International cyber criminals have Australian nest eggs in their sights, with at least $600 billion in cash reserves held by self-managed super funds, financial planning and stockbroking-related accounts particularly at risk, experts have warned.
Alex Tilley, a researcher with cybercrime fighter SecureWorks, told The New Daily that Australian investment accounts “are becoming more of a target for international criminals because the banking sector has been very successful at protecting itself”.
Because the banks have become difficult to crack, cyber criminals have turned their attention to piles of cash outside the banking system and “while the numbers [of successful cyber raids] are hard to quantify, we know they are trying. If they keep coming back it probably means they are being successful sometimes”.
There are four areas particularly at risk from cyber-targeting because they have large amounts of cash on deposit.
The 1.08 million Australians who have $647 billion in SMSFs have 19 per cent of it, or $128 billion in cash, according to research from SuperConcepts.
Australia’s 25,000 financial planners manage $2.57 trillion for clients. If the 19 per cent cash allocation of SMSFs is applied, they manage $486 billion in cash.
Stockbrokers and lawyers also hold billions for their clients in cash trusts and other arrangements which could also be targeted.
The name of the game for cyber criminals is to get into the systems of these organisations, or the accountants and lawyers who service their clients and “look around to see what they need to do to move funds around”, Mr Tilley said.
“They can find passwords and protocols to get access to funds.”
Regulators have called attention to the dangers with AUSTRAC assessing the risk for the financial planning sector as “medium”.
It has called on the sector to make improvements to internal controls and better reporting “a greater part of organisational culture”.
AUSTRAC said that in the two years to March 2016, financial planners reported $75.9 million in 273 suspicious transactions, half of which were cyber-related.
Ben Marshan, policy chief for the Financial Planning Association of Australia, admitted that the industry was at risk.
“Planners send through investment instructions for clients and a lot of it happens by email,” he said.
“It might be better for the industry to use more secure methods like web portals rather than emails. We are encouraging that.
“Financial planners don’t hold money, it is held by product manufacturers [who run investment funds]. However, if cyber criminals get access to passwords and protocols, they can access the funds.”
Professional firms and advisers “need to ensure they have a really good insight into what their customers can do through their portals to tighten security”, Mr Tilley said.
“Cyber criminals often avail themselves of existing stolen data on the internet and use this to find targets to access.”
While banks will make good funds lost to cyber fraud, the situation with non-bank investment funds is not always as clear.
“The professional indemnity insurance taken out by planners often features criminal insurance to cover cyber crime,” Mr Marshan said.
The WannaCry ransomware attack that hit businesses and individuals in more that 100 countries in May affected some Australian financial planners, Mr Marshan said.
It is not clear whether any paid ransoms to have their systems unlocked.