Online Data Monitoring For Executive Protection
Updated: Jan 22, 2020
Amazon spends $1.6 million a year to protect its CEO, Jeff Bezos.
This might seem like a hefty security budget, but it's a small price to pay considering the level of risk high-profile executives face today.
VIPs not only confront physical security risks at home and abroad, but are also highly targeted in their digital lives. Social media plays a large role in hosting executive-targeted attacks, and the C-suite is increasingly vulnerable to business email compromises (BECs), breaches, and other cyberthreats.
Using online data is essential for securing executives, whether mitigating non-targeted threats along a travel route, or dealing with a CEO’s personally identifiable information (PII) breach online.
Knowing how and where to find this information can make a huge difference in how quickly a security team contains an active threat, and their ability to prevent future attacks.
How to Protect Executives with Online Data
1. Search Social Media
A quick Google search for an executive’s name gives security teams a lot of useful information: How high-profile are they? Are they received positively or negatively by the public, and how does this vary in different parts of the world?
But Google only goes so far. Not all data relevant to an executive’s protection strategy is searchable in Google. A typical search engine limits a team’s ability to find specific data based on location, image, and key content indicators like violence, especially in other languages. Sourcing this information in situations where quick responses are necessary is nearly impossible with a tool like Google or Bing.
Threat intelligence tools like Echosec enable security teams to aggregate public content across multiple providers and filter data relevant to their VIP’s security. This is extremely helpful, especially since public safety threats spread on social media faster than other outlets and even word of mouth. For example, security teams can search for geotagged posts along an executive’s travel route indicating crisis situations, and get alerts as soon as key content is published. This provides on-the-ground security with more context on the situation and re-route the executive efficiently.
Finding executive protection data doesn’t always require mainstream social networks like Twitter. Less regulated social networks are populated with radicalized communities where executive threats can be more targeted and explicit. Security teams can use the Echosec Platform to find instances of an executive’s name across a variety of niche social networks in a violent or threatening context.
Social media searches can also identify less critical threats, such as bad executive press. Aggregating this information can help organizations formulate a PR strategy or public response.
2. Search Deep and Dark Web Networks
Executives also face a constant barrage of cyber threats. Adversaries increasingly target executives, both to exploit their high net worth and broad data access. Threat actors are also realizing the value of security vulnerabilities typical to the C-suite.
For example, executives often rely on assistants to manage their emails and financial transactions. This means that threat actors don’t necessarily need to hard hack a company’s systems to steal data or an executive’s financial credentials—they just need to know how to convincingly impersonate an executive and request this data from the right people. This is known as a business email compromise (BEC), one of the most costly cyber attacks today according to the FBI.
Unindexed sites on the deep and dark web contain valuable evidence of BECs and other executive-targeted cyberthreats. These can include:
- An executive’s personally identifiable information (PII). This data often appears on paste sites as a dox (a targeted PII breach as form of harassment). It’s also early evidence of a larger data breach affecting an entire organization.
* PII breaches also give attackers the information they need to create convincing phishing emails. Executive doxxes often include PII for immediate family members, implicating their physical and digital security as well.
- Strategy discussions targeted at exploiting executives. Attackers often use anonymized websites on the deep and dark web to recruit or strategize executive-targeted phishing attacks, sextortion, and other harassment campaigns.
- Sale of an executive’s financial data. Dark web marketplaces are used for selling financial account information. Executive accounts are highly valued on these markets.
Beacon enables security teams to quickly locate this data on dark and deep web networks, which are not searchable through conventional search engines.
This information is critical for securing vulnerable systems and containing active breaches, reinforcing an executive’s (and their family’s) physical security, and keeping personnel informed about BECs and other current attack strategies for breach prevention.
3. Monitor Routines and Digital Footprints
Humans (executives included) are creatures of habit. Security teams should be well-informed about an executive’s digital and real-world routines. Do they always Tweet before heading to work in the morning? Or about the vacation they are about to take?
Individually, online posts may be harmless—but attackers are skilled at piecing together an individual’s online profile to exploit their identity. For example, an attacker could connect details about an executive’s life, and use that information in a phishing email to sound more convincing. Having a close awareness of an executive’s physical whereabouts also puts them physically more at risk.
Many social media users publicly post information that they don’t realize could be exploited by cyber criminals. Capturing the image of an ID card, the inside of a facility, or even a pet could be all an attacker needs to gain system access or answer a security question (e.g. what is your favourite pet’s name?). Security teams should keep tabs on what information executives and their family members are posting on social media and monitor that content for potential risks.
Neglecting online sources for executive threat data can have disastrous implications. BEC scams and other common executive-targeted threats can lead to large-scale data breaches. According to a 2019 IBM report, these breaches cost global organizations an average of USD $3.92 million, eroding public trust and company reputation along the way. Suddenly, Amazon’s security budget doesn’t seem so extravagant.
More physical security threats also involved some level of cyber activity, whether it’s dark web users planning a swatting attack at an executive’s residence—or a Twitter user posting about a bomb threat in the vicinity of a VIP’s travel route.
It’s no longer enough for corporate security to rely on Google, news feeds, and on-the-ground personnel exclusively for their executive protection strategy. Specialized threat intelligence tools are the future of corporate security—their executives, personnel, and global reputation depend on it.
What online threats are currently putting your executives at risk?