Q/A: Threat Pattern
A Q&A with M. Joseph Andrews, Partner of Threat Pattern
Q: We hear a lot these days about cyber security. Why should it matter for us?
Q: Why should a Family Office care?
Q: So what can be done to protect us and how do we get back?
Q: If some of these threats are coming from foreign governments, what are they trying to accomplish?
Q: What else are foreign governments looking for in a good target?
Q: So what does this mean for our readers?
Q: So what can a Family Office do from an organizational standpoint?
Q: Technology keeps advancing and we are changing the ways we save data and use this new technology. How can we stay ahead of these hackers?
Robles: We hear a lot these days about cyber security. Why should it matter for us?
JA: Just a decade ago, the idea of having your computer systems compromised overnight was a ludicrous concern. From a company’s perspective, there was a certain amount of comfort in the knowledge that a security guard at the front desk, cameras everywhere, and a team of lawyers who knew everything about IP protection would provide more than enough security. Today, many shadowy, hard-to-detect elements lurk in basements in places like Romania. They have breached billion-dollar companies and banks around the world. This brings into focus the notion of protecting the assets of families that own and operate companies or Family Offices.
You’ve probably also heard in the news that hackers penetrated America’s national defense system. While many would argue the response was a bit delayed, the Pentagon is now building a 6,000-person cyber security force. We no longer have a good grasp of newly emerging threats that continue to “catch us by surprise.” Large bureaucracies are rarely agile enough to respond when it matters most.
With our increasing reliance on technology and digital connectivity, recent high-pro le cyber-attacks on the front page of every newspaper raise questions that need answers. The inability to anticipate such threats is one reason that Edward Snowden, the computer expert who leaked classi ed information from the National Security Agency, went unnoticed for so long. Who are today’s hackers? Where are they? What is their intent? Do they have an end game? Are they inside your company? Maybe it’s the guy down the hall you would never suspect. Are they identity thieves looking to go on an Amazon shopping spree by using our credits cards? Are they looking to open up bank accounts and lines of credit under our names for more nefarious purposes? Or are these hackers sponsored by foreign governments who not only want to exploit our personal data, but also want to expose what we know, who we know, and what we do? Few could believe what happened with Sony, which had dramatic implications for cybersecurity. One key takeaway is the importance of being well positioned to detect a breach as quickly as possible and execute countermeasures before the intruder carries out his mission, whether it’s wreaking havoc to your systems, shutting it down, stealing information, leaking data, etc. Some of the leading research out there shows that the amount of “dwell time”—the time a hacker spends in your system before he’s discovered—is between six and seven months. And about two-thirds of the time, it’s the FBI that lets you know.
Some of your readers may have also heard about “white hat” hackers who are out there to combat the “black hat” or malevolent hackers of the world. I applaud their efforts to help keep the web secure and counter the bad guys. But in doing so, they are likely
to come across the same information you’re trying to protect. And they are likely gain insight into your weaknesses and vulnerabilities. So while I’m glad they represent a force for good, they have not been vetted and for all we know are stealing our information for use on a rainy day.