Skip to main content
Opens in a new tab External site

October 2022 / 5 Min Read

Targeting the Family in Pursuit of High-Net-Worth Individuals

 

High-net-worth individuals (HNWI) are pursued by cyber criminals due to their status within a large corporation, or their financial worth.

High-net-worth individuals (HNWI) are pursued by cyber criminals due to their status within a large corporation, or their financial worth. The home network often serves as a gateway to sought-after assets, and a successful breach may lead to the unauthorized disclosure of sensitive personal or corporate information. The initial foothold within this network is often obtained via devices used by family members.

For this reason, the family is a first line of defense against a cyber attack.

Social engineering, a manipulation technique used to perform malicious activities through human interaction, is the primary means of accessing the home network. Cyber threat actors are deceptive and patient, conducting reconnaissance to reveal family dynamics, online behaviors and personal facts. As an example, a threat actor may gather intelligence to design an email and domain resembling a child’s school. The actor then sends an email stating, “Please fill out the attached survey regarding remote learning.”

The survey is clicked. Downloads. Runs. An initial foothold is now established.

Wireless router attacks are much less common, but may also provide a foothold when the router is attacked from the wide-area network (WAN) side, or the side attached to the Internet. Once an attacker has infiltrated the home network, entertainment and internet of things (IoT) devices can serve as mechanisms to enable persistence, or the ability for the threat actor to re-obtain entry over time. Sometimes an attacker will breach a home network only to patiently linger until the sought-after data becomes available.

It is critically important for HNWIs to implement positive security practices in their own households. Children in particular are vulnerable. Just like running a fire drill, breach simulations can be run across scenarios. The school science fair, for example, provides a prime opportunity for a threat actor to approach a child in a trusting environment. Seemingly benign questions can actually reveal valuable information to aid a cyber campaign, and role playing these scenarios is invaluable.

More Like This

Featured Topics:
Cyber Resilience

Article
Use These Tips to Strengthen Your Role as the First Line of Cyber Defense

Article
Cyber Crime is Still Focused on The Art of Hacking Humans

Article
Zero Trust Adoption. Think Big, Start Small, Move Fast

Authors

Faisal Tameesh
Technical Director, Cyber Solutions

To #BeCyberSmart:

Limit social media exposure

Depending on your tolerance, it is advisable to avoid social media. Where feasible, less information is better. Refrain from sharing information regarding personal holdings, job title and connections to other companies. Be aware of privacy settings across all social media accounts. Train children to not disclose personal information and location.

Implement network segmentation

Isolate non-critical devices from high-value devices. Conduct routine inventory of what is running inside your home network. Minimize the number of devices online and ensure that every device is running the most recent versions of firmware/software.

Secure pass phrases and passwords

Ensure that every exposed service on every device is protected with a strong password, and preferably a pass phrase. Ensure that default passwords are changed when the devices are configured and see that access points utilize a strong password and are protected by at least WPA2-PSK for home networks.

You and your family members can make better decisions to make your interconnected world more secure, and ours as well.

← Previous Article
Cyber Crime is Still Focused on The Art of Hacking Humans

Next Article →
Use These Critical Steps to Help Survive the Password Game

Keep Exploring

Cyber Resilience

As part of Cyber Security Awareness Month, we’re exploring all of the ways organizations can build a sustainable approach to cyber resilience. For more helpful tips and insights, visit our Cyber Resilience hub.

Learn More

Disclaimer
The information contained herein and the statements expressed are of a general nature, not intended to address the circumstances of any particular individual or entity and provided for informational purposes only. The information does not replace the advice of legal counsel or a cyber insurance professional and should not be relied upon for any such purpose. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future.

General Disclaimer
The information contained herein and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.

Terms of Use
The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.