Cyber threats to family offices

Overview

Family offices represent attractive targets for cyber attackers. Statistics indicate that family offices are becoming more frequent victims of cyber attacks – from extortion and fraud, to cyber-enabled physical threats – often leading to significant losses including disruption to systems, reputational damage, and financial loss.

Understanding cyber attackers and their tactics is key to defending the family and the family office. In this report, we provide an overview of some of the most likely threats that family offices and the families they represent may face at work, at home and in transit, including a detailed assessment of each threat, and real-life examples.

The report also suggests ten key actions that family offices should consider implementing - whether in-house or outsourced - to help prevent, detect and respond to some of the most common cyber incidents highlighted.

Most likely threats to family offices and family members

Extortion – some of the most likely forms of extortion aimed at family offices and families include “ransomware” - a type of malicious software that gains access to an individual’s computer or office network and scrambles their files in a way that only the attackers know how to reverse – and “blackmail to publish sensitive data” where cybercriminals infiltrate an organisation’s network and extort victims with the threat of releasing stolen data.

Fraud – the rise of social media has subsequently led to the rise of “social media hijacking”. This is when cybercriminals take temporary control over a high profile individual’s social media account and can post bogus information in an attempt to damage their reputation or impact stock prices of any listed entities linked to the victim. “Business email hack” is another common form of fraud aimed at high profile individuals where fraudsters mimic the email address or hack into the email account of a trusted colleague or client to impersonate them and defraud victims of large sums of money.

Espionage – family offices can have significant stakes in third party companies, while their owners often have political relevance. They are therefore particularly likely targets for “cyber espionage” which involves sophisticated groups stealing data for political or commercial motives. Stolen sensitive data could be used by hostile governments for surveillance or even to publish perceived embarrassing information.

Cyber-enabled physical threats – these can come in several forms including “information gathering (often from social media) and unwanted attention” which can be used to harass individuals or endanger their safety; “vehicle compromise” where threat actors take control of the engine and navigation systems of private jets, super yachts, and cars; and “high value homes and estates compromise” which can involve bypassing weak internet-connected security systems to facilitate physical burglary, or footage from security cameras hacked and posted online.

Our top ten key actions to help family offices prevent, detect and respond to cyber incidents

1. Asset management – understand and protect the digital assets that are most critical to supporting your family and their wealth.
2. Cyber threat intelligence – commission a service to monitor online open and closed sources to help identify early warnings of potential threats.
3. Adequate backups and recovery strategy – install a technical solution to store and preserve the integrity of data backups.
4. Training and awareness – use active training and credible material to ensure staff are aware of the threats, how to prevent and detect them, and why it is important.
5. Endpoint protection – install and maintain anti-virus software to prevent and detect malicious activity in your IT systems.
6. Authentication – always use strong passwords, restrict the use of administrator rights in your network, and protect important accounts with multi-factor authentication.
7. Secure by design – ask your IT provider if they do configuration hardening, network segmentation, vulnerability management, and automated patching to help minimise what attackers can exploit.
8. Firewalls and content security - invest in firewalls and web proxy technologies to help detect and prevent potentially malicious network traffic trying to infiltrate your IT systems.
9. Threat monitoring and penetration testing – test your IT environment for potential weakness that attackers could exploit, and use monitoring technologies to detect behavioural anomalies in computers and networks to help identify indications of attacks, facilitate an early response, and minimise possible impacts on the family, their assets or wealth.
10. Incident response planning – use retained expertise to assist in planning, rehearsing and responding to any anticipated or actual cyber incidents and attacks.