Cybercriminals are targeting the world’s wealthy: here’s how to protect yourself
A Standard Bank cybercrime expert shares tips and techniques for making sure you don’t fall prey to online fraud
There has been a staggering rise in the number of cyberattacks globally in recent years, and particularly since the outbreak of Covid-19. The digitalisation of every industry and the reams of data available online have created more opportunities for cybercriminals to go after valuable assets or information.
Cybercrime is increasingly being directed at wealthy individuals and family offices. According to a Campden Research study, more than a quarter of ultra-high-net-worth families, family offices and family businesses — those with an average wealth of $1.1bn (R17.5bn) — have been targeted in a cyberattack.
Such wealthy individuals are often more vulnerable than corporations because they take less robust security measures, says Alphus Hinds, chief information security officer at Standard Bank, CIB International. Cybercriminals use publicly available information to build a picture of an individual’s digital footprint, which is then used in a type of fraud campaign known as social engineering to manipulate users into providing confidential information.
These criminals can also gain access to personal or confidential information through phishing requests via apparently legitimate emails. These messages ask the receivers to click on a link that directs them to a spoofed website requesting confidential information, or to download an attachment that lets malware extract their banking credentials.
Business email compromise is one of the costliest types of online fraud. Hinds says wealthy individuals typically engage via email with multiple sources and often fall victim to hackers intercepting a thread regarding a transaction and impersonating the other party. The user may think the transaction is going to the intended party, but the money is actually transferred to an account controlled by cybercriminals.
The number of rogue mobile apps uploaded to popular app stores also has more than doubled in recent years. These apps are disguised as banking apps but in reality infect users’ devices with malware that harvests their credentials or lets criminals take over their devices.
Because SA is one of the top three destinations worldwide for phishing-related attacks, says Hinds, Standard Bank encourages its clients to remain vigilant when they receive emails or SMSs containing links, or when they are downloading apps.
Taking steps to protect yourself
Amid the proliferation of online crime, governments have had to act swiftly — but they often lack the required technologies or processes. They are, however, strengthening their stance through the introduction of data-privacy and cybersecurity legislation.
While such legislation provides some level of comfort, wealthy individuals must understand they are responsible for protecting their own information, assets and loved ones.
The implementation of a cybersecurity plan in this context might not be a task that you want to take on yourself. Specialist third parties understand that operating globally comes with a variety of risks. Threats in China are different from those in the US, for example.
- Ransomware: The past year brought a prolific rise in the scale and ferocity of ransomware attacks, to which wealthy individuals are not immune. At the heart of such an attack is the encryption of vital digital data, denying access to organisations or individuals until they pay a ransom to the cybercriminals in exchange for the decryption keys — or even to avoid the compromised data being made public.
- Phishing: Security controls must, of course, be proportionate to the level of risk, so it is important to consider what valuable assets and confidential information you want to protect, and how potential threats could affect you. A good way to start is to scan your inbox for phishing emails. Do not open them, and always be cautious when disclosing any information.
- Encryption: You might also want to encrypt any sensitive information you deem valuable, says Hinds. You may be familiar with multi-factor authentication, which ensures that only you can access your data. Enable it on all your devices and operating systems.
- Insurance: Cyberinsurance is another key cyberdefence tool at both corporate and individual level. Wealthy individuals must consider it as part of their cybersecurity strategy.
- Passwords: Many people use the same password across multiple platforms or a password containing personal information — or, even worse, both. Hinds says this makes them easy prey. Fortunately, password-less technology is now available. Users with a Microsoft account on Windows 10, for example, can opt for the Hello app, which uses facial recognition rather than a password to enable access to apps or platforms. Alternatively, password managers can generate a strong password that you do not need to remember. And never write your password down.
These may seem like basic security controls to put in place, yet most people do not use them. However, if you get the basics right, you will cut up to 80% of your vulnerability, leaving room to focus on advanced threats.
Wealthy individuals typically have third parties representing them, and it is important those third parties are secure. Find out how they store your information and who can access it. In addition, there are companies that perform third-party risk assessments on vendors to verify they are secure.
Standard Bank recognises that trust is one of the most fundamental client needs, says Hinds. It protects the information and physical assets of its clients via rigorous security strategies and multiple controls. Managing cyberrisk is both a technological and a boardroom issue: both the bank’s clients and the bank itself could be exposed if appropriate controls are not put in place — plus there is the risk of hefty fines under new legislation such as the EU’s General Data Protection Regulation.
Standard Bank’s multilayered security strategy involves both human skills and technology, and it uses antivirus software and technology to encrypt data, monitor emails for malware and phishing, and observe the behaviour of those who have network access. Experts at the bank’s security operations centre hunt proactively for threats around the clock with the assistance of artificial intelligence.
Threat detection and monitoring are critical, but so is being able to respond to those threats appropriately through a proper incident response plan, says Hinds. The Standard Bank mindset is to verify first before you trust the source.
This article was paid for by Standard Bank.
Would you like to comment on this article or view other readers' comments? Register (it’s quick and free) or sign in now.
Please read our Comment Policy before commenting.