Five Emerging Privacy & Cybersecurity Risks to Executives & High-Profile Individuals
In December, I wrote about six specific threats and vulnerabilities in 2021 that brought digital executive protection into the spotlight.
From malware targeting browsers to rampant C-Suite unemployment fraud and widespread discontent with data brokers and more, there was no shortage of new risks that helped validate to CISOs the many benefits of deploying our Concierge Cybersecurity & Privacy™ Platform.
As we flip the calendar, many of my peers have already laid out their predictions for the year to come. Gartner asserts that 2022 will represent a tipping point for privacy. The analyst firm expects “75% of the world’s population to have data privacy protection because of legislation by 2023.”
In addition, Experian is warning about an increase in attacks targeting cryptocurrency and non-fungible tokens (NFTs) as well as online gaming scams. Almost every cybersecurity company, analyst, and executive has a hot take on how to better secure remote and hybrid work.
Cybercriminals double-down on proven attacks while also deploying new techniques
Unfortunately, the threats and vulnerabilities of yesteryear will not dissipate simply because we’re now in 2022. They will instead persist alongside new risks to personal privacy and security that could become a threat to you, your families, and by extension, your business.
These five key emerging cyber threats will hit in 2022:
You can read other blogs to hear about the same regurgitated cyber-risks, but here I seek to go beyond the obvious.
- Attacks targeting authenticator apps – In response to the rise in account compromise and credential theft, both companies and individuals are increasingly using two-factor authentication to protect the integrity of applications. After logging in to a system with a username and password, mobile apps like Google Authenticator and Authy create a one-time passcode, which updates every 30 seconds, to verify a person’s identity before granting access to an application. While this does reduce risk, authentication apps are vulnerable, too because of weak master passwords or due to being locked down only using SMS (text message) authentication. In Q4 2021, the digital security company V-Key reported that most mobile authentication apps can be breached by malware. As such, expect cybercriminals, especially those targeting well-defended enterprises such as financial institutions, to increase their hacking attempts on software authenticators. Hackers know that just one successful authentication app breach could provide them with unfettered access to a treasure trove of invaluable data on thousands of companies and their employees.
- IoT denial-of-use attacks – According to McKinsey Digital, 127 devices hook up to the internet for the first time every second. Many of these Internet of Things (IoT) devices, like smart TVs, maintain a connection to their manufacturer through a single controller. For example, every “Brand XYZ” TV in the world communicates back to a single point of truth. So, what happens if that single point of truth is compromised with ransomware? One scenario, akin to a DDoS attack, would be for hackers to prevent every “Brand XYZ” TV from turning on until the ransom is paid. With the power to facilitate such widespread disruption, look for hackers to expand IoT denial-of-use attacks in the year to come.
- Cyber extortion of individuals – Cybercriminals have deployed ransomware such as Ryuk, Conti, and Purelocker to extort businesses for years. In 2021, hackers began to evolve from targeting large organizations to targeting high-profile individuals with greater frequency. Some attacks were direct on individuals, while others were the end result of a major data breach. In 2021, the UK jeweler Graff was hacked by a Russian cyber gang. This led to the personal information of some of the world’s wealthiest people being compromised. With personal wealth expected to grow $65 trillion by 2025, hackers are increasingly viewing the extortion of high-profile and high-net-worth individuals as very low on risk but extremely high on reward.
- CEO impersonations – Executive phishing protection has done little in recent years to slow down CEO impersonations that commonly lead to financial fraud. Thanks to data brokers and social media, cybercriminals now have access to so much personal information that they can craft highly-personalized messages that can trick both the most sophisticated software and cyber-aware colleagues into taking an action, such as paying a fake invoice. This is especially true when executive’s use their personal email that is not protected by the enterprise. As technology becomes more proficient at thwarting brand spoofing and business email compromise, expect hackers to continue to impersonate CEOs and other executives. Inky reports on how one Fortune 500 recently escaped a $3 million loss that would have occurred due to a CEO impersonation.
- Hackers for hire – In December, Meta released a report describing how hackers for hire were paid to spy on more than 50,000 individuals in over 100 countries. While details are sparse, there is reason to believe that such actions were driven by nation states. In the year to come, the commoditization of hackers for hire is likely to begin. This will enable threats like digital surveillance, eavesdropping and keylogging to scale, and organizations and individuals without nation state resources to afford such controversial services.
Digital executive protection from BlackCloak
There will be no shortage of risks to personal privacy and security in the year to come. Many attacks will be crafted to compromise finances, identities and reputations. A large number will be designed to move laterally into an organization with significantly more data and resources to breach or extort for ransom.
CISOs and high-profile individuals like you are turning to BlackCloak to help manage these risks and many others. Our Concierge Cybersecurity & Privacy™ Platform combines software and services to help spot and stop sophisticated cyber threats in your personal life. Using patented proprietary technology built specifically with privacy in mind, we help protect families, finances, and reputations from cyberattack, and stop hackers from moving laterally into organizations.
Visit our resources page to learn more about BlackCloak and how we help our clients attain peace of mind.