Why are executives increasingly targeted by cyber criminals, and how are data discovery tools mitigating and preventing executive security risks?
Executive security strategies once prioritized physical safety — but keeping VIPs protected is also now an issue of equipping teams with advanced online data access.
As more executives attend public events and travel globally, this means aggregating public social media content to detect physical security risks in specific areas. Data discovery tools give security teams this information faster than manually searching networks, following news feeds, and even relying on on-the-ground personnel.
Beyond physical security risks, the C-suite is also increasingly susceptible to cyberattacks as their digital footprints increase. Executive protection teams need information security tools that improve digital risk profiling, detect actionable cyber threats quickly, and establish preventative risk management strategies.
Threat Actors Increasingly Target Executives
According to a Verizon report, executives became 12 times more likely to be targeted in online social incidents, and 9 times more likely to be targeted in a data breach between 2018-2019. But attackers aren’t necessarily getting better at hard hacking systems—they’re learning where to exploit human vulnerabilities.
Executives have little time to assess suspicious content in their inbox or stay up-to-date with current cyber risks and best practices. They often rely on assistants or other administrative staff, who are even less informed about digital risks, to handle their emails and financial transactions.
Cyber criminals know this and are taking advantage of it. Between 2016-2019, business email compromises (BEC) tripled in frequency and cost organizations USD $3 billion. BEC scammers impersonate executives via email, requesting internal staff to complete transactions leaving money or data in the attacker’s control. According to the FBI, this form of social engineering costs organizations more than any other type of fraud.
Executives tend to have access to more data and internal systems and a higher net worth than other personnel, making them valuable targets. As the Verizon report suggests, criminals are likely to continue increasing their efforts to access this payoff. In addition to BECs, some other threats include targeting executives with phishing emails, sextortion campaigns, SIM jacking, and selling their stolen financial data on the dark web.
Data Discovery Tools Are Critical for Executive Protection
This trend points to a greater need for accessing online data for managing digital threats and physical security situations. Social media networks, forums, and unindexed sites on the deep and dark web are valuable sources of current information about these risks. Efficiently indexing, aggregating, and filtering data from these sources requires specialized software.
The Echosec Systems Platform combines advanced filtering and machine learning technology to give security teams efficient access to threat data from these providers. The Platform can identify executive threats including:
- Executive name mentions on social media in a negative or threatening context
- Public text or image-based social media content indicating active threats near an executive—such as on a travel route or around their home
- Paste site posts where executive information, such as names, emails, and financial data has been leaked or doxxed
- Dark web marketplace listings selling executive information, or tools and services targeted at exploiting executives
- Criminal discussions on the dark web describing executive-targeted attack strategies, such as BECs
Success Stories: Protecting Executives with Online Data
You might be wondering what data discovery for executive protection looks like in the real world. Here are a few examples of how the Echosec Systems Platform has leveraged corporate digital risk management and physical security strategies. Cases are anonymized to protect client identity.
Doxxing is the act of breaching an individual’s personally identifiable information (PII) on the web for malicious purposes. CEOs and other high-level executives are often targeted as a form of online harassment or hacktivism.
Doxxes are typically published on unindexed surface and dark websites like Pastebin and DeepPaste, and can include the individual’s home address, phone numbers, emails, SSN, social media handles, financial data, and family members’ PII. Doxxed information can be used to leverage other attack strategies, like BEC scams.
A large retailer used the Echosec Systems Platform to uncover threats targeting both executives and store locations. By searching for the organization’s name in combination with “dox” as keywords, the company’s security HQ were alerted to the following post:
This dox was targeted at one of the company’s HR Managers and included their home address, email, phone number, social media handles, and employer details for both the target and their immediate family members.
The company can use this information to notify affected individuals and take security precautions—such as requesting content removal on Pastebin, changing phone numbers, and protecting the target’s home and whereabouts with private security. They can also investigate where this information was obtained, and secure any vulnerable databases.
Social Media Threats
Social media is a valuable source of public information about potential executive threats. These can occur both on mainstream, moderated sources like Twitter, as well as more niche, unregulated networks. For example, a disgruntled former employee or anti-capitalist extremist could directly threaten an executive on these networks. Whether or not these threats are genuine, they must be taken seriously by security teams.
A multinational online retailer partnered with Echosec Systems to monitor executive risks and event locations. Their security team saved and filtered searches within the Platform to find content indicating violent sentiment towards executive names. The organization was alerted to a CEO-targeted death threat posted on Twitter:
With this information, the team could assess other public content by this user to get more context on the situation, notify the CEO’s security detail, and take extra precautions to ensure their safety. If necessary, organizations can also involve law enforcement to investigate specific incidents.
Travel Risk Management
Organizations are investing in global business travel more than ever. Travel risk management is a growing industry, leveraging technology to keep executives and other personnel safe abroad. It’s no longer enough to develop effective response strategies—security teams must also monitor online data closely as events unfold and prevent executives from encountering threats.
A security consultant firm used the Platform to reinforce a client’s travel risk management strategy. The firm was able to locate crisis-related content in Cairo, where the executive was traveling. The firm received a flood of notifications related to a fire, and were able to verify its exact location using public geotagged Snapchat data before the event was reported on news feeds. On-the-ground staff were notified to avoid the area, and the executive safely continued with their plans.
Enterprise risk management teams are quickly evolving as executive attack surfaces increase. These cases highlight how executive protection services are responsible for monitoring both on-the-ground security and increased digital risks and breaches.
Executive security teams are better able to detect and de-escalate risks on both fronts with access to relevant data from social media networks and unindexed areas of the web. This information provides on-the-ground situational awareness wherever VIPs are located, as well as executive-targeted cyber attacks and other online threats.
Data discovery platforms are crucial for gathering and filtering this information as the volume of online threat data increases. Executive protection teams can spend more time responding to real risks than sorting irrelevant data. Finding and containing actionable incidents is usually the priority for executive protection teams—threat assessment tools also keep security teams, executives, and other staff informed so they know what risks to expect and how to identify and prevent them on an organizational level.
What does your executive protection strategy look like? Book a demo to find out if you’re overlooking any current risks.