Open in app

Sign in

Write

Sign in

43% of Family Offices Hit by Cyberattacks — Are You Next?

Walter Gomez
7 min readAug 24, 2024

--

Imagine your home, filled with your most valuable possessions. You feel secure because you’ve invested in a state-of-the-art security system and installed multiple locks on every door. But one day, you unknowingly invite a burglar inside. All your precautions are rendered useless by a simple mistake.

This is precisely what’s happening in the world of cybersecurity. Despite the best defenses, human error can open the door to serious breaches, leaving Family Offices vulnerable.

According to Deloitte’s Family Office Insight Series, 43% of Family Offices have experienced a cyberattack within the last 2 years (Source: Deloitte).

What’s even more startling is a Standford Study indicated 88% of Cyberattacks are due to human error, while an IBM study stated 95% (Source: SecurityToday.com)

Types of Cyberattacks Being Committed

Phishing: a cyberattack method where attackers impersonate a trusted source to deceive individuals into providing sensitive information, such as usernames, passwords, credit card numbers, or other personal data. This is typically done through fraudulent emails, websites, or messages that appear to be trustworthy.

This is not hacking that involves complex programming skills, it’s simply scamming unsuspecting individuals. It is also the most common cause of a data breach and results in costing organizations an average of $4.76 million (Source: IBM)

Ransomware: is a type of malicious software that locks your data, making it inaccessible. The attacker demands a ransom, usually paid in cryptocurrency, to unlock the data. It’s like a digital kidnapping of your information, often spread through phishing emails or infected websites.

The cost of ransomware is expected to reach $265 billion by 2031(Source: Ey.com)

Email Takeovers: As the name would indicate, this is when a malicious actor takes control of another individual’s email. Now the hacker can access confidential information within your inbox or pose as you and try to phish your contacts. The likelihood of successful phishing attempts increases since we trust those we know.

According to Experian, there are multiple ways email takeovers can occur. As previously mentioned, phishing scams are the most common cyberattacks. A fraudster might email their target and link them to a dummy site, have them enter their login credentials, and then gain access to their accounts. Other methods include data breaches where credentials are exposed and purchased from the dark web. There’s also a tactic referred to as “brute force attack” where a hacker will just repeatedly attempt commonly used passwords (Source: Experian.com)

The most common password is “123456” and is used by more than 4.5 million people (Source: Nordpass.com) Here’s a hint… don’t do that. That website includes several shockingly simple passwords, including “admin,” “test,” and you’ve guessed it… “password!”

Wire Fraud: Unfortunately following an email takeover, especially of a high-ranking employee, wire fraud can be committed. In one episode of the podcast Family Office World, Ron Diamond interviewed cybersecurity expert Jeremiah Baker. Baker recalled a story in which an attacker accessed a CFO’s email account. The hacker didn’t do anything at first, they patiently waited for months until the CFO set an out of office notification indicating they would be on vacation. The hacker then sent two wire requests from the CFO’s account for about $250K/request. First, the money was transferred to two LLCs within the United States, then immediately moved offshore, outside of U.S. jurisdiction (Source: Family Office World). Baker went on to mention that a lot of these cybercriminals operate outside of the United States, making it near impossible to hold them accountable.

Solutions

Training Employees: As mentioned earlier in the article, most cybercrimes are successful due to human error. This means it is vital that those working at your family office understand the risks and what to look out for.

Some organizations regularly train their staff by sending phishing tests to keep employees on guard and determine if some individuals need additional education. At the very least you should make it clear to never click links or download files sent from an unknown person.

Multi-Factor Authentication: This adds an extra layer of security by requiring users to provide multiple verification methods. For example, instead of just entering your password to access an account, you could elect to have a code sent to your phone. This prevents the hacker from gaining access in the event they steal your password.

Password Management: Strong and unique passwords are critical. In fact, it is recommended to use a “passphrase” instead of a “password” (Source: Okta) The phrase will create additional complexities making it more challenging for a hacker, while also making it easier for you to remember. Just try to avoid anything that might be easily identifiable. Also never reuse the same password on multiple accounts.

Email filtering tools: Automatically scan incoming emails for malicious content, such as phishing links, spam, and attachments containing malware. These tools can block suspicious emails before they reach the user’s inbox, reducing the risk of employees interacting with harmful content.

Data Backup: Regular data backups ensure that a secure copy of critical data is available in case of a cyberattack, such as ransomware, that results in data loss or corruption. By having up-to-date backups, organizations can restore their systems and data to a previous state, minimizing the impact of the attack and reducing the leverage attackers have in extortion attempts.

VPN: a Virtual Private Network encrypts internet traffic between the user’s device and the VPN server, providing a secure connection to the internet. This encryption protects data from being intercepted by cybercriminals, particularly when using public or unsecured networks. VPNs can also help hide the user’s IP address, adding a layer of anonymity and reducing the risk of tracking or surveillance.

How InvestHub can be part of the Solution

Rigorous Vetting Process: InvestHub’s curated marketplace for investment opportunities includes a thorough vetting process for potential partners and investment opportunities. This process reduces the risk of engaging with fraudulent or compromised entities, thereby minimizing exposure to cyber risks such as phishing and impersonation scams.

Secure Communication Channels: The platform can offer secure communication tools, ensuring that sensitive discussions and transactions are conducted in a protected environment. This helps prevent unauthorized access and data breaches.

Secure Digital Infrastructure: InvestHub leverages advanced technologies such as Artificial Intelligence (AI), Machine Learning (ML), and Distributed Ledger Technologies (DLT). These technologies help in creating a secure and transparent digital infrastructure, ensuring that sensitive information is protected from unauthorized access and cyber threats.

Distributed Ledger Technologies: InvestHub’s use of DLT offer several features that help prevent cybercrime:

  • Immutability: DLTs record transactions in a way that makes them immutable, meaning once data is written to the ledger, it cannot be altered or deleted. This ensures the integrity of the data, making it extremely difficult for cybercriminals to tamper with records.
  • Decentralization: Copies of the ledger distributed across multiple nodes in a network. This decentralization makes it harder for attackers to compromise the system, as there is no single point of failure or control.
  • Cryptographic Security: Transactions on a distributed ledger are secured using cryptographic techniques. Each transaction is encrypted and linked to previous transactions, creating a secure and verifiable chain of records. This prevents unauthorized access and ensures that only authorized parties can view or modify the data.
  • Smart Contracts: Self-executing contracts with the terms directly written into code. These contracts automatically enforce rules and execute actions based on predefined conditions, reducing the risk of fraud and ensuring compliance with agreed-upon terms.
  • Data Encryption and Privacy: DLTs can implement advanced encryption techniques to protect sensitive data. Additionally, transactions can be conducted confidentially, protecting the identities and details of the participants involved.

Conclusion

Make cybersecurity part of company culture. Not just a separate arm for IT to be familiar with, but everyone in the organization. Your employees are the first line of defense when it comes to cybercrime.

Always be mindful of who is sending you an email, text, or phone call. Also be aware of the potential risk of email takeovers, not just of your own account, but also trusted contacts sending you an email. When in doubt, consider calling your contact to validate what you received from them.

References:

Deloitte — Family Office Insight Series

Security Today — SecurityToday.com

IBM — IBM.com

EY — EY.com

Experian — Experian.com

Nordpass — Nordpass.com

Ron Diamond — Family Office World

Okta — Okta.com

About Konzortia Capital:

Konzortia Capital is a pioneering holding company and FinTech consortium dedicated to transforming the Private Capital Markets industry. We offer solutions for matching issuers with allocators, digitizing securities, and trading over-the-counter securities. We aim to create a more efficient, transparent, and accessible market for all stakeholders.

At the forefront of our innovative efforts is InvestHub, our flagship product. InvestHub is a game-changer, leveraging cutting-edge technologies such as Artificial Intelligence (AI), Machine Learning (ML), and Distributed Ledger Technologies (DLT). Through InvestHub, we are reshaping the landscape of deal sourcing, evaluation, and execution processes within Venture Capital, Private Equity, and Mergers and Acquisitions (M&As). This transformative approach ensures a more efficient, accurate, and dynamic investment process for all stakeholders, enhancing the potential for successful investments.

To learn more about investment opportunities with Konzortia Capital and explore becoming part of our cap table, follow this link.

The InvestHub Founder’s Circle Program

I’m honored to invite you to our Founder’s Circle.

The program is an opportunity for you to test out the InvestHub platform. We want you to become a beta tester!

Program Goals:

  • Build a collaborative community of early adopters.
  • Learn insights to identify and address potential issues.
  • Optimize user experience.
  • Refine features for a successful market launch.

Incentives for Participation:

  • Free Access: As a reward for your contributions, get 1 year of free access to the platform post-beta.
  • Premium Support: Priority support and troubleshooting assistance.
  • Recognition: We’ll feature you in InvestHub’s marketing materials, case studies, and press releases.
  • Networking Opportunities: Access to events or forums for you to connect and share insights.
  • Continued Collaboration: Invitation to join an Advisory Board or ongoing User Group to continue contributing to platform development.

Interested in joining?

Schedule a meeting with me here.

What financial strategies have you found most effective in achieving and sustaining wealth in your own life? Share your experiences in the comments below!

--

--

Walter Gomez
Walter Gomez

Written by Walter Gomez

1 Follower
2 Following

Walter Gomez, Founder & CEO of Konzortia Capital, is creating a platform to match issuers & allocators. It streamlines deal sourcing & capital raising with AI.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams