Social Engineering considerations for investment managers
In recent years Investment Managers have been targeted by a range of malicious social engineering attacks that aim to exploit the companies and can lead to significant financial loss.
![](/uploads/assets/cache/file/20902959-E05D-45D2-9EBC262F1FE77166_square-medium.jpg)
Liberty Specialty Markets, in collaboration with cyber security advisers NCC Group, has developed a report that provides an overview of recent social engineering developments and some practical tips on how investment managers can protect their firms from these manipulation techniques.
This includes identifying:
- common forms of social engineering including phishing, vishing, smishing, pretexting and business email compromise
- defensive actions that can be taken to help staff detect attempts at social engineering
- protective business processes that can be applied including call backs, transfer verification and transaction anomaly reporting
- organisational technical controls such as multi-factor authentication, passphrases and email verification controls
- how to respond to a social engineering attack, including preparation, detection, containment and post-incident activity.
This trending topics paper shines a light on one of the most significant threats that investment managers face, and is a good practical reminder of steps that can be taken to reduce risk.