access to consumer login details through either breaching less secure data stored from previous purchases, or by directly contacting the consumer with fraudulent claims to access their information.

“Typically there are bot-loads of data that have been compromised through data breaches or mass loads of phishing events and they’ve been pulled together into an automated script attack on a login screen, so they are constantly cycling through username and passwords to log in and see if it works,” he said.

“If it does they’ll note it down and from that list they will either take it upon themselves to use that information for their own benefit or they’ll on-sell that on the dark web as a tried and tested credential you can access.”

Mr Church said it was important for firms to have systems that monitored and detected the ways their clients typically interacted with them, and flagged when an access attempt may be abnormal.

“Having the understanding of me as your customer and how I interact with my internet portal, where am I when I usually access it, how do I usually access it, so having that behavioural information and comparing that with the anomaly of somebody trying to access it from a different part of the country,” he said.

“It’s also important to realise that this type of cyber fraud evolves as quickly as it gets shut down. For the sophisticated ones as soon as that opportunity closes they’ll evolve to try something slightly different in an attempt to not be detected, so being more agile than the cyber criminals themselves is the most important thing to do.”

Want more content on advice strategy? Register here for ifa's Business Strategy Day 2021.