Six Threats that Brought Digital Executive Protection into the Spotlight in 2021
In March 2020, the analyst firm Cybersecurity Ventures predicted that damages from cybercrime would cost $6 trillion by the end of 2021. While it remains to be seen just how accurate this prediction was, attacks such as Kaseya, Colonial Pipeline, and JBS combined with the rampant exploitation of zero day vulnerabilities such as Log4J and the Microsoft Exchange server, suggest that $6 trillion annually is not unrealistic.
As I reflect on cybersecurity and privacy over the past year, there are six trending threats and vulnerabilities that I see as making the case for deploying digital executive protection.
Cybersecurity threats impacting your personal life
- Account Takeover Explodes – According to Security.org, “22 percent of U.S. adults have been victims of account takeovers, which amounts to over 24 million households,” as of February 2021. Throughout the year, we saw first hand that cybercriminals were gaining unauthorized access to email accounts, social media profiles, and SaaS applications, such as Dropbox, at an unprecedented rate. The primary goals of account takeover, which is almost always initiated via phishing or social engineering, is to either move laterally into company systems or to cause personal financial harm, such as misdirecting funds or obtaining financial information, for a subsequent cyberattack.
- Malware Targeting Browsers – In December 2020, Microsoft warned of newly identified malware strain that was impacting web browsers such as Chrome and Firefox. Since then, we have witnessed a sustained rise in malicious extensions capable of mining browsers for personal and private data. When injected into a web browser, malicious code is commonly used for keystroke logging, DNS hijacking and communications hijacking, such as eavesdropping and redirecting. Over the past two years, hackers have created millions of newly created malicious domains posing as official Covid-19 resources.
- IoT Increases the Attack Surface – Connected devices within the home have more than doubled since 2019 to an average of 25 per household, according to Deloitte. The proliferation of vulnerable smart devices and sensors onto the home network have increased the attack surface exponentially. As such, it is easier for attackers to deploy man-in-the-middle and DDoS attacks, as well as spoof communications and takeover devices. Earlier this year, Palo Alto Network reported a significant uptick in the number of consumer-IoT devices showing up on corporate networks.
Privacy concerns enter the mainstream
- C-Suite Unemployment Fraud – As the pandemic persisted, cybercriminals and fraudsters continued to ramp up their unemployment fraud claims targeting senior executives and the C-Suite. To pull off these scams, hackers first visit a company website and social media profiles to obtain basic information on the organization’s leadership. Next, they either purchase or steal information from data broker websites and conduct social engineering campaigns to obtain whatever additional data is needed. At this time they have sufficient information to file an unemployment claim to the company’s surprise. Axios reported that as much as half of all unemployment money this year may have been lost to fraud.
- Discontent with Data Brokers Explodes – A KPMG survey found that 87% of Americans view data privacy as a human right. Perhaps this helps explain why frustration with data brokers reached a boiling point in 2021. Even people who haven’t had their privacy or security breached yet have begun to publicly voice concern and dismay about their information – everything from email and home address to voting and medical records – being available for legal purchase or exploitation. The risk here is that the information can be used for phishing and social engineering campaigns of professional and personal consequence. Earlier this year, Wired proclaimed data brokers a “threat to democracy.”
- App Developers Come Under Fire – For the first time there is real astonishment and unhappiness over the extent of information that apps collect and how that information is used. Even as tech companies like Apple begin to make modest improvements to better protect consumer’s privacy, there is very little that the ordinary person can do absent of new industry of government regulation to reduce data from being collected and shared. According to the New York Times, there is “an intensifying battle over the future of the internet” with personal privacy at the epicenter of the heated debate.
BlackCloak helps protect the cybersecurity and privacy of executives, Board Members, high-profile and high-net-worth individuals. By combining technology with concierge support, we help protect you, your family, and by extension your company, from the security and privacy risks that came to define 2021.
Stay tuned for my next blog post which will look at the threats and vulnerabilities that could impact your life in 2022. In the meantime, visit our Product Overview page to learn more about our Platform.