How Your CEO’s Personal Brand is a Cybersecurity Liability
Today’s visionary executives know that having a strong personal brand can also have a big impact on the perception of their company brand.
Elon Musk, Jeff Bezos, Richard Branson, and Bill Gates are household names. So strong is their personal brand that it’s inseparable from their companies. Bezos is Amazon, Branson is Virgin, Musk is Tesla, and so on. Credibility, trust, customer loyalty, talent acquisition, and stock prices flow from their achievements, accolades, and even their foibles.
But just as an executive’s brand can help the company, it can also hinder it – especially if it has been compromised. These CEOs may intrigue us for their creativity, innovation, vision, and success but they also attract a darker element – malicious cyber actors.
Executives are a soft target for cyberattacks, and a corporate liability
According to the recent Verizon Data Breach Investigations Report (DBIR), C-suite executives were 12 times more likely to be targeted in cyberattacks. Why? Executives represent a huge potential payout for attackers. In fact, 71% of C-suite cyber attacks were financially motivated. They also have high-level privileges and access to valuable information that could be exploited.
This may not be news to most CISOs or security leaders. It’s why they invest thousands of dollars in protecting digital assets including laptops, networks, and applications both inside and, now with COVID, outside the four walls of the business.
But these investments are not enough. Tools such as VPNs, endpoint protection, firewalls, and anti-virus software may keep executives safe when they use company tools, but they fail to protect them where they are most vulnerable – on their personal devices, personal email accounts, and social media.
This is a massive weak spot in any company’s cyber armor. Unprotected and unmonitored by a cybersecurity team, executives and the companies they lead are at risk. After all, it’s much easier for a threat actor to go after a home network or personal device than target a hardened endpoint within corporate walls and under multiple layers of controls.
Battles are already being fought
The numbers show just how vulnerable and exposed executives are. When onboarding our own clients, we found that 75% of the personal devices used by executives are leaking data due to improper privacy settings, 87% of personal cell phones and tablets lack security software, and a whopping 39% of personal devices are already compromised with malware.
As the lines between the executive’s personal brand and the business’ brand become blurred, the fall-out of any attack can be significant.
For example, personal information can be exploited on the dark web and made freely available for social engineering attacks against the company. Likewise, embarrassing information about that executive could be leaked – casting a bad light on the business. Other risks include the theft of confidential information or intellectual property that the executive may have stored on a non-work device or email account.
In 2018, Amazon CEO, Jeff Bezos, famously fell victim to a cyberattack on his mobile phone that resulted in the leak of embarrassing photos and text messages. This was despite having the advantage of a huge IT and cybersecurity infrastructure to protect his digital business assets. Password reuse on different accounts may have been to blame for the incident – something CISOs have no way of detecting.
More recently, the Twitter accounts of influential CEOs and public figures including Bezos, Bill Gates, Elon Musk, Joe Biden, Barack Obama and many others were hacked and taken over in a bitcoin scam. Because these personal accounts are paid attention to and often speak for the corporate brand as well as the individual, the hack served as a reminder of how vulnerable personal social media accounts can be to fraudsters – and how their companies, by association, are held accountable for the reputational clean-up.
Protecting the executive to protect the company
As the personal and professional lives of these executives have become frictionless, it’s no longer enough for companies to roll out security controls to corporate devices and consider the job done. CISOs need a plan to protect their executives, board members, data, and the company reputation outside of corporate walls – 24×7. But they must do so while being mindful of the executive’s need for privacy.
It’s a tricky balancing act. CISOs already have enough on their plate and they can’t simply extend company protections into personal lives. Yet they must find ways to measure the scope of the risk posed by this new attack surface beyond their purview and adopt a new model for personal executive cybersecurity and privacy that gives everyone the peace of mind they need.
Cybersecurity for executives in their personal lives can no longer be considered an afterthought.
Download the whitepaper “Executive Protection at Home is the Major Gap in Cybersecurity” to understand:
- the latest research on the state of personal cybersecurity & privacy for executives and key personnel
- the risks it brings to the company both from outside threats and invading privacy of the executives
- what you can do to mitigate the risks