An estimated 30,000 websites are hacked
globally daily, with 43% of all cyberattacks
targeting small businesses. Such is the scale of
the issue that a cyberattack occurs every 39
seconds and costs $10.5 trillion each year.
Altoo, a Swiss wealthtech company operating an independent wealth management platform founded in 2017 by asset owners with years of experience managing multi-generational capital, empowers wealthy individuals and their families to consolidate and interact intuitively with their total wealth. Their advanced wealth aggregation management system is working to change the tide of cybersecurity threats with industry-leading systems and monitoring. Amongst its many pioneering features include three-factor authentication.
"The cybercrime industry is on a steep rise, as many studies show, and it is now a multi-billion market," says Stefan Thiel, CTO of Altoo. "With the Internet of Things, and an ever-increasing umber of devices reachable by the internet, from everywhere by everyone, the potential threats become even more manifold. Organizations must implement even more robust cybersecurity measures to prevent sophisticated attacks."
Re-imagining online wealth management security:
Altoo features highly encrypted communication and storage tools, a very fine granular and sophisticated authorization mechanism, intrusion detection, and advanced security vulnerability testing, to name just a few of its many security features. "Our platform is operated in a professional Tier3 data center in Switzerland with all the strict measures that protect physical access to our hardware," Thiel explains. "Additionally, our platform is produced and resides only in Switzerland, and we hire only people based in Switzerland, ensuring a higher level of cyberattack protection."
"We monitor thousands of emails daily and have a lot of phishing emails, of which our email filter catches 98%," says Thiel. "A few sophisticated emails that can bypass our systems are often to ITOps [IT Operations] by employees or seen by ITOps. These then help us improve our email filter rules continuously. We also have brute force URL scanning (attacks) on our platforms (https/443). The source IPs of such URL scans are banned after only a few improper requests to block extensive scans or misusage."
Ransom protection is a vital part of protecting a system from cyber attacks. "Ransom is usually also about stealing data and threatening to publish confidential data," explains Thiel. "That is why we only store sensitive data in an encrypted manner. Segmentation adds further hurdles for any ransom to spread. We have multiple network segments protected by inner and outer firewalls. Concepts such as "jump hosts" (hardened virtual desktops without access to the internet) protect access to sensitive infrastructure and data. Our different operating systems in different segments add further hurdles for any ransom malware to spread. We also have different communication services in different, separated locations to ensure communication with authorities and clients in case of a [partially] successful attack."
Protecting yourself online:
Thiel recommends that all online users follow a general checklist to protect themselves from cybersecurity attacks. These include:
• Having endpoint device security installed
• Not installing unnecessary applications, especially ones that are for fun.
• Exercise caution around freeware – one must understand the motivation/ how somebody earns his money; often, freeware is free because the user, his data or behavior, is the product they make money with.
• Stay updated – most serious products will update themselves regularly.
• Don't fall for any promises – most promises are so primitive; for example, you won't win a lottery if you do not participate. You won't inherit from unknown people. The sad thing is that people are still fooled by these phishing emails.
• Finally, keep offline backups of important data.
Thiel also recommends that those at the forefront of preventing cybersecurity stay updated with the latest threats by attending leading industry events. However, he cautions that they should be attended only by those who fully understand the industry. "Security is a major moneymaking business working with the fears of people that do not understand cybersecurity," Thiel explains. "Everything labeled security implicitly has a much higher price. Such conferences provide a very good product and service overview if you know and understand the threats in your situation and your protection needs. One of the key things that security providers do not tell you is that adding products and services to your dispositive is adding attack points (threat vectors), which you must consider. A good example of this was the 2020 cyberattack on SolarWinds when more than 18,000 customers installed malicious updates."