Cynthetic Systems Case Study

April 20, 2021

SCENARIO:

An employee at a family office received, what looked like a legitimate email. It appeared to be from the family office’s internet provider and the employee clicked on the link. This opened the ability for the attackers to grab the data of all HNWI’s in the database.

ATTACK:

Data theft of personal information. *Data theft is the act of stealing information stored on computers, servers, or other devices from an unknowing victim with the intent to compromise privacy or obtain confidential information.

RESPONSE:

Unfortunately, it took the family office close to 200 days to figure out there was a breach. One of their HNWI experienced identity theft and they were able to trace the breach back to the family office. The damage was done. The family office did not have a dedicated IT team to reach out to. They had configured their own firewall but had done it incorrectly. The family office had to follow state laws as they pertain to a data breach. Personal Identifiable Information (PII) and Protected Health Information (PHI) data require rigorous reporting processes and standards. They had to contact a Response and Remediation company to recover the data, after letting all their clients know about the breach. This cost hundreds of thousands of dollars. After the theft and breach, the family office contacted Cynthetic Systems to get their IT up and running the correct way. They began an extensive review of internal policies; they created a discipline procedure for employees who violate security standards.

IMPACT:

The family office spent over $200,000 in remediation, monitoring, and operational improvements. A data breach does impact a brand negatively and trust must be rebuilt.

LESSONS LEARNED:

  1. Companies must establish and train employees on the secure handling of emails and work-issued devices.
  2. Companies must understand that to have full protection they need to utilize and implement enterprise-level security.
  3. Companies must take steps to encrypt data wherever it is stored or transmitted. Employees should have a clear understanding of the importance of encryption and how to use it. 4. A 24/7, 365 days a year monitor, detect, and respond in real-time is imperative in modern organizations to prevent incidents, discover vulnerabilities, and reduce the impact of incidents.

ABOUT CYNTHETIC SYSTEMS

Cynthetic Systems is an enterprise-level solutions provider to affluent private banking entities, HNW individuals, VIPs, and family offices.

Security Operation Center (SOC) 2 Type-II Certified.

24/7/365 service with a fully staffed team of security engineers

Flexible deployment (cloud, on-premise, or hybrid)

Cybersecurity as a Service (Manage, Detect, Respond)

You May Also Like…