Cyber attacks have been one of the largest problems for pretty much all businesses. For years, hackers continued conducting all kinds of attacks, attempting to steal money, data, secrets, software, and anything else that they can sell.
Recent statistics show that family offices are becoming more and more popular as targets of these attacks. Data breaches are can bring a lot of trouble apart from just bypassing defenses, and they usually result in causing a lot of damage to the system itself. After sensitive data is accessed, a lot of people are usually affected, and apart from suffering financial damage, family offices also gain a bad reputation.
So far, it is estimated that 28% of international family businesses and offices fell victims to different kinds of hacking attacks. Incidents like this can end up costing these businesses as much as $10 million. Since family businesses usually operate with a lot of money, it is imperative that they start treating online threats more seriously, and implement adequate defenses.
Why are Family Offices in Danger?
Cybercrime is not a problem that is going to go away, or ever be solved. Criminals have already managed to steal vast amounts of money, with researchers estimating that this amount will likely reach around $6 trillion by 2021. In addition, it is also estimated that over 90% of all companies will have suffered at least one cyber attack by this year.
When it comes to family businesses and family offices, they usually relied on banks to exercise necessary requirements and governance in regards to security and protection of funds and data. However, times have changed, and numerous banks have fallen victim to attacks performed by criminal organizations such as Lazarus Group, as well. Because of that, family offices need to take more responsibility when it comes to protecting themselves, and they simply cannot rely on banks to say what is necessary.
One of the largest threats to any type of business, family business included, is malware attack. Malware attacks can include any type of malicious file, and there are many of them, each with its own purpose and method of operation. And yet, the vast majority of all malware attacks (92% of them) infects devices via email.
Types of Attacks
Most of those attacks come as part of phishing attacks, where recipients are tricked into thinking that a legitimate party is sending the email. Most of them are delivering malicious links or files, and they aim to compromise devices of someone with authority to authorize wire transfers, or access sensitive data.
Apart from that, there are also threats such as cryptojacking, where devices are being used for mining cryptocurrencies on attacker's behalf, as well as ransomware, where devices are locked and hackers demand payment in order to unlock infected computers. These are much more dangerous things than viruses that people had to deal with a few years ago.
While ransomware is still very active, cryptojacking has grown to be a new favorite method for a lot of hackers, as most of the mining can be done secretly. Since victims do not even realize that they are victims for a long time, hackers can easily mine a lot more coins than they would get in case of requesting a ransom.
It should also be noted that social networks such as Facebook, LinkedIn, Instagram, Twitter, and alike — which businesses have grown to understand and accept — also pose a threat. This is due to the fact that criminal networks exploit these platforms as well. It is not uncommon for them to extract sensitive data that can seriously damage a firm thanks to the fact that they have compromised a few accounts.
Why do Criminals Target Family Offices?
Family offices and businesses are mostly targeted for several reasons. The first one is bad security. A lot of family offices (around 40%, according to estimates) have no cyber security policy of any kind. Due to the lack of awareness, family offices do not invest enough in their security. Not only that, but security guidelines and structure tend to be informal, and are not especially strict. Finally, they handle large amounts of money, as stated, which is often a reason enough for attempting to conduct an attack on one of them.
What can be Done About it?
In order to prevent attacks, or at least control the damage that can be caused, there are several steps that can be done by any business, family offices included.
The first step would be to actually face the fact that cyber attacks are a real threat that can occur at any time, and potentially even ruin the entire business. After that, it is important to use authentication processes for verifying various instructions, especially wire transfers.
As stated earlier, emails are the largest point of entry for any type of malware, which is why all emails that include sensitive data need to be encrypted. Important data should be backed off-site so that a single breach would not be enough for hackers to access everything that businesses have to protect. Cyber audits are also necessary in order to ensure that the security system is not compromised and that it is up to date.
Next, there should be specific rules when it comes to opening emails, and especially any links and attachments that accompany them. This also means training employees to recognize these threats, and learn how to avoid them.
There is also a need to separate personal and work resources, but also to ensure that sensitive data is not stored on devices dedicated to anyone's personal use. This will prevent accidental leaks to social media, as well as reduce the chances of someone gaining access to devices. Finally, there should be a clear response plan that is to be followed in case that cyber attack does happen. Everyone should be aware of what is to be done, as well as of how to do it.
Buying insurance against cyber attacks is also something that should be considered. Cyber attacks are a serious threat that can impact anyone, and any business at any time. As such, it is far from a game or a minor nuisance, and it deserves proper attention and recognition. Policies, procedures, and defense measures exist for a reason, and businesses that wish to keep themselves safe are encouraged to make use of them.