Top 5 Security Threats in Financial Services in 2022

By Robert Mallernee, CEO, Eton Solutions

In today’s world, no industry is immune to cybersecurity attacks. From hospitals to logistics companies, businesses recognize the importance of proactively ensuring their data is kept secure.

The threat is especially pervasive for financial services firms and family offices, which take responsibility for maintaining the security of their clients’ sensitive financial information. A malicious actor exploiting an office’s vulnerabilities can wreak havoc on personnel and clients both. Family offices can be an enticing target for these attackers because they are often smaller businesses that don’t have the capacity for robust in-house security.

As with most things, the best defense is a good offense. Familiarity with the security threats businesses face can help company leaders proactively create a more secure environment and ensure their clients—and their clients’ assets and information—are protected from such threats. Implementing best practices for cybersecurity can guarantee that a business is doing everything it can to mitigate security incidents.

But first, as the Sun Tzu adage goes, we must “know thy enemy.” To that end, let’s look at the top 5 security threats for financial services and family offices in 2022.

Family Office Security Threat #1: Phishing / Email Compromise

Phishing, or deceiving company employees into divulging credentials, is a top security threat family offices will continue to face in 2022. Malicious agents pose as a legitimate email sender hoping that the recipient will be tricked into clicking an illegitimate link and providing their company login information, which is then intercepted by the attacker and used to gain access to the company’s internal services. As attackers get better at camouflaging their emails as credible, employees must get better at detecting suspicious communication and ensuring they only enter their credentials on verified sites.

In 2019, almost 50% of phishing attacks were in the financial sector. Family offices are especially prone to this type of cybersecurity attack because it’s truly a case of “only being as strong as the weakest link.” It just takes one employee sharing their data with a bad actor for the entire company network to be compromised. Often, attackers will comb through social media accounts or public information about their targets to tailor their phishing emails to a specific person. A look at a family member’s Facebook page and Twitter account combined with press releases or other publicity about a family’s business can enable malicious actors to craft a targeted email that sounds credible, even to the most security-savvy user.

One of the significant risks that a family office faces is the requirement to communicate high-value information bidirectionally with family members over whose mail and other accounts the office has little or no control over. Messages that credibly impersonate family members, or worse, come from a compromised family member account, are particularly difficult to detect and highly dangerous.

Family Office Security Threat #2: Data Theft

Data theft is a major threat facing family offices in 2022. While data theft can be one component of a ransomware attack, where the goal is direct financial gain, the primary purpose of data theft is to gain access to data and then use or sell the obtained information. For example, a malicious agent may steal customer credit card data from a large retailer and then sell that information on the dark web to other bad actors who try to purchase things with the stolen card data.

Family offices can be victims of data theft when an attacker gets access to sensitive client information. Since family office clients are UHNW individuals, there is a lot at stake: if bad actors can get enough information to transfer funds, drain accounts, or even pose as the UHNW individuals to execute more elaborate business transactions, families can lose significant amounts of money quickly – especially if the office doesn’t realize there’s been a breach until it’s too late.

The quick pivot to virtual work that most offices were forced to navigate with the unexpected onset of COVID-19 restrictions increased the risk of data theft. Most family offices weren’t prepared to transition to remote work, and personnel had to quickly become fluent with computer programs and online systems they’d never used before. While the shift to entirely virtual processes allowed these offices to continue their work uninterrupted, it also made them more vulnerable to data breaches. Employees with little or no training on cybersecurity best practices were thrust into an online world containing significant amounts of confidential information and sensitive data.

Family Office Security Threat #3: Malware Attacks

Malware is one more security threat that relies on deceiving individual employees or customers, like phishing. Staff and clients may both be tricked into installing malware onto their business or personal devices. One financial services firm found that 39% of clients already had active malware on their devices when the firm onboarded them to their system! This finding suggests that family offices likely already have clients who are victims of malware, with their personal information, intellectual property, and financial data being actively stolen from their own devices.

External attacks may come in many forms. One study found that 94% of attacks in the financial sector used one of these four methods: SQL injections (SQLi), Cross-Site Scripting (XSS), Local File Inclusion (LFI), and Object-Graph Navigation Language(OGNL) Java Injection. Zero-day attacks like the seen tail hackers taking advantage of the vulnerabilities in a technology product, and they are by no means explicitly targeted at family offices. Smaller specialized companies without strong in-house IT or vendor management functions are often significant victims. They may not be in touch with up-to-date IT industry awareness or even have complete knowledge of all the software their business uses.

Family Office Security Threat #4: Ransomware

When ransomware originated, most attacks targeted large, global corporations responsible for massive amounts of data – consumer data and internal corporate data. However, as the types of ransomware available to malicious agents have increased, ransomware targets have expanded to include smaller and mid-sized businesses, often failing to institute top-tier cybersecurity practices due to the cost and scope requirements for an in-house cyber security operations center (SOC).

While the specifics may vary, ransomware attacks involve encrypting or removing a company’s data, blocking staff access to data core to the business. Often, the attacker promises to release or return the data once a ransom payment is received (typically via cryptocurrency). Still, there is no guarantee the attacker will do so or that they didn’t copy the data to be used even once it’s been released.

It’s easy to see why family offices can become targets for ransomware: they possess valuable financial data about their clients. Even if a family office has a recent backup of data, the attacker can threaten the office with leaking client information on the dark web, leading to more security breaches and reputational damage.

Ransomware threats against the financial sector are rapidly rising: from February 1, 2020, to April 30, 2020, the financial sector saw a 238% increase in ransomware attacks. The trend continued into 2021, with the first half of the year seeing a 151% increase compared to the same period in 2020. There’s every reason to believe the upward trajectory will continue and that financial services firms, especially family offices, should be prepared to defend themselves against the threat of ransomware.

Family Office Security Threat #5: DDOS

A Distributed Denial-of-Service, or DDOS, attack occurs when malicious agents overwhelm a company’s server with fake connection requests. The server becomes clogged, and legitimate business actions cannot be completed, possibly forcing the server offline entirely. Financial institutions are prone to DDOS attacks because they frequently incorporate payment portals, customer accounts, and integrations with other financial services institutions. A bad actor can impact several services and companies by initiating a DDOS attack against one of these entities. Family offices may rely on smaller servers and outsourced cybersecurity teams (or worse, none), positioning them as easier targets for DDOS attacks.

When a company is a victim of a DDOS attack, it may be forced offline until it can set up an alternate server. Some attackers will offer to stop the attack if a ransom is paid, and other attackers may use the DDOS to distract the security team while launching a different type of cyber assault. In 2020 and 2021, the finance sector was the 3rd most targeted sector for DDOS attacks. One recent example is the “Fancy Lazarus” DDOS Extortion campaign, extending the previous “Lazarus Bear Armada Campaign.” In this attack, malicious agents launch a DDOS against a financial services institution and then threaten to launch a more severe attack if the company doesn’t pay the attacker in cryptocurrency.

Proactivity is Key to Prevention

With the amount of money and data in play, the financial services sector will always be a target for security attacks. Family offices are especially vulnerable since they’re less likely to have an in-house world-class cybersecurity team. Yet they’re still responsible for managing large amounts of cash and other financial assets. These factors explain why 26% of family offices have suffered a cyberattack. As the domain of family offices expands to include more responsibilities (and more data), these attacks will only increase.

Partnering with a family office SaaS provider, like Eton Solutions, that is secure, industry-certified, and supported by a dedicated SOC team is the best way for SFOs and MFOs to protect themselves from cyberattacks. Not only can a top-class family office software provider’s infrastructure ensure that SOC2 compliance and other regulatory or contractual obligations are met, but a truly elite platform should also provide:

  • Managed security services, including handling patching, maintenance, and security vulnerabilities
  • Flexibility that accommodates different security needs of different clients
  • Inheritable maturity that complies with industry security standards
  • Cloud-native security that allows sophisticated authorization and access protocols
  • Employee and client education about phishing, targeted social engineering, and device security

While it’s impossible to protect 100% against all potential cyberattacks, investing in a partnership with a sophisticated and robust family office software platform can provide family offices with the best possible protection and give them peace of mind that their clients’ data is secure. When companies choose a software system with a proven track record of top-tier security, like AtlasFive, they can rest assured that their clients’ sensitive financial data is protected.


Please enter your comment!
Please enter your name here