720-891-1663

Return to list of client alerts

Executives’ Personal Digital Lives are the Soft-Underbelly of Enterprise Security

Cybercriminals are attacking executives and board members in their personal digital lives. This adds additional risk to the enterprise, and is a problem that CISOs and security teams cannot solve.

Executives are the ideal target for attackers. They have access to the most sensitive information, often stored on their personal devices. Usually, they have access to the company’s financial accounts and their email accounts are perfect for business email compromise attacks.

Executives are often resistant to security controls that corporate IT would like (think of a recent ex-president who liked to tweet and would not use a government furnished phone).

According to a security firm that specializes in working with executives:

  • 39% of devices had malware,
  • only 59% had antivirus software on their personal devices,
  • 40% had their home IPs available for sale from brokers
  • 75% of personal computers are either totally unprotected or operating using default security settings,
  • and 68% were writing down their passwords on personal notebooks or storing them in their contacts on their phone.

CISOs are not empowered to protect their executives’ home networks, including their family’s devices. If it is hard to get executives to follow good security practices, imagine how hard it is to get their family members to do so.

What are some of the attack methods?

  1. Target authenticator apps that executives use for multifactor authentication
  2. Compromise personal IoT devices and use them to attack other more important devices
  3. Executive impersonation
  4. Targeted attacks – what is impolitely referred to as Whaling. Go after the big fish (yes, I know a whale is not a fish :). )

In a worst case scenario, they attack the executive’s family and use that as blackmail. Steal compromising pictures on their kids’ phones or compromising emails and texts. If the hackers what to extort you, collateral damage is not a concern.

If this is concerning to you and you want to create a robust executive protection program, contact us.