Cybersecurity attacks target the wealthy
Changes in technology over the past couple of decades have created untold opportunities. With terms like digital age, information age, wireless and connectivity, the era of computers combined with the Internet is abound with promise. Unfortunately, not everyone has harnessed these powers for good. Lone hackers, criminal enterprises and even nation states have used this technology for nefarious purposes. And those with wealth and prestige are becoming more frequent targets.
Estimates are that by 2021, cybercrime will hit $6 trillion. Since 2013, 15 billion data records have been stolen. These statistics are staggering. A recent study indicates Americans are more concerned about cybercrime than physical crimes. Such statistics show just how vulnerable Americans feel and how real the problem has become.
What are the risks?
The financial risks are the most clearly understood. Cybercrime losses will hit $6 trillion by 2021. Operational risks to businesses and family offices also abound. If a cyber attack compromises the email accounts of a business, normal business operations must cease, forensic investigations will commence, and use of alternative methods of communication during the interim are required, all of which take their toll on the business. Reputational risks are very hard to quantify. If a wealth manager, medical provider, or other trusted service provider has a publicized breach, trust and confidence in that business will wane, and clients may decide to take their business elsewhere. Finally, privacy considerations are also a concern. Sensitive information, communications, and pictures, if exposed to the public, could cause untold damage on a business or family.
What tactics are used by cybercriminals?
Account Compromise & Business Email Compromise (BEC). Through phishing, malware and social engineering, cybercriminals will attempt to compromise your bank, investment, crypto currency, email and other sensitive accounts for financial gain or use information obtained (i.e., SSN, DOB, Passport info, personal photos and videos, personal emails, etc.) to conduct Identity Theft, harassment or even extortion.
Additionally, businesses, from large corporations to family-owned enterprises (including family offices), are frequently subject to BEC scams that target high-level executives, finance personnel and wealthy individuals who are responsible for initiating wire transfers. In fact, BEC losses topped $26 billion in 2019 alone. BEC scams attempt to compromise a target’s email account through email spoofing, use of keyloggers or successfully phishing an individual and collecting their user credentials.
The attacker will then intercept emails and initiate fund transfer requests to other employees, business partners, your family office or vendors that include payment instructions redirecting the money to a criminal account. You may never even see these emails, as attackers can adjust the email routing rules and keep them hidden from your view. You may only become aware of the situation once the money has gone out the door.
Ransomware. Ransomware is one of the most damaging attacks that can hit a computer/system. It encrypts files, making them useless. Ransomware most often happens when people click unsafe links or download attachments, typically sent to them through phishing emails. The victim does not have the decryption key, so there is no obvious way to get the files back. Cybercriminals may then threaten to expose information or hold the information until an extortion fee, usually in the form of crypto currency, is paid. This can leave businesses unable to operate or in a precarious position if the information has reputational or financial impacts.
Gathering Overshared Information. Cybercriminals will leverage information they find about you on the Internet to conduct attacks. Data brokers use information found in public records to create dossiers about you and your family, which cyber criminals will buy. Most social media platforms share your information publicly, unless you proactively change your privacy preferences. Furthermore, manufacturers of mobile devices, computers and apps collect and share information unless you restrict these permissions.
Home Networks and Personal Devices Are Vulnerable
It is no secret that companies recognize the risk to their infrastructure, data, and people. In 2019, worldwide spending on information security products and services was estimated to be $124 billion. Large companies, banks, and other financial institutions have created entire departments within their organization to combat the threat from cyber scams.
But how are these same companies protecting executives when they are at home? It is often the case that companies are doing fairly little. They cannot protect home networks, and they cannot monitor personal devices of their employees, for legal, privacy, logistical or other concerns. This creates a vulnerability both for the executives and the company, as key personnel are left unprotected.
How can you protect yourself and your business?
- Use anti-virus software on your devices. Although consumer-grade tools are only 40% effective, they are better than nothing. However, consider more sophisticated enterprise-grade tools to keep your devices safe.
- Regularly patch and update device security flaws or software vulnerabilities.
- Protect your email account by using a strong password and two-factor authentication. If your email account has security questions, change them to something more obscure. Be creative when providing answers to questions like “mother’s maiden name,” but be sure to remember the unique answer.
- Use an encrypted password manager. This allows you to use complex passwords so you can do away with the easy-to-guess or weak passwords.
- Protect wireless networks by naming them so they cannot be traced back to you, use a strong password to secure your network, create a separate guest network and patch your router frequently.
- Have a policy of verifying all fund transfers by phone or in person. Contact individuals based on the phone number you have on file and not what is listed in an email.
- Carefully review fund transfer email requests. Pay attention to the email address and timing of the request.
BlackCloak provides Concierge Cybersecurity services to high-net-worth individuals, high-profile persons, and corporate executives to mitigate their hacking, financial, and reputational risks. Learn more at www.blackcloak.io and @BLACKCLOAKCYBER.