This story is available exclusively to Business Insider subscribers.
Become an Insider and start reading now.
- Boutique concierge cybersecurity firms are now catering to the rich and famous, protecting their private lives — and fortunes — from hackers.
- “The home is the new battleground” in cybersecurity, experts say – and lavish homes filled with connected devices are highly vulnerable.
- These boutique firms will also provide their clientele with cybersecurity insurance to protect against ransomware – a service that many companies didn’t even have a few years ago.
- Having a $50 million net worth or more is the minimum to become a client, one firm says.
- Visit Business Insider’s homepage for more stories.
An heiress kept getting outfoxed in a legal battle. No matter what detailed strategy she and her lawyers took, the other side seemed to somehow anticipate it perfectly. Millions of dollars were at stake.
No amount of preparation could outpace her adversaries. The heiress worked with her attorneys, corresponding on her laptops, the iPads she kept beside her several pools, even the old desktop in one of her homes.
Wait a minute — maybe they’re reading our emails, the heiress thought.
She brought in Aristo Cyber Defense, one of a new breed of boutique concierge cybersecurity companies that specialize in protecting the personal lives of the rich and famous from hackers.
The old desktop computer had a sophisticated piece of malware barnacled to it that was sending data from her network to an external computer system, Aristo discovered and explained to Business Insider.
Welcome to the new cybersecurity arms race between criminals and the ultra-rich being fought one mansion at a time.
Cybercriminals are targeting the homes of CEOs, movie stars, billionaires, and professional athletes, whose lavish residences are often filled with unsecured laptops, tablets, smart phones, and Internet of Things devices. Especially as they’re hunkered down in their vulnerable mansions during the pandemic, the mega-rich are fighting back with concierge cybersecurity firms that are setting them up with defenses formerly reserved for regulated companies and small nations, several firms told Business Insider.
“The home is the new battleground, and for corporate executives and high-wealth individuals, that means intrusions into their personal lives and their family life,” says BlackCloak CEO Chris Pierson, whose startup focuses exclusively on concierge cybersecurity for powerful people’s private lives.
In new research BlackCloak has found that 39% of the rich and powerful are “already compromised,” with either malware on their home devices, or cameras in their homes unsecured by any password at all.
Mike Janke, a veteran cybersecurity investor whose DataTribe VC firm invests in BlackCloak, says the firm is addressing an increasingly important issue: “Why try to attack the crown-jewels of Exxon when you can get in the CEO’s device in his home and on his home network?”
Other data also backs up this trend. Verizon’s hallowed Data Breach Investigations Report – the most respected annual threat report because of the telecom’s vast access to data – found that cybercrime on executives was one of the top trends in security last year, with social engineering scams 12 times more likely to hit executives than other workers. There’s also been an increasing in “whaling,” a more tailored form of phishing attack wherein hackers specifically target high-ranking executives with emails that appear to be from a close contact. “Typically time-starved and under pressure to deliver, senior executives quickly review and click on emails prior to moving on to the next (or have assistants managing email on their behalf), making suspicious emails more likely to get through,” Verizon found.
This week a top cybersecurity firm, managed services firm, and insurer banded together to provide wealthy individuals something not even most businesses thought they needed a few years ago: Cybersecurity insurance in case they are hit with ransomware.
Aon, a professional services firm, expanded its Cyber Secure Select service to include cyber insurance for “high net worth individuals and executives” (the company says its customer base begins at about $1 million in net worth for Cyber Secure Select and at around $50 million for its top services). Aon is working with Aspen Insurance and consumer cybersecurity company NortonLifeLock to provide the service.
“A personal data breach can lead to extortion, financial loss, and a multitude of other related costs,” says Christian Hoffman, the CEO of Aon’s Cyber Solutions in North America.
Cybersecurity insurance wasn’t purchased by most companies just a few years ago, but ransomware changed that. Now mid-size and even small companies often invest in protection in case a criminal gang shuts down their operation – and threatens to post their data publicly.
Ransomware extortion – in which criminals steal files and post them unless their ransom is met – has spilled celebrity secrets already. In May the ransomware gang REvil dumped a trove of legal documents, which exposed, among other things, contractual squabbling between Madonna and Jay Z, an agreement between Lady Gaga and SoulCycle not to discuss her workouts, and documents that showed how a former reality TV personality who worked with Trump was trying to cash in on the presidential campaign.
BlackCloak and Aristo shared other examples of the wealthy being hacked at home that are as captivating as any jewel heist — and one story actually featured one:
A jeweler for the stars in Los Angeles fell for multiple phishing emails that installed malware on his devices so that criminals could monitor his correspondence with celebrities. When clients emailed that they were wiring funds to his account in payment for a ring or bracelet, the criminals jumped in with a look-alike email that substituted their own banking numbers and grabbed the loot – around $100,000 total, Aristo says.
In another case, a retired CEO set up a trading room in one of his homes so he could watch his investments and markets on flat screen televisions. Like many mansions, the home was monitored with webcams, including one that looked directly at the computer used to make transactions. With no password whatsoever, the camera exposed a view of the ex-CEO’s trades to any hacker clever enough to break into it. BlackCloak says it will never know if any hacker did before the firm helped the exec add more security.
“We have hundreds of those stories,” says BlackCloak’s Pierson, a former chief privacy officer at the Royal Bank of Scotland.
An NFL team asked Aristo about its services, and the cybersecurity firm asked if the team wanted to especially protect its playbook from corporate espionage from rival teams. The team’s representative laughed: “Everyone has our playbook,” Cory Swartzbaugh, the company’s VP of cyber wealth management remembers the rep saying. “We just want to keep hackers out of the owner’s address book.” (The team didn’t specify why.)
Some of the stories are chilling. Both BlackCloak and Aristo found malware on the laptops of children in homes, in which photos or videos of the children were being taken and sent back to hackers.
How much does boutique, white-glove, concierge cybersecurity service cost? Aristo says some of its services cost $3,000 per device annually – which can add up if you have an iPad beside every pool, like the heiress.
For Aon, it may be a case of “If you have to ask, you can’t afford it,” considering that a spokesperson told Business Insider that the firm does “not release premium numbers publicly.”