Article by Sooraj Shah – Forbes
It’s no surprise that high net worth individuals are the perfect candidates for cybercriminals to attack. They have significant financial resources, wide-ranging commercial interests, a high-profile public image and valuable reputations. In many ways, they have the same challenges as a large corporation when it comes to cybersecurity, but they rarely have the cyber resources to defend themselves.
As a result, targeted attacks such as spear-phishing, can yield a high return for criminals. It was reported in 2017 that 28% of international families, family offices and family businesses have experienced a cyberattack in the past. The report, by Schillings and Campden Wealth, found that over a third (38%) of participants did not have a cybersecurity plan in place, despite 98% of families citing reputation as important to their family’s success.
At the time, Schillings’ chief executive and partner Rod Christie-Miller said family offices were failing to see these attacks as a threat to their reputation; despite the fact they can result in blackmail, extortion and smear campaigns.
Malcolm Taylor, director of cyber advisory at ITC Secure, a company which advises private clients on the threats to look out for, suggests that there have been many cases of M&A activity being disrupted by cyber criminals.
“We know of individuals who have had real difficulties with M&A because sensitive information about a transaction has been stolen by cyber criminals, it has been used to blackmail or leaked and this can cause real tangible damage to a business,” he says.
In many cases, criminals pretend they are a high-net individual, CEO or a famous person and attempt to get a company to pay them.
“We know a family office where a principal was away travelling in a part of the world where they didn’t have much connectivity and the family office received an email from the principal that says ‘pay this amount of money to this bank account, I’ll explain when I get back’. This looked like a credible e-mail to those at the office,” he says.
But when the principal gets back, they had no idea what payment the office was referring to – a criminal had clearly researched the company and figured out when the principal was away, and who the client was. The payment – which was hundreds of thousands of pounds – had already been made.
“That example makes the point of why family offices are high value targets. It just takes maybe a month’s worth of work to research and then attack the family office and the criminals are several hundred thousands of pounds better off, which is a good rate of return,” he says.
Another example is an ongoing transaction, where people are talking about some kind of deal and hackers inject themselves into the middle of that e-mail chain and change the details of a bank account. This leads to a legitimate payment paid to the wrong bank account.
“We’ve seen millions of pounds exchanged this way on more than one occasion,” says Taylor.
What Can Family Offices Do To Thwart Attacks?
Taylor says that a risk management approach needs to be taken on board by family offices.
“Firstly they need to understand the problem and how vulnerable they are. This means analysing their technology, then looking at levels of training and awareness in the family office, and the way that cybersecurity is viewed – the culture around it. The most important thing is to tell the people around them they care about it, and thereafter can come decisions in terms of investing money, and training people,” he suggests, adding that investing in cybersecurity does not need to cost a lot of money.
“For us, high net worth individuals are valuable clients but not the ones who pay us the most revenue, it’s relatively inexpensive to protect yourself, but it is an investment to reduce risking losing more,” Taylor says.
In addition, he adds that the best way to keep secure is to still communicate face-to-face and over the phone to double check account details and figures.
“Cyber criminals don’t like the real world, that’s the point of which they lose control of their attacks, so it’s best to ring up the client or person and check details before making a payment. This is about ensuring the people who handle finances are aware of the worst-case scenarios that could happen to family offices,” Taylor says.
Taylor says clients are now being more proactive – rather than asking for help after an attack, they’re looking for cybersecurity advice beforehand. This is a good sign, as family offices and high-net worth individuals need to take cybersecurity seriously – otherwise it’s a matter of time before they lose thousands if not millions of pounds.