This article was originally written and published in Threatpost.
As threats to executive safety and security increase, organizations must turn to digital executive protection to help reduce the risks that manifest in both the physical and digital worlds.
Physical threats against leaders are on the rise. Heightened by unprecedented societal tension, pandemic fatigue and economic crisis, business leaders are confronted and assaulted, their vehicles vandalized and their homes invaded.
A 2021 study by the Center for Protective Intelligence found that 33% of CEOs had received physical threats in the previous year, in addition to “negative reactions related to extremism, racial justice and social issues.” policies”. Additionally, 56% of CEOs who encouraged vaccination received physical threats, according to the same report.
Threats against corporate leaders have become so commonplace that executive protection is now a multi-million dollar line item in some corporate budgets. Bloomberg News recently reported that in 2021, Meta Platforms, Inc. (aka Facebook), spent more than $15.2 million on expenses related to protecting CEO Mark Zuckerburg at home and on the road. In April, Coinbase announced plans to hire security professionals with “countersurveillance skills” and “tactical driving.”
Personal digital lives put business leaders at physical risk
Physical protection is one thing. But a leader’s personal digital footprint is now the biggest enabler of physical risk.
Consider this likely scenario: An executive’s personal email is hacked and their upcoming travel schedule is revealed. Due to his company’s pandemic workplace policies, he is then greeted by angry employees who protest and threaten him with chants and projectiles if their freedoms are not restored. The company was unprepared as it had no visibility into the hack – it can only see what is happening within the four walls of the company – leaving the executive vulnerable digitally and physically.
This is why it is no longer enough to surround leaders with physical guardrails and James Bond security details. Companies spend millions to protect executives’ physical security and their digital lives at work, but they won’t be truly safe unless they’re also protected in their personal digital lives.
Data brokers pose a significant digital and physical threat
Protecting digital leaders is as much about preventing physical and digital threats as it is being prepared to mitigate and respond to them. One of the most common means of physical and digital attacks today is through the use of private information through online data brokers.
Data brokers capture and resell personally identifiable information ranging from emails, phone numbers, family associations, geolocations and home addresses to business records, browsing and search history, financial assets, social media posts, voting, etc.
According to research by BlackCloak, 99% of executives have their personal information, such as emails, phone numbers, birthdays and more, on more than three dozen data broker websites. The research, which pooled and anonymized data from 750 executives, also found that:
- 70% of executive profiles found on data brokerage websites contained personal social media information and photos, most often from LinkedIn and Facebook
- 40% of online data brokers had an executive’s home network IP address
- 95% of executive profiles contained personal and confidential information about their family, relatives and neighbors
- On average, online data brokers maintained more than three personal email addresses for each executive record
Using the scenario above, it is likely that the malicious actor obtained the personal email address that was hacked from an online data broker. Once the email address was connected to the executive, the attacker was likely to have gained access either by obtaining leaked credentials on the dark web or via social engineering. Without corporate defenses tied to personal email, the attacker is free to move around unnoticed, eventually gaining access to the work schedule, subsequently triggering the physical altercation on the move.
Protecting the personal digital lives of executives to reduce their physical risks
The personal digital lives of executives have become the soft underbelly of corporate security. Hackers are now targeting the online privacy, personal devices and home networks of key company personnel as a way to breach the business they run. This is the path of least resistance.
Unfortunately, an executive’s personal digital life also becomes the Achilles heel of their executive protection. Those who wish to cause physical harm or confrontation now begin by compromising a leader’s personal digital life as well. Whether through a data broker, social media, or a public profile, it’s not hard to know where, when, and why a leader will be somewhere.
That’s why the future of executive protection must be digital. If organizations and their most important people can gain greater visibility into physical and digital threats before they arise, then they can proactively stop them before a negative impact occurs.