What is It? - Digital Executive Protection (Personal Cybersecurity for Your Executives)
Corporate-level executives have always required an increased level of care and security simply due to the power they hold – company data and secrets, information that could change markets, and because what they say or do can change the direction of the business itself.
As Spiderman’s Uncle Ben said, “with great power comes great responsibility.”
But the landscape of executive security has changed. Whereas it was once about physical security, air evacuations or air medical services, or concierge healthcare to maintain their health, coverage must now include their digital lives, the flip side of physical protection. Their digital lives and those of whom are closest to the executives, has become an even bigger target for bad actors.
As the pioneer in the field, it is critical for CISOs to understand that digital executive protection is about protecting the digital footprint of the executives that run the business, and those of their families or who share their home environment.
We’re not talking about the perimeter of the company and its walls, corporate devices, emails, or servers. We’re not talking about BYOD.
We are specifically talking about the digital items connected to that corporate executive during the other 12 hours of the day. It’s about the personal life that is inextricably intertwined with their identity. It is their corporate identity that sets them up as a big target for cybersecurity thieves.
Shifting Boundaries
As a CISO, we know that you and your team have the “inside” of the company protected. You have your EDR, firewall, IDS/IPS, email protection, and agents running on firewalls and end points secured. This creates a safe environment for the executives as they work within the confines of the company’s digital footprint. However, for the rest of the day when the executives’ personal life takes place, it is an entirely different story.
Cybercriminals do their due diligence when evaluating their targets. They simply go to the executive leadership page of your company’s website to view the pictures and bios, oftentimes with key pieces of information about their backgrounds and associations, of those that have a powerful entry point into the corporation. They can quickly find how to reach those executives, their personal information, where they live, their personal email and mobile numbers.
The records at the disposal of hackers provide a wealth of information including any data breaches they may have been involved in or exposed to, scams that may have impacted them, the devices they possess in their personal lives – computers, tablets, smartphones, smarthome equipment. And this all goes beyond just the individual executive, bleeding into the lives and digital footprints of their family members – husbands, wives, partners, children, siblings, and on and on.
These risks in the executives’ personal realm introduce unacceptable risks into the corporation in a number of ways when corporate documents and information make their way into private emails, devices, and the network – reputational, financial, data breach, loss of intellectual property, and a potential avenue back into the company itself.
Examples of this are in abundance. Think back to August/September with the hacks at Twilio and Uber. And just this week, the hack of ZenDesk. In these instances, we saw individual’s personal email addresses and cell phones being targeted by cyber criminals to elicit details about themselves and act on dual-factor authentication requests that opened the door to the company’s information security inner sanctum. This was also true in 2016 with the election, with emails targeting elected officials and their surrounding campaigns.
This type of attack has been happening for years; it’s not a new phenomenon. It’s why nation states, foreign intelligence forces, and cybercriminals target the soft underbelly that is an individual’s personal life.
Larger companies often invest upwards of $50M to protect their company’s assets, ensuring the cybersecurity fortress remains difficult to penetrate. The easiest path is to find other entry points. Why not go after the executive that is spending $5 instead on cybersecurity for their home? With antiquated anti-virus protection in place, unpatched devices, accounts that are not protected with dual-factor authentication, or home automation systems that are not set up correctly, the home is ripe for sabotage.
Digital Executive Protection
Simply stated: Digital Executive Protection is the identification, protection, and remediation of cybersecurity and privacy risks that exist in the personal life of the executive and their family . . . it includes their private information, personal devices, homes, and key online accounts. And each of these items affords a chance for a hacker to then compromise the company.
The only way to solve the risk for corporate executives, board of directors, executive leadership teams is with a holistic, active defense methodology that reduces the attack surface for these individuals and ensures protection in real-time.
Just like a personal bodyguard protects the physical entity, Digital Executive Protection cloaks the executive in 24/7/365 protection where they are most vulnerable. It’s a necessary complement to any companies’ information security protection program.
To learn more, click here.
To schedule a demo, click here.