Fidelity's defense against cyberattacks

Learn how Fidelity prevents and detects online threats.

  • Facebook.
  • Twitter.
  • LinkedIn.
  • Print

Key takeaways

  • Russia's attacks on Ukraine extend to the digital realm with hackers working to disrupt essential services.
  • The US government has warned that there is a risk that Russia could target the US for cyberattacks.
  • Fidelity's cybersecurity team has been closely monitoring the situation and the attacks playing out in Ukraine match familiar playbooks.
  • For individuals, the best way to prepare for the potential of any cyberattack is to exercise good cyberhygiene which can start with using strong passwords, enabling multi-factor authentication, and ensuring contact information is up to date.

The Russian invasion of Ukraine has been unsettling. In addition to the traditional weapons of war, Russia is allegedly waging cyberwarfare against the Ukrainian government, service providers, and the digital infrastructure of the country. Experts have warned that the US could be targeted for cyberattacks as well.

Fidelity's chief information security officer, Adam Ely, sat down with Viewpoints to explain what that means for Americans, how Fidelity prepares for cyberattacks, and what investors can do to protect themselves.

When we talk about cyberattacks, what does that mean?

Ely: We see a wide range of cyberattacks across the internet and the motives behind them can differ. Some cybercriminal organizations are trying to steal data to use. Others are trying to ransom data to get paid. There are some cyberattacks meant to cause destruction.

Get more Viewpoints. Sign up for the Fidelity Viewpoints® weekly email for our latest insights. Subscribe now.

That is what we’re seeing now in Ukraine—attacks meant to destroy computer systems and data to really take things offline in an effort to slow that country and its economy down.

In today's ecosystem, the threat is that the US will see these destructive attacks that are meant to harm our economy, a particular sector, or specific companies. Financial services, especially the brokerage sector, is not traditionally one of the primary targets.

What are the specific ways that cyberattacks could be used against a country?

Ely: In times of war and conflict, the biggest targets are those affiliated with the energy sector because if you can take a gas company offline, for example, you can disrupt the power supply for areas of the country. This has the biggest impact on a country’s operations. Second, attackers would try to disrupt other critical services, such as food distribution.

There are many ways to create mayhem and destruction from thousands of miles away: launching a cyberattack against a power grid, as I mentioned; causing a nuclear reactor to go offline as we’ve seen in the past; or disrupting a large food company’s distribution and logistics system. These could all cause large-scale disturbances.

We know some of that is playing out in Ukraine now, but we have not seen this happening outside of that immediate area.

Is there anything surprising or unexpected in the actions you've seen Russian cyberattackers taking against Ukraine?

Ely: Part of our normal, day-to-day operations involves watching the tactics and techniques of cybercriminal organizations around the world.

We've seen activity that we believe shows the current Russian cyberattacks against Ukraine. Those attacks match the same techniques we’ve seen in the past. So not really anything new or novel. The only thing that has changed is the intended outcome. The goal is not to steal data or to ransom data for monetary gain. The goal is destruction.

How does Fidelity defend against cyberattacks?

Ely: We run a 24/7 cybersecurity operation with people staged in multiple countries, constantly watching what's happening across the threat environment and analyzing attacks we see—including those happening to other sectors and companies.

Our cyberintelligence team is constantly taking in this information from a variety of sources, including the cyberintelligence-sharing community, government agencies, and peer companies, both from within financial services and other sectors, foreign and domestic.

We're constantly analyzing the data in order to understand trends and patterns. We use this information to pressure test our own operations, constantly looking for new ways to protect ourselves.

We always operate in a state of high alert and consider all kinds of scenarios—some highly improbable. If we were to see full-scale cyberwar across the globe, we’d be prepared. Fortunately, the world is not there yet.

How does Fidelity protect client data?

Ely: We employ a concept called defense-in-depth and focus on 3 factors: prevention, detection, and recovery.

Based on all of the intel we’re constantly gathering, we think about various techniques attackers are using, and we play out threat scenarios to determine how well we can detect and prevent them. We want to learn what additional controls we can layer in to our existing environment to give us as many opportunities as possible to prevent an attack from occurring and/or impacting the firm.

Finally, we think about recovery. If something did happen, how will we recover systems and data, and bring accounts back to the right state?

So we think across all of these dimensions and apply multiple layers of protection to make sure we have the ability to prevent attacks, detect attacks, and recover from any sort of data loss that may occur.

What can investors do to protect themselves?

Ely: For clients and customers it's always important to prioritize personal security.

Make sure Fidelity has your current contact information, most importantly your email addresses and phone numbers as these are the primary ways we would contact you in the event of an account compromise. Additionally, I cannot stress how important it is to use unique passwords and add multi-factor authentication to your accounts. If someone calls or emails you about any of your accounts, validate who’s calling.

These may seem like basic steps to take, but they're the best things you can do to keep yourself protected. Good, fundamental cyberhygiene is always important.

Next steps to consider



Get organized with FidSafe®


Safeguard important financial, legal, and personal documents.



Protect your accountsLog In Required


Take action to enhance security on your Fidelity accounts.



Could you be a target for cyber-crime?


Understanding the potential threats can help keep your online accounts safe.

  • Facebook.
  • Twitter.
  • LinkedIn.
  • Print
close
Please enter a valid e-mail address
Please enter a valid e-mail address
Important legal information about the e-mail you will be sending. By using this service, you agree to input your real e-mail address and only send it to people you know. It is a violation of law in some jurisdictions to falsely identify yourself in an e-mail. All information you provide will be used by Fidelity solely for the purpose of sending the e-mail on your behalf.The subject line of the e-mail you send will be "Fidelity.com: "

Your e-mail has been sent.
close

Your e-mail has been sent.

Sign up for Fidelity Viewpoints®

Get a weekly email of our pros' current thinking about financial markets, investing strategies, and personal finance.