Raymond James isn’t kidding around about cyber security. The firm is spending $212 million a year on technology, a "healthy percentage" of which is earmarked toward protecting advisors and their clients from online threats, according to the firm's chief information security officer Andy Zolper.
Each month, Raymond James experiences 120,000 attempted malware deliveries, 6,000 phishing attempts and 30 wire fraud attempts, Scott Curtis told attendees at the firm’s annual conference. “That's about one and a half times a day people are trying to take money out of your clients' accounts.”
As part of the firm’s protective initiative, Raymond James invested in a new cyber threat center, the surveillance arm of which is embedded into the firm’s newly relocated data center. At the firm’s St. Petersburg, Fla. headquarters, a team of five to eight people man a 24/7 command center that monitors all firm activity. "The concept is to have a physical command center and a collaborative space for our information security specialists who get involved in fraud detection," Zolper says. If the team starts to detect a major threat, the center can hold up to an 18-person team, including FBI and local law enforcement liaisons.
The day-to-day team employes three types of information security specialists: intelligence analysts who look at what is out there and what threats exist in the wider world, sensor operators who oversee the systems monitoring and inspecting data as it moves and forensic investigators who examine potential threats. "We have 63 billion computer events a month, that's the haystack we’re analyzing on a monthly basis," Zolper says.
The firm's strategy is to have the best protective controls that money can buy, or as Zolper puts it, "keep the bad guys out." But the second part of the strategy is to assume that no amount of money or resources can totally protect. "We should be ready if anything starts to happen and to spot it as soon as possible," he says.
Since Zolper joined the team two years ago, the firm has increased resources to data security by 25 percent, with Zolper adding Raymond James’ investment in the area is slightly above industry average.
In addition to firm resources, Zolper and his team also coordinate with the Financial Services Information Sharing and Analysis Center, an industry forum for collaboration on security threats. FS-ISAC provides firms with real time information and specific technical information on current threats experienced by other firms.
In February, Raymond James moved its data operations to a 50,000-square-foot facility in Denver, in part, because of recent weather and natural disasters, Curtis says.