Royal Holloway: Protecting investors from cyber threats
The cyber security of personal investors who use UK investment platforms to manage their pensions or savings is not well understood and not often discussed. Here we ask “What are the principal cyber threats to investors’ assets on UK investment platforms and what can be done to prevent or mitigate these threats?”
To put the research in context, this article summarises ﬁrst how a growing number of personal investors are being ‘pushed’ online to use new and emerging technologies to manage their ﬁnances. Investment platforms are the technology of choice.
It then outlines the development of a maturing criminal economy that is well-positioned to attack personal investors in this evolving sector. Cyber theft from personal investors should be expected to increase, but are investment platforms prepared for such attacks? Cyber security professionals typically use strategic and operational threat intelligence models to make sense of (and thus prevent or mitigate) cyber attacks. This research demonstrates that existing threat models are inadequate to meet the new threats facing personal investors.
Using new synthesised real-world attack data, a new threat model is developed which focuses speciﬁcally on the risks to individual investors, not solely on the risks to investment platforms or banks. This allows us to offer some new insights into actual attacks on investors and provides a new threat intelligence capability to anticipate and defend against future attacks.