Redpave Security – Redpave Security

Securing your family's legacy in the digital age.

Menu

Securing your family's legacy in the digital age.

July 13, 2022

Is your family office vulnerable to cyber attacks?

PREVIOUS ARTICLE

NEXT ARTICLE

Why are cyber criminals targetting family offices?

Cyber criminals identity and prioritize targets that deal with large sums of money or who hold valuable information (that may be used to make large sums of money). The majority of family offices we work with start out with these characteristics:

  • Basic “consumer grade” cyber security defenses (anti virus, consumer internet router and WiFi)
  • Handling large sums of money.
  • Handling valuable information.

Cyber criminals are actively targeting family offices as the risk vs reward is in their favor.

Key cyber threats for family offices

Family offices are often targeted with cyber extortion, cyber fraud and cyber espionage attacks.

Extortion

Ransomware is a type of malicious software (malware) that gains access to your computer or office network and scrambles your files in a way that only the attackers know how to reverse. Ransomware is widely exploited by cybercriminals against both individuals and organisations, and costed the global economy an estimated $5 billion in 2017. Often ransomware attacks are non-targeted, meaning they cast a wide net and try to extort whoever is successfully

Blackmail is on the rise. Cybercriminals infiltrate an organisation’s network and extort victims with the threat of releasing stolen data. High-profile individuals represent attractive targets to extortionists due to the perceived impact that publishing of sensitive data would have on their reputation and finances.

Implementing endpoint security products, maintaining regular backups and awareness training can reduce risk of extortion attacks but not significantly or in isolation. It’s important to develop a cyber strategy that addresses training, products and processes tailored to the specific scenario.

Fraud

Business email hacking is a common attack from cyber criminals. Once they gain control of your email they may attempt to impersonate the role of the victim or the company for financial fraud. Fraudsters mimic the email address or hack into the email account of a trusted colleague or client to impersonate them and defraud victims of large sums, often millions of dollars.

Social media hijacking if your family business is publicly traded what executives post on social media can have a significant impact on the equities value. Investors often monitor the social media accounts of executives at firsts they are invested in or are interested in investing in. An attacker with temporary control over the social media account of a high profile person could make posts that impact the stock prices of a listed entities linked to the victim. They could also publish content of private messages or attempt to ruin their reputation with defamatory information.

Espionage

Cyber espionage involves sophisticated groups stealing data for political or commercial motives. Criminals, for instance, do it for insider trading or as hackers-for-hire for competitors. Family offices can have significant stakes in third party companies, while their owners often have political relevance. This means that individuals and their family offices are likely targets for cyber espionage, whether commercially or politically motivated. Stolen sensitive data could be used by hostile governments for surveillance or even to publish perceived embarrassing information.

Physical Threats

Information gathering and unwanted attention.
The information openly available online and from social media can reveal a significant amount of personal details that could be used to harass individuals or endanger their safety. Paparazzi can use public posts to harass high profile individuals. Threat actors can use access to information about friends and family, contacts, travel plans and current activities to plan a physical attack to an individual’s safety. Threats to wealthy individuals have already been caused by incautious use of social media, such as family members sharing on social media the exact location of residence while abroad.

Vehicle compromise. Private jets, super yachts, and cars are targets due to their increasing reliance on connected devices. Modern yachts are particularly vulnerable13. Successful compromise can allow threat actors to take control of the engine and navigation systems. In at least one case, a cyber intrusion led to a full compromise of a superyacht, while GPS spoofing is increasingly prevalent. High value cars also represent potential targets, although real-life exploitations have so far remained limited to keyless car theft.

High value homes compromise
Internet of things devices are increasingly present in high value homes. A 2015 study discovered that all the internet-connected security devices surveyed contained significant security vulnerabilities that would grant remote control of the device. The impact could be severe. Weak internet-connected security systems could be bypassed to facilitate physical burglary, or footage from security cameras hacked and posted online

Top Ten Recommendations for Family Offices

This section provides a brief summary of the top ten key controls that family offices and those they serve should prioritise in order to most effectively mitigate the cyber threats highlighted above. While some can be implemented in-house, others are more frequently outsourced by family offices to specialist providers for effectiveness and cost efficiency.

  1. Asset management – it’s difficult to secure your digital assets without a complete inventory.
  2. Cyber threat intelligence – selecting a quality threat intelligence service that can monitor your credentials and alert if anything of your information is leaked in underground cyber criminal markets.
  3. Backups and recovery – how do you backup your systems? How would you restore data in the case of an outage or hardware failure?
  4. Training and awareness – it’s important to keep employees and family members aware of security basics so
  5. Endpoint protection – like medical check-ups detect potential health issues in your body, anti-virus software prevents and detect malicious activity in your IT systems. Make sure to maintain it always up to date.
  6. Authentication – your house has strong locks and unique keys, so should your digital life. Always use strong passwords, restrict the use of administrator rights in your network, and protect important accounts with multi-factor authentication.
  7. Secure by design – buildings must be designed for safety, so should your IT network. Ask your IT provider if they do configuration hardening, network segmentation, vulnerability management, and automated patching. These help minimise what attackers can exploit.
  8. Firewalls and content security – like fences around buildings, firewalls protect your digital systems. Invest in firewalls and web proxy technologies to help detect and prevent potentially malicious network traffic trying to infiltrate your IT systems.
  9. Threat monitoring and penetration testing – Test your IT environment for potential weakness that attackers could exploit, and use monitoring technologies to detect behavioral anomalies in computers and networks. This will help identify indications of attacks, facilitate an early response, and minimise possible impacts on the family, their assets or wealth.
  10. Incident response planning – use of retained expertise to assist in planning, rehearsing and responding to any anticipated or actual cyber incidents and attacks.Many security controls, technologies and practices are available to help establish a resilient posture.

The top ten strategic controls above are considered key and, when implemented correctly and in combination, can provide a robust cyber defense capability. This will enable family offices to proactively predict and protect against known threats, while remaining vigilant and adequately prepared to detect and respond to new and emerging ones.