Cybersecurity threats abound, and any financial firm with a brand name of any size or scope has an ever-greater technology footprint to police, and one that increasingly extends into the clouds.

Automated investment service Betterment experienced this in recent days and warned its clients via email and on its website about a security incident in which an unauthorized individual gained access to systems it uses, specifically third-party software platforms that support its marketing and operations work.

I think it serves as a reminder for everyone, including financial advisors, to think about their own level of awareness and preparation for addressing similar situations. 

The perpetrator in this case pretended to be someone trusted by the company and gained access to the company email and, in turn, sent a fraudulent, crypto-related message to an undisclosed number of Betterment customers.

Fortunately, Betterment’s outreach following the incident stated that its technical infrastructure had not been breached, that no client accounts had been accessed and that no passwords or other log-in credentials for them were compromised. 

Unfortunately, the company did “believe” the unauthorized individual had accessed other customer information, including certain names, email addresses, physical addresses, phone numbers and birthdates. Betterment went on to say that those clients and those that had received the fraudulent message had been contacted and told to disregard it.

Related:WealthStack Roundup: Most Advisors Unprepared on Cybersecurity

In response to requests for additional information, Betterment communications director Katharine Sargent referred Wealth Management to the same
company webpage.

It remains unclear whether any advisory firms using
Betterment Advisor Solutions or end clients of that service were among those who received the crypto message or whether it went only to a subset of the company’s direct-to-consumer client base.

Betterment’s investigation is ongoing, and the company reported that it had engaged a cybersecurity firm to assist.

Advisor Technology Takeaways

To be sure, this type of identity impersonation has become a ubiquitous strategy among scammers, fraudsters and others with malicious intent out in the cyber landscape. 

Asked what advisors should take away from this incident, which is a form of
social engineering attack, Maxwell Alles, founder and CEO of
IT and cybersecurity managed services provider Alles Technology, said such attacks are a big and growing problem.

“In the 21st century, we have the right tools available to stop most technical breaches,” he said. “Scams are what advisory firms and companies should be most concerned with.”

While Betterment did not share specifics, this was a case where the company’s business email had been compromised, possibly an employee had mistakenly shared their email and password with someone they thought was a colleague or third-party partner they knew or worked with, but was not, seems likely.

On the technology side, Alles said email sign-in monitoring becomes important in preventing this type of incident and that a well-prepared larger firm (one with at least some IT staffers or resources) would rely on that and the use and enforcement of conditional access policies—such as only allowing someone from a company-protected device access to the systems in this case used in sending the fraudulent message—are examples that could have prevented or stopped the incident.

For smaller advisory shops, he said, managed security services providers like his, which an advisor would contract with for outsourced security monitoring of their systems, are one answer.

“These services are very modular and even a single-user office can affordably access them,” said Alles.

The Human Firewall

While firms need to be as prepared as possible on the technology front, Paul Osterberg, CEO of cybersecurity risk assessment and support firm Security Basecamp, said addressing the human side of preparation has grown to be of critical importance, too.

“We can have the best infrastructure, castled controls, encryption in place, but without really good third-party risk management, without good security and awareness training, things that address the human element, we will always continue to have cybersecurity-related issues.

He said really hardening a firm’s defenses from a social engineering perspective can require a lot of training, including role-specific work and social engineering simulations, testing out hypothetical situations.

“The human firewall needs to be put in place,” he said.

This can include evidence that people have and understand the issues around identity recognition, and that a firm develops good guardrails around customer communications.

“Annual risk assessment and continuous monitoring and ongoing reviews and behavioral change among humans is really important,” said Osterberg.

The Crypto Twist

The technology and social engineering aspects of this incident were not the only ones I think that advisors should remain aware of. While Betterment did not share the contents of the crypto message in its incident, there has been no shortage of scammers attempting and succeeding in cryptocurrency theft.

“The thing about crypto, once it’s gone it’s gone,” said Alles.

“Folks with crypto should be very much aware of security, even independent individuals, because there are no safety nets for it that you have throughout the traditional financial services industry,” he said (for example, the ability to cancel or call back a traditional bank wire transfer).

Last year’s hacking of the major Chinese cryptocurrency exchange Bybit, and the theft of what has been valued at $1.5 billion in digital assets, remains to date the largest crypto heist in history.

As CNBC reported, the blockchain analysis firms, Elliptic and Arkham Intelligence, in their later analysis of the Bybit hack, were able to reconstruct part of the digital trail of the stolen crypto as it was moved to various accounts across the Internet.

The most popular forms of crypto (in the Bybit case it was Ether) have become target assets of choice because of how adept and fast hackers have become at seemingly making these digital assets disappear into the, well, ether.