In the 1983 movie WarGames, a young Matthew Broderick starred as hacker David Lightman, who unwittingly accesses a US military supercomputer tied to the country’s nuclear arsenal. In the drama that unfolds, what our hero believes to be a computer game almost leads to the start of World War III and the near certain annihilation of humanity. Perhaps unsurprisingly, the screenwriters based Broderick’s character on real life hackers – albeit at an extremely basic level compared to our understanding of their activity today.
The film’s plotline was somewhat fanciful at the time, not least because the internet did not exist in the way we understand it today. Nowadays, it seems all too plausible and threats with some kind of ‘cyber’ involvement are mainstream news. From accusations of state sponsored manipulation of elections to corporate espionage, cyber security is a major issue for everyone. In the wealth management world, data breach is a hot topic with an estimated 12 billion records stolen in 2018 but expected to rise to 33 billion in 2023, according to Juniper Research.
At Affinity, we are alive to the ever-changing risks faced in this area. During our set-up phase through 2011, IT architecture was something we considered very carefully. At the time, a standard approach was for businesses to build and operate all IT infrastructure themselves. This involved purchasing equipment that quickly became outdated, as well as constantly maintaining software security protocols and ensuring appropriate physical conditions and integrity. Moreover, dedicated IT departments were typically established to deliver this, all at a commensurate cost. Despite this commitment of resources, we have learnt over the years, even the largest businesses taking this approach have suffered significant data breaches.
As an alternative, we felt the concept of cloud computing and managed IT environments was compelling. Not only did it appear to be more suited to scale – allowing young businesses to consume in line with needs and grow accordingly – but the aggregation of multiple users in this way allowed the provider to invest in state-of-the-art equipment and processes far beyond the reach of most companies alone.
As a result of this analysis, we partnered with Logicalis who deliver all IT services through their robust iConnect platform. Importantly, given some of the concerns around data location and integrity, the architecture is all here in Jersey – this is not a ‘full’ cloud system. Logicalis constantly maintain and update their equipment and keep software security patches current. Physical security is a major component of this service as all equipment is hosted in dedicated, temperature-controlled buildings with high level security measures in place to prevent unauthorised access.
Service continuity is also a crucial feature and Logicalis deliver fully on this front. Firstly, all systems are replicated in real time and therefore available for fail-over should the need arise. Daily backups are also taken and stored at an alternative secure site. Secondly, power outage risks are managed through an uninterruptable power supply and backup generators in case of emergency need. This faced a test some years ago when Affinity staff were still able to access their systems via their mobile devices despite a Jersey-wide power cut. In fact, this system is so robust it is used by local emergency (‘blue light’) services.
Back to those hackers, penetration testing should be an important component of any IT platform. This is something that is routinely performed on iConnect and Logicalis have several scanning tools that are able to scan and detect vulnerabilities on their systems. This is supplemented by the engagement of outside specialists to periodically test integrity. Alongside this, they run strict security protocols for the management of users and data, along with measures such as ‘honeypots’, which are designed to attract malicious actors to benign areas where they can be detected and dealt with.
However, unlike in the movies, hacking risk is often more mundane and not conducted by breaching system security. There is now a recognition that humans are often the weakest link through email attacks such as ‘phishing’. In conjunction with Logicalis, Affinity have therefore implemented an ongoing process of testing all staff with increasingly sophisticated emails to test their susceptibility to such attacks. By gathering ongoing data, we are able to refine processes and direct our cyber security training to ensure the risks are well managed.
Back to 1983, as the tension reached crisis point in WarGames, the main protagonists desperately searched for ways to stop the computer proceeding with the real life nuclear attack. In a moment of clarity, the young hacker finds a way to make the system conclude there is no winner in a nuclear war – asking the computer to play itself at tic-tac-toe – and stand down. Alas, real life cyber security issues are more complex than noughts and crosses but there is still a lot to be said for keeping things simple. Our job is to preserve and enhance the hard earned wealth of our clients – allowing specialists take care of the rest.