Bringing you live news and features since 2006 

George Ralph, RFA

Does cybersecurity utopia really exist?


By George Ralph, RFA – Imagine you’re the CTO of a successful hedge fund. You’re not big enough to have a dedicated CISO but you think you’re doing a pretty good job of securing your network. Your applications and databases are secure, you’ve just invested in a network intrusion detection system and some next generation firewalls.

Next, you move on to your internet traffic and cloud services. You make sure your firm’s SSL certificates are up to date, and you use HTTPS and OAuth2.0. Then you insist all remote users access the network via secure VPN, that files are encrypted and that you have a comprehensive mobile security strategy in place. You have invested significant time and money into this multi-layered security portfolio because you know the value of your data, your firm can’t afford any disruption to trading or service, and you know you could face a hefty fine if the regulators find out about a cybersecurity breach. 

All that effort, all that budget, can be rendered entirely useless if your employees are not trained to spot and avoid cyberattacks.

2017’s “The Global State of Information Security Survey” reported that 38 per cent of respondents had experienced phishing scams, making it the top cybersecurity threat. In addition, 28 per cent of respondents reported security compromises of mobile devices.

Even more worrying, Wombat Security Technologies recently published the results of an international cybersecurity awareness survey in their 2017 User Risk Report. When questioned, only 40 per cent of respondents knew what ransomware was. 58 per cent of respondents in the UK gave the wrong answer or could not even hazard a guess at what ransomware was. When asked if they had ever fallen for a phishing attack, over 30 per cent said yes, and 15 per cent didn’t know. 

What if there was a unique cyber awareness training programme, which used mock attacks and simulated email, voice and SMS phishing attacks in order to highlight risks and employee weaknesses.

What if there was a simulated phishing platform, which used personalised landing pages, attachments and spoof domains in sophisticated trial attacks, both pre and post training for benchmarking and to indicate progress? A way of firms being able to identify potential users who may be more susceptible to attack than others. A way of giving immediate feedback to users who do click on a link or open an attachment, with a copy of the email, highlighting all the red flags to reinforce the training they have had. 

The training programme that employees get could be engaging enough to be effective, making sure that users are aware of the mechanisms of spam, spear phishing, malware and social engineering. It could cover PCI compliance, the basics of credit card security, how to handle sensitive information and how to secure non-public personal information. It could include lessons on how to create strong passwords, tips on safe web browsing, best practice for social media use and the dangers of unidentified USB devices. It could be so good, so interesting, that employees actually told their friends and family what they had learnt.

Wouldn’t be great? RFA offers comprehensive cybersecurity training and a simulation platform which allows organisations to test employees knowledge in a realistic way, giving feedback and pointers along the way.

Latest News

ETF data consultant ETFGI reports that assets invested in the global ETF industry reached a new record of USD12.71 trillion..
Calastone has published an ETF white paper which examines several of the processes that take place across the lifecycle of..
Adapting product lines to fit into changing methodologies and meet shifting demand is essential to remaining relevant in the industry..
Investors urgently need greater access to diversified investment strategies aligned with the Paris Agreement on climate change if the world..

Related Articles

Taylor Krystkowiak, Themes ETFs
Themes ETFs opened its doors in December 2023, with an introductory suite of 11 ETFs – seven thematic and four...
Konrad Sippel, Solactive
At the end of March, financial index specialist, Solactive, published its 2024 annual report on future trends.  ...
Lorraine Sereyjol-Garros, BNP Paribas
Following changes to the French Monetary and Financial Code and of the French market authority AMF’s General Regulation, it is...
Ed Rosenberg, Texas Capital
Texas Capital Bank first opened its doors back in December 1998 and nowadays offers wealth-management services, as well as commercial,...
Subscribe to the ETF Express newsletter

Subscribe for access to our weekly newsletter, newsletter archive, updates on the site and exclusive email content.

Marketing by