The Home is the New Battleground for Corporate Cybersecurity
CEOs and CISOs who put the right personal protection in place for their executive team and board members will be the heroes of the battle.
The unprecedented level of cybersecurity risk today extends far beyond the four walls of the enterprise. There is no longer any difference between personal and corporate protection when it comes to members of the executive team and board. High-level individuals now have a single, unified digital life, and senior leadership working from home has become the soft underbelly of corporate cybersecurity.
We see this every day in the onboarding of new clients. An average of 27 percent of new clients have malware detected on their personal devices, and we find that 20 percent have wide open home networks that allow adversaries to see into their cameras, home automation, and IoT devices. Picture the last senior staff meeting you attended – at least one in five of your colleagues represents a massive vulnerability! The attack surface of the organization increases every time an executive works remotely from home – and that happens every single day.
As recently as a decade ago the CISO/CIO could focus on protecting the “crown jewels” of the organization – customer and product data – residing in a data center or cloud environment. Risk could be mitigated by locking down company assets and devices. Now issues such as third-party data assurance and BYOD have greatly extended the threat perimeter, creating data loss and reputational danger every time an executive works remotely.
As with all things, there is an evolution happening. Similar to the way executives receive concierge healthcare and other executive perks to make their personal lives better, simpler, and easier to manage given all the other corporate stressors – the protection of their digital lives has also evolved.
In the past, CISOs were unable to extend the cloak of corporate security to executives and their families due to privacy, legal, and other considerations (what CEO wants to chat with the security team about the phishing email they got on their personal Gmail or what parental monitoring tool they need for their teenager?) But that has all changed. The CEO can now protect their digital health and the company with concierge cybersecurity as well.
Think about it – why wouldn’t the bad guys attack the network via the living room rather than a more hardened endpoint? The cybersecurity budget of just two banks – Bank of America and J.P. Morgan Chase – reportedly totaled $1.4 billion last year. But unless some of that money is extending corporate protection to the home front, they are extremely vulnerable.
Consider the classic 1992 movie Patriot Games as an analogy. The terrorists didn’t try to kill Jack Ryan (Harrison Ford) while he was in his CIA office in Mclean, VA. They waited until he was outside the perimeter, first outside the Naval Academy and then at his beachfront home. And when they couldn’t get him they went after his family.
Here are the top four vulnerabilities we find when auditing the home networks of clients:
- 59% of the C-Suite does not have anti-virus (even free versions) implemented on their personal devices
- In 75% of cases we find computers either totally unprotected or they still have the default security settings, which is just as bad as no protection at all
- 68% of the C-Suite is writing down their passwords on . . . yes, their little black notebooks or storing them in their contacts list on the phone
- Over 90% are not using dual factor authentication on their personal email (which we all know has corporate documents and emails within it)
The lives of these executives have become frictionless between the personal and the professional. Gmail and LinkedIn accounts contain information that would be damaging if stolen and shared. Executive cybersecurity protection could be extended to the home front for a tiny fraction of the existing cybersecurity spend of many large companies.
CEOs and CISOs can’t afford to be complacent because the bad guys continue to innovate. According to the 2020 M-Trends report put out by cybersecurity company FireEye, 41 percent of malware deployed in 2019 was new and never seen before. Media and Financial verticals were among the top five attacked.
The homes of the executive team have become the new battleground for the corporation. CEOs and their CISOs need to extend the defense perimeter and protect the entire digital lives of senior leadership. It is the right thing and the smart thing to do in today’s threat environment.
Read more about BlackCloak’s services for Corporate Executives and Board Members in their Personal Lives. Or, contact us to learn more about our corporate plans.