Close search

Proactive Cybersecurity: When Cheap Becomes Expensive

FOTechHub Annual Conference November 2023

In an era defined by the rapid evolution of technology, cybersecurity is as a paramount concern for businesses and individuals alike. For family offices tasked with safeguarding the financial interests of high-net-worth individuals, the stakes are exceptionally high. Yes, the attitudes remain overwhelmingly reactive…  In this panel hosted by Kristen Oliveri, experts Annmarie Giblin, cyber and privacy law attorney, and Paul Viollis, private client security and counter-terrorism expert, share their experience and thoughts on why a more proactive approach to addressing risks from AI and other emerging technologies to basic vulnerabilities can save a lot of headache. 

Understanding the risk

  • Cybercrime business rationale
    • Cybercrime is a $1.73 trillion business where sophisticated criminals often aim at affluent and prominent individuals, as this approach yields the highest return on investment.
  • Example: business email breach
    • Email is the easiest way to compromise your data. Attacks are common and costly with consequences encompassing a wide range of financial, legal, regulatory, and reputational challenges:
    • Financial losses go well beyond fraudulent transactions: bills for data mining, forensic analysis, and system audits can run into tens and hundreds of thousands of dollars. Cyber insurance is helpful, but policy sublimits on common claims may mean significant gaps in coverage.
    • Exposure of sensitive information and contractual breaches due to failure in notifying partners or customers in time may lead to costly and lengthy legal repercussions, regulatory scrutiny and fines, as well as serious damage to relationships with business partners, clients and family.
  • The case for proactive cybersecurity
    • The cost of reacting to incidents far exceeds that of preemptive measures. More importantly, cyber risks extend beyond data breaches, encompassing threats to physical safety. In addition, escalating regulations require robust security measures to avoid legal and financial repercussions. Preemptive threat mitigation can often stop and incident from happening, as well as minimise the damage. 

Mitigation, detection and response is one of the biggest tools we have to actually stop the bleeding following an incident.

What can you do to protect yourself? 

  • Cyber hygiene and being a steward of your data
    • Be mindful when sharing data, for example what terms and conditions you agree to when joining/using technology platforms, social media, AI engines, various games, virtual assistants, smart devices, etc. Use secure channels for business and personal communication. Encrypt sensitive data. 
  • Comprehensive vulnerability assessments 
    • These encompass a wide array of factors, including physical access controls, metadata risks, threat intelligence gathering including from the deep and dark web, and forensic checks for malicious software – which can go undetected for months – removing them and fortifying entry points. 
  • Counsel-guided policy and procedures 
    • Essential parts of a comprehensive cybersecurity risk framework, taking a data-centric approach questioning the legality, usage, protection, and deletion of data, and prioritizing the protection of critical data (“crown jewel data”). 
  • The intricacies of cloud security
    • Paul’s preference in zero tolerance for risk situations is proprietary servers with top-tier, preemptive monitoring. Where cloud services are used, the contract should address physical security, backup, and strategic data center location to mitigate risks, including natural disasters.
  • Cybersecurity insurance 
    • It is necessary, but be mindful of the limitations. To have a valid claim, you must fulfill the actions specified on the application and, as mentioned above, sublimits are often applied on common claims.
  • Staying on top of evolving regulations
    • New cybersecurity regulations reflect a shift towards national security concerns. These changes will impose new reporting obligations on businesses and require them to have preemptive measures in place. This means businesses must be prepared to report not only to specific industry regulators but also in compliance with broader national security demands.

From a personal standpoint, from a business standpoint, you have to be stewards of your own data, and you have to be mindful of how you’re sharing it and who you’re sharing it with.

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .