estate planning | insurance | investing | portfolio spotlight | TeCHnOlOGy & OPeRaTiOns | your practice
The Growing Cyberthreat To Family Offices
Sophisticated hackers are increasingly targeting family offices and ultra-highnet-worth individuals .
By Daniel Berick & J . D . Bridges
High-neT-worTh fAmilieS And family offices are attractive targets for cybercriminals , as many of these offices lack sophisticated — or even basic — security infrastructures . it ’ s even more devastating when hackers target a family office with a global reach . given how easy it is to target these victims and their attractive profiles , cybercriminals ’ attacks have become more specific and sophisticated ( as well as more numerous ). The wealthy are particularly vulnerable to so-called “ phishing ” and “ spear-phishing ” attacks .
This software locks up a computer or network , and attackers using it send a message to the victims , saying they ’ ll refuse to release the affected devices until a ransom is paid . The most common types of ransomware encrypt the data stored on the victim ’ s network . The encryption can only be undone by the use of a unique computer code “ key ,” which the perpetrators provide after being paid a ransom ( usually in cryptocurrency , such as bitcoin ). Sometimes the perpetrators ( who are known as “ threat actors ” in the law enforcement and legal communities ) will remove the data from the affected systems before encrypting it and threaten to release it publicly or sell it on the dark web . oftentimes , this data has been specifically sought out and stolen by the threat actors well before the computer systems are locked and the ransom demanded , sometimes months before . This is clear evidence of the sophistication and planning behind such crimes .
Cybercriminals single out family offices and the wealthy with these types of attack for several reasons . These offices lack the kinds of sophisticated information security used by major corporations ( the family offices might not initially believe their data is tempting to malefactors ). Yet the victims often have financial information that would cause major problems if revealed publicly or sold to criminals . The attackers might also search for embarrassing or private information about the individual or family , especially if the computers or networks are used for both personal and office business , and demand payment to keep from publicizing such information .
“ Phishing ” is a form of cybercrime that gets its name from the way in which the criminals set out “ bait ” ( often in the form of faked or spoofed emails ) and hope someone clicks on a link or follows instructions they shouldn ’ t . The user gets “ caught ” by following the steps — and then infecting their network . Some phishing emails are generic and imitate communications from a common internet provider or retailer . A malicious link might download a virus onto the computer of the
30 | financial advisor magazine | July / august 2021 www . fa-mag . com