Threats to Your Executives and Employees Today

According to a recent report, the COVID-19 pandemic caused a 600% increase in cybercrime. This dramatic increase is due in part to the rapid shift to remote work, which has created new opportunities for bad actors to target employees and executives as access points to critical systems and sensitive data. IBM’s 2021 Cost of a Data Breach Report states that compromised credentials were the most common initial attack vector in data breaches in 2020.

Here are some recent examples the damage that can be caused by compromised credentials:

  • Colonial Pipeline: Compromised employee credentials were used in a ransomware attack that disrupted operations of pipeline network that carries 45% of all fuel in the Eastern US.
  • British Airways: Compromised credentials used to access 439K that resulted in a £20m GDPR fine.
  • Swisscom: Compromised partner credentials used to expose PII of 800K customers, roughly 10% of the country’s population.

Most organizations don’t monitor the digital footprints of their employees until it’s too late, which can potentially cause significant financial and reputational damage to the organization, damaging your organization’s brand.

The risk is even greater with the executives and VIPs within your organization, as their information can be leveraged in many more ways than the average employee. Compromised credentials are just one example of threats to your executives today – their persona can be impersonated to convince employees or other colleagues to perform an action that is detrimental to the business. Even the mere existence of the executives can be used against them in the form of information being shared online.

Despite those risks, almost half (49%) of C-level executives reported that they’ve requested to bypass one or more security measures over the past year. And only 38% of business decision-makers think their C-suite fully understands cyber risk. These are indicators of just how much executives within organizations contribute to the cyber risk of those organizations.

In addition, organizations are susceptible to malicious campaigns working 24×7 to produce negative sentiment and disinformation – subjecting your brand to reputational damage, fraud and misuse – even if your company is taking all the right steps to protect its information.

 

Executive Cyber Protection: What is it?

Executive cyber protection is the process of mitigating risk and safeguarding executives and VIPs from emerging external threats across the surface web, deep/dark web, and in the physical world. It leverages a set of capabilities used to protect corporate executives, VIPs, and other high-value targets from digital attacks, including:

  • Doxxing: The practice of collecting and sharing someone’s personal information online, often with the intent to harm or harass them.
  • Impersonation: As the term implies, it’s the practice of pretending to be someone important (e.g., an executive) to gain access to the accounts or private information, commit identity theft, or induce others to perform actions (ie Wire Fraud).
  • Account Takeover: The practice of taking control of a user’s account (typically via compromised credentials) and using it to gain access to sensitive data or commit fraud.

Executive cyber protection can help organizations defend against these threats by providing monitoring and threat intelligence capabilities that can detect and respond to attacks before they do any damage. It can also provide remediation capabilities to help organizations recover from an attack and prevent future attacks.

Security teams are tasked with constantly monitoring for threats and ensuring that executives and their families are safe from potential harm. This can include keeping up to date on social media activity, monitoring underground forums, and being aware of protest gatherings or other events that could pose a threat. By staying vigilant and being proactive, security teams can help keep those they are protecting safe from harm.

Executives, and others with privileged access, are your biggest targets and when an executive’s account is breached, it can trigger shock waves throughout the organization. It’s important to consider a proactive executive cyber protection program to be able to mitigate risk and threats while also addressing attacks quickly.

 

Brand Protection: What is it?

According to a 2020 study, 70% of customers believe that brand trust is more important now than in the past, and 53% consider their trust in the brand key to deciding whether or not to purchase that brand. Securing and protecting your brand and everything associated with it, such as sensitive data, intellectual property, etc., has never been more important.

Brands today face constant threats from sophisticated threat actors and malicious campaigns that produce negative sentiment and disinformation – subjecting your brand to reputational damage, fraud and misuse.

Threats to an organization’s brand include:

  • Brand Impersonations: Impersonation of a trusted brand to trick victims into sharing sensitive information and credentials, transferring money, visiting a fake website and downloading malware, among other things. One study showed that, in the first half of 2020, there was a 381% increase in brand impersonations!
  • Intellectual Property Infringements: These include selling counterfeit goods through brand impersonation, using malicious SEO tactics to target brand names and leveraging phishing to gain IP access.
  • Website Defacements: Replacing brand content with content from the attacker, which can tarnish the brand image.

As is the case with executive cyber protection, your organization needs to consider a proactive brand protection program as well to keep the brand value, trust, and credibility intact.

 

Characteristics of Effective Executive Cyber Protection and Brand Protection Programs

Effective executive cyber protection and brand protection involve many of the same goals in mind – to identify and address risks proactively – before they impact your organization. Effective executive cyber protection and brand protection programs include the following characteristics:

  • Scalable: The program should provide the ability to expand as your organization needs expand to protect every brand, executive and VIP you have.
  • Automated: It should be automated, with continuous mapping and monitoring of your executives’ external digital footprints, as well as public sentiment and intent across social media, surface, deep and dark web, domains, email and more.
  • Real-Time Notifications: It should provide real-time alerting and prioritization of digital risks like exposed credentials, impersonation, personal and family data on the Dark Web, or potentially dangerous conversations on Social Media threats.
  • Customizable: The program should provide customizable threat models that adapt to your internal policies and industry.
  • Visual: The program should provide a holistic view of risk across your entire enterprise that can be easily understood and discussed with your executive team.
  • Integrations: It should provide built-in integrations with your provisioning systems, security tools, and response workflows.
  • Takedown Ability: While identifying issues is important, the ability to take down items on the surface web is also an important objective of executive and brand protect programs. It is not possible to remove items from the Deep and Dark web.

 

Conclusion

The greatest risk associated with your organization often resides with the executive leadership of your organization and your organization’s brand recognition. It’s more important than ever to protect both of those from being compromised. Consider adding proactive executive cyber protection and brand protection programs to your risk mitigation and data protection programs.

 

SCHEDULE YOUR FULL HALOCK SECURITY BRIEFING