Advisor Group Enhances Cybersecurity Preparedness with Appointment of New CISO


Cybersecurity is a critical function at any wealth management firm, and at a firm as large as Advisor Group, with six subsidiary firms and well over 10,000 financial advisors nationwide, protecting sensitive or confidential data is no small task.

For Advisor Group, there has been a clear emphasis on continuously investing in cybersecurity resources, tools and expertise well before multiple high-profile ransomware attacks on major businesses earlier this year.

For example, the firm has leveraged comprehensive services from one of the top cybersecurity solutions providers for the wealth management space, Silicon Valley-based Entreda, as one of its strategic partners in Advisor Group’s CyberGuard Program, launched in 2019.

Advisor Group’s ongoing emphasis on reinforcing its strengths in cybersecurity is reflected in the recent appointment of Clayton Chandler as the firm’s new Chief Information & Security Officer (CISO), reporting directly to Ed Obuchowski, Chief Technology Officer. Chandler previously held a similar role at Credit Suisse, which followed roles at the National Security Agency and Los Alamos National Laboratory.

We sat down with Chandler recently to discuss what attracted him to the role at Advisor Group, what he sees as the most pressing issues in the data and privacy arenas right now and where the future is headed for cybersecurity efforts, both for the industry and for his new firm.

DWN:  You had a big job before at Credit Suisse, as CISO for the investment bank, risk and compliance and Americas.  Why did the CISO role at Advisor Group appeal to you?

With the massive transfer of generational wealth and the Millennial generation coming into its own as investors, Advisor Group today is an organization poised for growth, and I really saw an exciting opportunity to help this great organization navigate the security and privacy environment as it scales up.

Growth brings new types of cyber risks and regulatory requirements, and financial services firms’ technological infrastructure and delivery processes must be up to the challenge.

My prior experience with large-scale financial services technology at Credit Suisse puts me in a great position to support Advisor Group as it continues to grow in the future, and I couldn’t pass up the chance to join the company at this pivotal moment in its journey.

DWN:  The escalated risks of ransomware are one of the most frequently referenced potential technology challenges for firms and their financial advisors.  Would you agree with this perspective, and if so, how will you drive greater cybersecurity protections for Advisor Group and its affiliated professionals? 

Whether this threat or another is the “threat of the moment” is not really the question that I, as a cybersecurity professional, must answer.

The cyber environment has a broad range of threats, and as the leaders tasked with protecting our organizations, we must be adept at sizing up each one and building smart, adaptive and holistic cybersecurity systems that provide seamless protection against breaches. In short, cyberattackers don’t come just one at a time; they’re always coming at organizations, and in waves, so firms must be ready for whatever arrives at their doorstep.

That all said, I’m certainly aware of the current sensitivity about ransomware, given all the attention it has received in recent months.

Without going into too much detail, combatting ransomware – as with other cyber threats – is a multiprong approach that includes cyber awareness training for all users, continuous scanning of networks and devices for weak points and frequent backup of data from all devices.

The last item is a key bit of basic cyber hygiene that can thwart ransomware – if data exists elsewhere, it can’t be held for ransom.

DWN:  Outside of ransomware, what do you believe are the three biggest cybersecurity risks to independent wealth management firms today, and how can such risks be mitigated?

Many of the most prevalent threats to firms’ networks are the ones that cybersecurity experts have been warning them about for years. For example, phishing remains a predominant way that cyberthieves gain access to proprietary networks. A single click on a fraudulent email would render all the other defenses that organizations put up useless.

It’s said that the simplest solutions are often the most powerful, and in this case it’s true. Training users to identify phishing attempts is crucial, accompanied by in situ tests to evaluate whether users are incorporating what they’ve learned into their regular working routines.

Another key area is vendor security. In a world in which data is continually being shared between networks, it’s crucial that wealth management firms only let trusted third parties access their data. It’s incumbent on CISOs, then, to invest in the capability to do the robust due diligence on vendors that will enable firms to share data confidently.

The last item I’d mention is the security of all devices that access a firm’s network – not just the computers and mobile devices that advisors and firm employees use to do their jobs.

This also includes printers, cameras, smart speakers, smart thermostats, home or office security systems, streaming devices, etc. The list goes on. All these devices potentially access a network and, as such, fall under the purview of an organizations cybersecurity program and must be secured.

DWN:  What are the specific strengths of Advisor Group’s current cybersecurity offerings that you will be building on going forward?

I would say that Advisor Group’s offerings combine the flexibility, scalability and robustness that are needed to provide coverage and protection for the thousands of advisors, their staffs, home office employees and network-level personnel that make up the Advisor Group organization.

We have brought together best-in-breed third-party solutions with our own home-grown innovations to build CyberGuard, a system that provides us the framework and infrastructure to protect our organization today yet is versatile enough to adapt as cyber threats evolve.