Category: Blog

There’s so much you can do with the Internet—the good and the bad. Cybercrime is so ruthless that experts predict it will incur $6 trillion worth of damages by 2021. It is the largest threat to every company, and one of the toughest challenges of mankind, created by mankind, for mankind.

The evidence itself is in the numbers. Do you think nothing could be worse than drug trade, terrorism or human trafficking? According to Cisco, cybercrime will be more profitable than the biggest illegal drug trades in the world combined. Give it a few more years, and even the most savage syndicates will turn to cybercrime to strengthen their networks—if they haven’t already. Cybercriminals are always two steps ahead—who knows what they’re cooking now?

As a key person in an organization, you have the corporate responsibility to prioritize safety and security—of the employees, finances, and data down to the last detail. You do this through security intelligence, a smart approach to protect your organization from all threats possible.

What is security intelligence?

Security intelligence is the real-time collection, analysis, evaluation and response of data generated from an organization through users, software and IT infrastructure.

By intelligence, we mean information that holds relevant value to your organization. The ultimate goal of security intelligence is to give significant insight to identify, prevent or reduce threats regardless of the size of the organization.

You don’t just collect information in retrospect; you have to know what is going on right now in all nooks and crannies of your network. Then you gather data from every source within your network, so you can compare and see patterns. With analytics, you can perform behavioral profiling and determine false positives. As soon as you have the right intelligence, you present your findings in a concise approach to the top-level management of your organization.

In simple terms, the information provided by security intelligence is laid in front of you. You may not know it, but there may already be a breach of security as you speak—and you’ll never spot it without proper correlation and analysis of data.

How is security intelligence applied?

You’ve heard it many times, but what exactly does security intelligence do? What is it good for? How is it so beneficial?

Here a few ways on how you can apply security intelligence to your business:

● Monitoring accounts

What are the odds of having a rogue employee? Even with pre-employment screening, an insider can be a threat. Security intelligence tracks the routine events of your users. It can look into activities and access permissions and alert you for any unusual behavior.

● Detecting fraud

Your company’s customer service department is the highest risk vector for fraud. How many users comprise the call center? Imagine all of them having access to clients’ accounts, credit card details, and personal information. This is a serious security risk, but not all internal network monitoring systems can look into this specific network in real-time. Security intelligence, in comparison, can dive deep into this area and detect unusual activity suggestive of fraud.

● Recovering compromised accounts

You want to prevent unauthorized access to your network at all times. However, the access itself is not preventable as the attacker enters all valid credentials of the original user. Security intelligence only detects the infiltration through changes in the routine events of the user’s login after the successful access. This will instantly alert your team so you can take immediate action.

How is security intelligence flexible?

Do you own a small business? Do you run a social enterprise? Security intelligence is not exclusive for business giants with a lot of resources, big budgets, and employees. Once you’re in business, there’s always competition.

With your competitors in the background, what can put your business at risk? Complacency.

And complacency opens the doors for security threats to break your defenses. Without security intelligence, you won’t even know there’s a breach going on already.

Open source intelligence and competitive intelligence are both beneficial for strategy-building and decision-making, but you still need security intelligence to protect your company from cybercrime. So whether you belong to a small or large-scale company, security intelligence is helpful.

There is no universal platform used for security intelligence; it’s not a one-size-fits-all approach. It’s a complex process and the approach done by one organization may not be effective for your own. The good thing is that security intelligence is flexible, and there is room for configuration. You can modify it according to your company’s risk posture and weaknesses. Utilizing the right approach identifies both internal and external threat data and transforms them into threat intelligence, forming the basis for making security decisions.

How does security intelligence provide insight?

Not all companies have their own analysts to perform security intelligence. In many organizations, third-party providers comprising of security intelligence experts trained in IT security do the service. In both cases, what matters is the accuracy of the results from which you derive insight.

Collecting the right information—sifting the relevant data from the less significant ones—is crucial in security intelligence. Do you know how much data you hold in your organization? You’ll be surprised how much big data you have stored in your networks. How do you deal with the overload? Security intelligence can help you make sense of the big data. A comprehensive insight will let you look at the big picture and guide you to make the right security decisions.

There is a need to add layers of defense to your organization’s network. This reflects on how you secure your assets, including business data, IT infrastructure and intellectual property. In turn, your ability to secure all these will reflect your organization’s reputation.

Security intelligence is more defensive than it is offensive. Fortunately, this approach is within reach to any organization who takes security seriously. This matters because as you innovate, threats become more sophisticated. As you read, enemies may be breaching your organization’s defense layers right now—utilizing complex measures to infiltrate your network in ways you have never imagined.

Can you stop them?

The new EU-DSGVO (data protection basic regulation) offers new approaches in connection with an occasion-related or holistic online risk management to protect privacy on the Internet or in online media (for example in connection with domain registrations, party donation lists, wealthy and rich lists) in the best possible way.

From practice:

Domain holder data are now not readily available online … until recently this was quite different.

With the new DSGVO, security managers now also have an additional means of pressure at their fingertips to have any unwanted critical content on websites, blogs and forums deleted. The “right to forgetting” and the associated deletion of (old) data records supports security officers in the context of the holistic support of wealthy persons.

The extent to which the deletion of data on party donation lists and so-called wealthy and rich lists is favoured by the DSGVO will have to be demonstrated in practice in the coming months and years. It is quite possible that in the foreseeable future there will be a precedent before an administrative court in this regard, in order to make a final judgement as to whether personal rights (also in connection with the protection of privacy and the like) have priority over the public’s right to information and disclosure.

The situation is similar in connection with the “right to official information embargo” for wealthy families and persons. In the past, authorities have often refused applications for information embargo if the addresses of the persons concerned had to be researched elsewhere (simply and quickly) on the Internet. In our opinion, this can and will change in the future if the security manager has completed the correct steps and measures before applying for an official information ban.

So much in a nutshell. We would be pleased to prepare an individual protection concept for you, taking into account the DSGVO special feature and our best practice approaches.

The EU GDPR gives individuals more rights and opportunities to have certain details and information removed from the Internet, for example. Whether this is always possible or advisable, however, requires a detailed examination of each individual case. Possibly one comes in the context of an individual impact assessment also to the realization that it might be better not to address a circumstances, in order so proverbially “not to arouse sleeping dogs”.

In order to be able to remove certain unwanted content from the Internet, one must (1) become aware that such content exists and (2) where it is accessible to everyone, as well as (3) who is the operator of a certain homepage, portal or blog. In this context, our established and proofed OSRINT procedure (Open Source Risk Intelligence) comes into play!

For Internet platforms or homepages hosted or operated outside the EU, it is certainly difficult, if not impossible, to enforce personal rights with reference to the EU GDPR. However, these portals hosted outside the EU are also subject to the new EU GDPR as soon as their offer/content is also directed at the European market; for example, a portal is also available in German or similar.
 
A first profit of the new regulation is certainly that it is now no longer possible to query the owner(s) of an Internet domain in this way without further ado. This also protects high net worth individuals (HNWI, UHNWI) who operate their own homepages or who have registered private and/or business domain names for themselves in the past.

In order for the domain registry(s) to release the domain owner data, a justified interest must be proven for each individual case; for example, an initiated dunning / insolvency procedure, own inquiry as domain holder / technical support or similar.
 
Furthermore, the EU GDPR has led to a veritable “blog death”. Numerous blog operators, who in the past also expressed criticism of the wealthy and “capital” as such and/or also published information from lists of the rich, party donations or the like, have in some cases completely taken their blog or their homepage off-line due to the new regulation. This, in conjunction with integrated online risk management, can be seen as quite positive.
 
Whether it is promising to address official and renowned homepage operators (BILANZ, MANAGER MAGAZIN, FORBES, WIRTSCHAFTSWOCHE…) in connection with party donations, total assets / wealth lists, salaries / income and the like with a request for deletion must be considered and evaluated for each individual case. The facts and starting situations where, in addition to the (frequently estimated) wealth / income, e.g. on wealth lists and/or the information on party donation amounts, private addresses are also listed appear to be extremely promising. In this context, one should at least enter into a dialogue with the respective portal operator in order to (1) find out what everything and where/how it is stored, (2) on what legal basis (what justified interest) the publication has taken place and (3) try to have the information (completely or partially) deleted with a reference to the EU GDPR.
 
In our understanding, in the context of the new EU GDPR, each person must now (theoretically / practically) be informed before the actual publication of their personal data about what is published in detail and where.
 
However, it may also be possible to use the favor of the hour in connection with the widespread “uncertainty or half-knowledge about the EU GDPR” and demand the deletion of complete data records with reference to the EU GDPR. It is well conceivable that homepage or blog operators tend at present rather to delete something (unchecked and without critical judgement/questioning) completely than to get involved in a legal and supposedly result open argument. 
  
Authorities must also submit to the new EU GDPR; in our opinion, there is also great uncertainty or ignorance about the new regulation. If in the past an attempt to block information in connection with the private registration addresses has not been successful, for example, it would be highly recommended to consider whether a new attempt should be made with reference to the new EU GDPR. Although the “fine” threat scenario will have no effect with the authorities, a possible complaint by the supervisory authorities could be brought into play.

An affordable and prefabricated solution created for new buildings and also for a retrofit installation in existing rooms in houses and apartments.

FAMILY OFFICE ELITE spoke with Sven Leidel, an expert for HNWI/UHNWI Risk Mitigation & Protection Strategies located in Hamburg, Germany.

FOE:
Mr. Leidel, although this is already your second interview with our magazine, please tell us again about your professional security background and introduce yourself to our readers!

LEIDEL:
I was born in 1968 in Hamburg, Germany and I am a German citizen. As a former member of the German military police, I have been dealing with the topic of protection and security since 1988. Today I am involved, as an honorary member, in various national and international security and professional associations in advisory and executive functions. I am a professional lecturer and trainer, facilitator and specialist author, security consultant and expert in the field of protection strategies for exposed individuals. I have gained extensive expertise from more than 25 years of industry and professional experience and I have operated in numerous foreign assignments and projects in Europe, North America, Latin America as well as parts of Asia. My longtime customers include many major national and international corporations and insurance companies as well as small and medium-sized enterprises, exposed private individuals, family offices and family foundations as well as entrepreneurial families and high net worth individuals. Last but not least, I am an author and editor of two books in respect of Travel Risk Management; see www.travel-security-handbook.com (English) and www.handbuch-reisesicherheit.de (German).

FOE: 
Your company provides Risk Mitigation & Protection Concepts for HNWI´s / UHNWI´s. Why do you call your “physical shelter concept” a SAFE ROOM and not a PANIC ROOM.

LEIDEL:
We have chosen SAFE ROOM for three reasons: (1) We feel, that SAFE ROOM meets the purpose and security aspect much better, plus the word “panic” sounds too negative in our point of view, (2) our exclusive technology and construction partner “Turtle Saferooms” is using the wording SAFE ROOM also in the company name and (3) the naming PANIC ROOM is often associated with the same name movie.

FOE:
That´s right, when I hear PANIC ROOM I am thinking automatically about Jodie Foster in the Hollywood movie “Panic Room”.

LEIDEL:
Most people do! At the end you can use both conceptualities; there is no right or wrong. We have decided, we do not want to sell a “Hollywood Horror Experience or Feeling” to our clientele, that´s why we use SAFE ROOM. What you see in the movie “Panic Room” is more of a bunker with thick steel, massive concrete walls and a high end technical solution (i.e. self-sufficient air conditioning, oxygen and power supply). Most of the time, the reality with private clientele and their SAFE ROOM solutions looks quite differently.

FOE:
What makes your concept so different?

LEIDEL:
We offer a proven “room-in-room retrofit installation solution” as well as a professional architectural solution for new buildings. With the know-how and experience of our technology partner, we are able to plan a SAFE ROOM already in the construction phase or use existing rooms in the house or apartment also as a SAFE ROOM. For example, you can rebuild and use an existing dressing room, that is close to the master bed room, as a SAFE ROOM. Optically the purpose of the room stays the same: A simple dressing room with all of your cloths. But if necessary, you can close the door(s) of the dressing room and it protects you against intruders, kidnappers, criminals a.s.o.. The beauty is, you can still use the dressing room in your day-to-day-routine for the purpose the room was originally planned and built. This concept gives us the opportunity to be efficient and costs effective, but it still meets the need for an individual and customized security and protection level; in our point of view the best possible price-performance-ratio.

FOE:
Your solution is not a bunker that protects against the next bomb or terror attack, right?

LEIDEL:
By far not … our standard SAFE ROOMS are not designed to withstand and resist a bomb attack or a siege for many hours or days by trained and heavily armed terrorists. In order to be also on the safe side in respect of those threats, clients then must invest hundreds of thousands of EURO/GBP/US$. Anyway, upon request we can also assist with those demands; it is all a question of money and availability. Generally speaking, it is our understanding, unless you are in a witness protection program or you have received massive threats from mafia or organized crime groups as well as from political, religious or otherwise motivated radical groups, you do not need a massive bunker or high end solution. The vast majority of our exclusive clientele is looking more for a lean solution with a good price-performance-ratio. Having this said, our SAFE ROOM solutions start at a little under EURO 10,000 for the very minimum version and solution.

FOE:
What is your solution protecting from?

LEIDEL:
Our SAFE ROOMS are protecting from violent intruders and criminals, as well as from kidnappers, stalkers or violent ex-life partners. The purpose of a SAFE ROOM is, to provide a safe retreat and to protect the home owners from physical harm until the police, law enforcement or the contracted security company has arrived. If you can trust the statistics, this means that a SAFE ROOM needs to withstand and resists the penetration effort and attempt from criminals for app. 15 – 20 minutes. In the meantime, help should have been arrived at your house in most cases.

FOE:
Who is a typical SAFE ROOM client?

LEIDEL:
If you are talking about the age of our clients, this goes by all ages. It could be the retired wealthy couple, which does not feel comfortable anymore to use physical defenses in case of an intrusion by violent criminals. It could also be the HNWI family, where the husband has to travel a lot for business and the rest of the family members are alone at home a lot. In addition, it can also be the successful mid age business couple, which wants to add another level of security while they are at home. So bottom line, you see that there is no typical clientele by age. It is more a question of the willingness to reach the next security level (on top of an existing CCTV and alarm system) or even the ability of the financial investment in the next security level.

FOE:
Does your SAFE ROOM concept also protect against bullets from handguns, rifles and automatic weapons?

LEIDEL:
Our standard solutions protect against 9mm, Magnum .44 and up to Kalashnikov 7.62. Nevertheless, if a client needs an extra level of protection, we can also secure the SAFE ROOM against higher and stronger calibers. Again, it is just a question of money and availability. To be honest, it is our experience that the resistance class 7.62 is sufficient in most cases. There is really no need to spend more money on higher resistance classes, if there is no real known threat need. At the end, the client will get what he or she is asking for.

FOE:
Are there any technical limitations or requirements from your end?

LEIDEL:
Not really, beside the fact that our collaboration partner Turtle Saferooms needs a minimum of two bearing walls in order to build in the room-in-room-solution. Other than that there are no real technical limitations or requirements from our end.

FOE:
Some interested persons might think: “We do not want all the conversion and construction dirt in the house (for several days)!”. How do you respond to this statement?

LEIDEL:
I totally understand, that most clients would like to avoid any disorders, inconveniences and impairments at their homes for days, like you experience when you i.e. convert your bathroom. In our case the whole process is very simple, fast and “pretty clean”. After assessing the threat and risk level and deciding which resistance class is reasonable for the SAFE ROOM, our technical experts will measure the room and create a 3D model with a special software program on the computer. All necessary materials and walls will be manufactured at the production site in Bremen. When all preliminary work is done, the technical experts will schedule a date with the client in order to build in the individual and prefabricated parts. Therefore, the team will arrive in the morning, build in all parts and leave already in the evening.

FOE:
Don´t you hope that the “Day X” will never come, where the clients have to use the SAFE ROOM?

LEIDEL:
Of course I do! But even if the client never has to use the SAFE ROOM, it is my experience that having a SAFE ROOM in the house creates kind of a peace of mind for the client and the whole family.

FOE:
Mr. Leidel, thank you very much for your time and the interview.

OSRINT – Open Source Risk Intelligence

Do you know, what kind of private information are available in public sources about you and your family members, which could be of a risk and used by criminals?

FAMILY OFFICE ELITE spoke with Sven Leidel, an expert for HNWI/UHNWI Risk Mitigation & Protection Strategies located in Hamburg, Germany.

FOE:
Mr. Leidel, please tell us about your professional security background and introduce yourself to our readers!

LEIDEL:
I was born in 1968 in Hamburg, Germany and I am a German citizen. As a former member of the German military police, I have been dealing with the topic of protection and security since 1988. Today I am involved, as an honorary member, in various national and international security and professional associations in advisory and executive functions. I am a professional lecturer and trainer, facilitator and specialist author, security consultant and expert in the field of protection strategies for exposed individuals. I have gained extensive expertise from more than 25 years of industry and professional experience and I have operated in numerous foreign assignments and projects in Europe, North America, Latin America as well as parts of Asia. My longtime customers include many major national and international corporations and insurance companies as well as small and medium-sized enterprises, exposed private individuals, family offices and family foundations as well as entrepreneurial families and high net worth individuals. Last but not least, I am an author and editor of two books in respect of Travel Risk Management; see www.travel-security-handbook.com (English) and www.handbuch-reisesicherheit.de (German).

FOE:
What is OSRINT?

Leidel:
OSRINT stands for Open Source Risk Intelligence. It is probably the most innovative way of identifying risks and critical content in respect of a specific target (person or company) in public sources. In order to be efficient in the most possible way, the internet search is done and supported by a 24/7 operating crawler technology. This advanced monitoring technology helps to identify and track personal data online in open sources, that might also be useful for criminals. In addition, experienced risk analysts work as ‘human filters’ to identify threats and sensitive details in public sources on a 24/7 basis. Another part of OSRINT is the removal of critical data from the internet and other online sources, or if a removal is not possible, the displace of such content. Especially in today’s world where media and online outlets can ruin a reputation in a matter of minutes, it is important to always be one step ahead and have the latest monitoring technology in place.

FOE:
Please tell us about a typical client case!

Leidel:
A family office is reaching out to us, asking for a confidential face-to-face meeting with one of their exclusive FO clients. The client asks us to find out, what kind of private and critical details are available in public sources about himself and his family members. All we get from him is his first and his family name; nothing else. Now it is our job to try to find out as much as possible about the target; pretty much the same way criminals would start in order to identify possible victims.

In one specific case, the HNWI did mention that he has already maintained a “low profile” for many years and he was sure that we should not be able find any pictures from him, no names and no pictures of his family members and maybe just a handful of companies that he is involved in. He did not even tell us how many children he has, nor any details in respect of his residence home and vacation real estates he might own. We agreed on 5 days of actual intense open source search from our end. Pretty quickly after starting the research, we found many critical details and put all the findings in a 45 pages’ written report. We ended up finding 27 pictures from himself, names and pictures of all his children and his wife, private addresses (residential and vacation), as well as 43 companies he and his relatives are currently involved in or he and his relatives were involved in in the past. You can imagine that the surprise was huge, when we presented the findings in a personal meeting. During the meeting we did receive the up order to conduct security audits at the residential and vacation houses in order to optimize the physical and electronical security measures and to assist in deleting critical details and information from public sources (internet). Since then, we are also monitoring the internet 24/7 with the latest crawler technology in order to make sure, that we identify critical details and content in the internet around the clock and automatically. This gives us the opportunity to react quickly and in a timely manner as soon as we (the crawler) have identified new critical content. Just recently we found out that his children did establish almost a handful new companies without consulting with their parents in the first place. Within the company registration process, the children made a mistake and used one of the family’s private address, which is absolutely not acceptable, because this is a weak point within the whole personal risk mitigation concept and strategy.

FOE:
Can you really delete all data from the internet?

Leidel:
Of course not! Some data and content can be deleted from the internet or from specific homepages and probably the majority cannot.

For example, a solution could be … in connection with a reputation management strategy, those data and content that is in the internet and cannot be deleted, you can try to displace this content on the internet by a so called “positive story telling technique”. This means that you create positive and non-critical content for a specific target (person or company) and strategically place it in the internet on existing homepages / platforms or you create your own new blogs and webpages. On those platforms where you have total control over the content, you can pretty much publish all kind of true or false/fake details that you want or that you need for your protection strategy. That way you create “helpful content” in order to be positively rated by Google, Bing & Co. Having this said, this means that your own non-critical content will show up within the search results on the first couple of pages at the search engines. Unwanted content and details will be pushed back on the pages 5, 6 or even further back. It is our experience that most criminals just take a look at the findings on the pages 1 – 4.

In addition, you can track the traffic on your own blogs and webpages; we call this “The Honey Pot Concept”. Which gives you a good first idea, who is looking for your client, what kind of keywords are used for the search, what is the main interest, where is the person located, a.s.o..

FOE:
What is a Honey Pot Concept?

Leidel:
Honey Pots are mainly used by IT security professionals in order to find out if hackers are interested in a certain IT landscape, where are they coming from, what kind of search and keywords are used, what kind of technology is used by the third party a.s.o..

Our Honey Pots are kind of modern traps. Like I already mentioned, we create blogs and homepages with a “specific real-fake content”, so people that are searching for a specific target (person or company) will get the search results within the search engine they use. As soon as they click on the search result, we are able to track their homepage visit and also their clicks and activities on the Honey Pot blog and homepage. We are able to see the country and city they are coming from, which online network they are using, how long they stay on the homepage, which additional content they have looked at and much more useful details. This is a risk indicator for us, that somebody is interested on specific information about a target. The information of interest could be the private address of the target, private activities / hobbies of the target and other critical details. In addition, you can spread false and fake details about a target, in order to blur the online traces and to make it more difficult for criminals to find real details and information in open sources. This is a very useful and effective protection concept.

FOE:
Why is it so important to know what kind of Details are available in the Internet?

Leidel:
It is our experience that criminals also look first in the internet and try to find out as much as possible useful details about possible targets and victims. The more useful details they find and the easier it is to get access to those details, the more likely it is, that criminals will pick a so called “soft target” for their criminal activities (kidnapping, burglary, blackmailing, threatening …).

The goal of a comprehensive personal risk management is to become a “hard target”, in order to be unattractive and not of interest for criminals.

You can compare this with the following:

You do not have to install a tons of physical and technical security at your house, like they use at “Fort Knox”. Your house just needs to be more secured than the neighbor’s house. Criminals are looking for quick and easy wins, with hardly no risks of failure.

FOE: Thank you very much for the interview.