By Jana Whitcomb

Companies and their executives are increasingly in the crosshairs of highly motivated cyber attackers who see business leaders and their families as the path of least resistance into the corporation. With AI enabling faster, more realistic creation of deepfake impersonations, social engineering, and phishing campaigns, such attacks are steadily on the rise, causing tremendous financial, reputational, and personal harm to executives and families. 

To help offset the risk to companies and individuals, BlackCloak and Calian are joining forces to bring comprehensive Digital Executive Protection to enterprises across industries.

As part of our partnership, I recently sat down with Eric Barkman, Calian’s Vice President and General Manager of its Cybersecurity Solutions Group, to explore the risks facing companies and discuss how our joint efforts will provide the guardrails they need to protect their leaders – and the bottom line.

JW: A rising number of attacks target corporate executives and their families in their personal lives to penetrate the enterprise and cause financial or reputational harm. What is your team seeing along these lines? Are your customers increasingly seeking help with Digital Executive Protection (DEP)?

EB: Our team continues to see a rise in threat actors targeting not only corporate executives but also their families – especially teenagers and children – as an extension of the attack surface. By exploiting their personal devices, home networks, and social media activities, threat actors can create a profile of an executive and use that to penetrate the organization, conduct social engineering, or launch extortion schemes. Recent examples include instances where executives’ credentials appeared on the dark web and were used to conduct targeted phishing attacks leveraging personal information, as well as attempts to infiltrate poorly secured home home networks.

Calian customers often request monitoring focused on executives’ corporate activities, but many still overlook the need for comprehensive Digital Executive Protection that extends to business leaders’ personal lives, their families, and home networks. This gap represents a growing risk vector that organizations must address proactively to strengthen their risk posture and ensure executives and their families are safeguarded.

JW: What are some surprising ways you’ve seen threat actors carry out attacks successfully?

EB: In most cases, the weakest link is the ‘human firewall.’ Many executives often work remotely or have busy travel schedules. With the amount of personal information that can be easily found online, the blending of individuals’ personal and professional lives gives cybercriminals a pathway to the enterprise. While not necessarily surprising, business email compromise (BEC) remains one of the most effective attack methods, with hackers infiltrating trusted email threads between executives, partners, and vendors to conduct nefarious schemes. Specifically, spear-phishing campaigns targeting executive assistants, who often manage sensitive communications but tend to be less closely monitored, represent a major exposure point for companies.

Additionally, mobile-based attacks, including SMS phishing – particularly during holiday periods when users are flooded with promotional messages – are another common method used by cybercriminals. We’re also seeing a rise in supply chain attacks, with compromised vendors being used to manipulate invoices or initiate fraudulent financial transactions.

Beyond these operational vectors, attackers are increasingly using social engineering techniques such as credential theft, doxxing, malicious geolocation (to target individuals’ physical locations), and deepfake voice or video calls to impersonate executives or create fabricated emergencies. AI only exacerbates this issue, enabling attackers to exploit publicly available personal information to launch increasingly realistic campaigns more quickly than ever before. 

JW: Where do you see the most critical gaps in protection that companies struggle to address?

EB: One of the most significant areas of risk is the lack of monitoring and security controls for personal mobile devices, commonly used for both personal and work-related communications, and often targeted by cybercriminals. Additionally, insufficient implementation of multifactor authentication (MFA) and continued reliance on weak or reused passwords across both personal and corporate accounts amplify exposure, as does limited cyber awareness training provided to executives’ families. Unfortunately, family members are often unaware of threat actors’ tactics and how their online behavior can increase risk and potential harm, and they don’t take appropriate steps to minimize their digital footprints. 

JW: Are there particular industries where these security gaps and attackers’ increasingly sophisticated methods are having a significant impact?

EB: Finance and healthcare are heavily targeted – and increasingly vulnerable – industries, due to the exceptionally high sensitivity and value of their data, combined with financial constraints and workforce reductions. When attackers access their customers’ financial records and combine them with personal health information, they can execute sophisticated fraud schemes, identity theft, and extortion. 

Government organizations and high-ranking officials also face elevated risk. When senior leaders or their families are targeted, attackers may gain access to confidential information or exploit personal details for espionage, political leverage, or reputational harm. Cyber incidents in these sectors extend well beyond financial loss, impacting national security, public trust, and organizational stability.

JW: Why did you choose to partner with BlackCloak? How will this partnership help Calian and your customers?

EB: Our partnership with BlackCloak extends the protection we provide beyond the corporate perimeter, addressing personal risk vectors that threat actors increasingly exploit. BlackCloak’s DEP platform is specifically designed for high-net-worth individuals, executives, athletes, and celebrities – providing personal cybersecurity protection for them and their families. 

DEP is an area that traditional IT and security teams cannot effectively cover due to privacy boundaries and other limitations. For example, if an executive is the victim of an attack, the last thing he or she wants is the CISO getting involved in their personal lives. BlackCloak’s approach maintains individuals’ privacy and confidentiality, which is critically important to Calian and our customers. By partnering with BlackCloak, we are delivering a comprehensive, end-to-end approach that protects both the enterprise and its highest-value targets – their executives and their families – while maintaining trust and privacy.

JW: What steps do you recommend security leaders take to assess their needs for Digital Executive Protection and the solutions they require?

EB: We recommend a few critical steps for CISOs to understand where they are most vulnerable and what’s needed to strengthen protection of their leaders:

  1. Assess corporate and executives’ personal, family risk exposure. To get a holistic view, we recommended using BlackCloak’s Executive Privacy Assessment tool.
  2. Implement security controls for mobile devices and personal accounts – including setting up MFA; using strong, unique passwords on each account and device; and utilizing a password manager for safekeeping.
  3. Provide cyber awareness training for executive families.
  4. Consider DEP solutions that respect privacy and are easy for non-technical users to adopt.

JW: How can security teams learn more about Calian and BlackCloak and what they might need to get started?

EB: They can contact Calian’s Cyber Sales team at [email protected] to request more information or schedule a demo.