Download Our New Report: QRI Perspective On Vulnerability Management

Why Family Offices Partner With QRI

5th November 2023

Andy Miles
Why Family Offices Partner With QRI

Understanding the absolute need for and complexity of cybersecurity is illustrated and explained within the fundamental laws that govern our universe. There is no escaping them.

For example, biological laws that apply to living organic systems are now supplemented by digital laws that apply to data systems. They are not dissimilar. Take, for example, the Darwinian concept of ‘survival of the fittest’. The fittest, ablest, most adaptable, and most resilient organisms will survive and thrive; and the others will be confined to history. The same law applies to digital systems: only the most resilient will flourish rather than perish.

A further physical law worth considering is the second law of thermodynamics. This states that entropy (disorder) in an isolated system will always increase. It implies that, when left alone, all things decay; and that the only way to prevent decay is to actively (that is, from outside of the system) decrease the natural entropy by inserting additional resilience to decay.

Both laws are important to understanding the need for cyber and data protection.

Law #1: Darwin

Survival of the fittest is based on a system’s ability to succeed against its environmental threats. For digital systems, the primary environmental threat is the criminal. In the wider cyber ecosphere, criminals could be financially motivated individual criminals or organized criminal gangs; politically motivated nation states; or ethically motivated hacktivists.

Mostly, but not entirely, the primary environmental threat to Family Offices will come from financially motivated criminals. Why? Because as Willie Sutton supposedly said about robbing banks, “That’s where the money is.”

Today, and increasingly, there is a further environmental threat: the need to comply with national and international legal regulations. As a result, organizations are required to protect themselves from cyber criminals while ensuring that nothing they do contravenes growing and complex jurisdictional law.

The implication from Darwin’s law is that to survive and thrive, a Family Office’s cyber risk identification & management system must be resilient against cyber criminals while at the same time in conformance with and doing nothing to contravene legal regulations.

It’s a complex and ever-changing requirement that is best solved with expert help from a cybersecurity consultant/advisor supported by Family Office focused cybersecurity technology.

Law #2: Second law of thermodynamics

The second law states that, unless constantly renewed, all things decay. This applies to both IT infrastructures and cybersecurity defences. A standard consultant can help establish a defensible IT infrastructure, but unless it is continuously maintained, it will decay. Our second law will lead to a failure in our first law — inevitably. To prevent this, Family Offices need to go beyond employing a consultant to working with a cybersecurity partner.

This need for continuous maintenance and improvement in cybersecurity is increased because the threat environment is not subject to the same effect of decay. The criminal underground is constantly renewing itself to the extent that it naturally gets stronger while defences naturally get weaker.

Recent criminal ‘renewal’ developments include the emergence of ‘crime-as-a-service’ (allowing non-technical wannabe criminals to operate with advanced cybercrime tools), criminal access to military-grade hacking tools and techniques, the emergence of artificial intelligence (AI) hacking, malware and phishing aids, and the imminent loss of existing encryption through the arrival of quantum computers and/or AI techniques. There are more.

A Family Office can best counter these growing threats by using a cybersecurity platform — such as QRI’s Risk 360° — that has been designed specifically for the Family Office: a combined technology and advisory service.

In our next two blogs, we’ll take a deep dive into the two main areas of cybersecurity weakness: people and IT.

In terms of people, it is misleading to call your staff the weakest link — they are your strongest asset. But they are certainly the most attacked. We’ll discuss this: both how staff are attacked, and how they can be supported.

Your IT infrastructure will also be discussed. For example, there is a common misconception that the solution to all new threats is to buy a new security product. This can lead to a complex mishmash of overlapping solutions never operating optimally. And hardly worth the effort (and cost) if you haven’t got the basics of cybersecurity hygiene implemented from the ground up.

Until next time... But in the meantime, check out QRI — the trusted partner for cyber and data security advice and protection.