How Can Cybersecurity Teams Protect Corporate Executives From Stolen Data and Fraud?
June 13th, 2019
Cybercriminals target corporate executives at a disproportionately high rate because they are typically wealthy, high-value targets with access to sensitive systems and assets. Executives generally have the authority to initiate wire transfers and are the primary leaders of their companies’ brand, so the payouts for attackers can potentially be lucrative if they are successful. Executives are also vulnerable on social media, where threat actors can easily impersonate them or hack into their accounts to spread misinformation and malicious links.
Social Media Impersonation as an Attack Vector
In many cases, executives are either unaware or unconcerned with the security of their social media accounts – with so many other key business responsibilities that are top-of-mind, it’s easy to understand why they might not have the time to give it any thought. And the problem exacerbated by scammers growing increasingly sophisticated in designing these fake accounts, making them virtually indistinguishable to the untrained eye. It’s become common for cybercriminals to pose as recruiters or hiring managers on LinkedIn, mimicking real profiles and using well-known industry terminology to attract unsuspecting victims.
Data Leakages Threaten Executives and Customers Alike
Data leaks also pose a great threat to organizations in any industry. Whether they contain personally identifiable information (PII), login credentials, or other sensitive information, leaks give cybercriminals an opening to crack into corporate systems or target customers. To compound matters, IntSights has seen consistent increases in data leakages over the past year:
In many ways, PII and other sensitive data is more accessible than ever. There are various sources on the dark web – and elsewhere – that allow users to type in a target’s social security number or date of birth and retrieve a list of information they can purchase including credit cards, login credentials, bank account information, and more. Executives are, once again, especially at risk in this regard since they tend to have more access to financial assets and other potential lucrative information.
From “Prevent” to “Detect and Remediate”
So, what can security teams do to better protect their executives from becoming the unsuspecting victims of a successful social media impersonation attack or PII exposure via a data leakage? The key is to shift the focus from preventing attacks to detecting and remediating threats before they even manifest into attacks. Monitoring cybercriminal activity externally becomes critical for security teams, and having a comprehensive map of the entire organization’s digital footprint can help preemptively identify potential weaknesses and vulnerabilities.
To help security professionals understand how to become more proactive, we recently held a webinar, “How To Protect Your Executives From Cybercrime & Identity Theft.” Watch the full session below to gain a full understanding of how to approach executive protection.
Stay up to Date!
Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.