The Future of Executive Protection is Digital
This article was originally written for, and published in, Threatpost.
As threats to an executive’s safety and security increase, organizations should look to digital executive protection to help reduce risks manifesting in both the physical and digital worlds.
Physical threats against executives are on the rise. Intensified by unprecedented societal tension, pandemic fatigue, and the economic crisis, corporate leaders are being confronted and assaulted, their vehicles vandalized, and their homes invaded.
A 2021 study by the Center for Protective Intelligence found that 33% of CEOs had received physical threats in the previous year, in addition to “backlash tied to extremism, racial justice, and political issues.” Additionally, 56% of CEOs who encouraged vaccination received physical threats, according to the same report.
Threats to company leaders have become so commonplace that executive protection is now a multi-million-dollar line item in some corporate budgets. Bloomberg News recently reported that in 2021, Meta Platforms, Inc. (aka Facebook), spent more than $15.2 million for expenses related to protecting CEO, Mark Zuckerburg, at his homes and on the road. In April, Coinbase announced its intent to hire security professionals with “counter-surveillance” and “tactical driving skills”.
Personal digital lives put corporate executives at physical risk
Physical protection is one thing. But an executive’s personal digital footprint is now the major facilitator of physical risk.
Consider this likely scenario: An executive’s personal email is hacked and his upcoming travel schedule is revealed. Due to his company’s pandemic workplace policies, he’s subsequently met by angry employees who protest and threaten him with chants and projectiles if their freedoms aren’t restored. The company wasn’t prepared because they had no visibility into the hack – they can only see what’s taking place within the company’s four walls – leaving the executive digitally and physically vulnerable.
That’s why it’s no longer enough to surround executives with physical guardrails and James Bond-like security detail. Companies spend millions to protect executives’ physical security and their digital lives at work, but they won’t truly be safe unless they are protected in their personal digital lives, as well.
Data brokers are a significant digital & physical threat
Digital executive protection is as much about preventing physical and digital threats as it is about being prepared to mitigate and respond. Today, one of the most common ways in which physical and digital attacks originate is through private information via online data brokers.
Data brokers capture and resell personally identifiable information ranging from emails, phone numbers, familial associations, geolocations, and home addresses to business records, browsing and search history, financial assets, social media posts, voting records and more.
According to BlackCloak research, 99% of executives have their personal information, such as emails, phone numbers, birthdays, and a lot more, on more than three-dozen data broker websites. The research, which aggregated and anonymized data from 750 executives, also found that:
- 70% of executive profiles found on data broker websites contained personal social media information and photos, most commonly from LinkedIn and Facebook
- 40% of online data brokers had the IP address of an executive’s home network
- 95% of executive profiles contained personal and confidential information about their family, relatives, and neighbors
- On average, online data brokers maintained more than three personal email addresses for every executive record
Using the scenario from above, it’s likely that the bad actor obtained the personal email address that was breached from an online data broker. Once the email address was connected to the executive, the attacker was likely to have gained access either by obtaining leaked credentials on the dark web or through social engineering. Without enterprise defenses tied to the personal email, the attacker is free to move around unnoticed, eventually gaining access to the work calendar, subsequently setting the physical altercation in motion.
Protect executives’ personal digital lives to reduce their physical risks
Executives’ personal digital lives have become the soft underbelly of enterprise security. Hackers now target the online privacy, personal devices and home networks of key company personnel as a means to breach the enterprise that they lead. It’s the path of least resistance.
Unfortunately, an executive’s personal digital life is also becoming the Achilles heel of their executive protection. Those wishing to cause physical harm or confrontation now begin by compromising an executive’s personal digital life, as well. Whether through a data broker, social media or a public profile, it’s not difficult to know where, when, and why an executive will be somewhere.
This is why the future of executive protection must be digital. If organizations and their most important people can gain greater visibility into both physical and digital threats before they manifest, then they can proactively stop them before any negative impact can occur.