Top 7 Digital Footprint Dangers for Executives
Corporate security and executive protection teams have a big job. Threats to key personnel are ever-present and increasingly originate online. It’s not just physical security threats. Slander, libel, impersonation, fraud, and disinformation targeted against organizational leadership and their families is a growing concern.
At the same time, executive transparency is essential for business success in the 21st century, with 77% of consumers preferring to make purchases from a company where executives are active on social media. As a result, the digital footprint of executives and the board can be considerable.
Few corporate security teams have the resources to efficiently identify threat actors targeting key personnel on social media, extremist forums, and within the dark web. Parsing through online channels to distinguish threats requiring action from those that can be ignored requires time, skill, and experience. The 24-hour nature of the threats can do irreparable damage to an individual’s reputation and significantly impact the organization, making rapid response essential.
Here are 7 ways an executive’s digital footprint can present a risk for the business:
- Pattern of Life Exposure: Transparency is a double-edged sword. The details an executive may share to make them seem more relatable also make it easier for threat actors to establish a pattern of life for potential stalking, surveillance, and harassment. What we buy, what we eat, where we go, our geographic location, relationship status, and details about our close circle of friends are all valuable to a determined adversary.
- Opinion Outrage: Expressing an opinion or taking a stance on an issue can put executive leadership in the crosshairs of activists or hacktivists. Issues that may have no relationship to the business can still cause outrage to the wrong audience.
- Personally Identifiable Information (PII): Personal information exposure is a massive problem. Users naturally reveal details about their lives on social media. Data they don’t reveal, like utility records, voting records, property records, campaign donations, and more provide a trove of data that is regularly scraped, aggregated, and sold on the internet and the dark web.
- Doxxing: This term was once used to describe the act of one hacker exposing the real identity of another. Today, doxxing has come to mean the intentional publishing of an individual’s identifiable information on the open internet for others to find. Doxxing is increasingly used to blackmail, threaten, and intimidate executives.
- Credential Theft: Executives are 12x more likely to be targeted in a cyber-attack, and c-suite credentials represent one of the most prized targets for hackers. Despite their corporate stature, executives suffer from the same poor cyber-hygiene as their subordinates. Password re-use and risky clicks by executives are far too common.
- Business Email Compromise: Business email compromise is the natural next step for a cyber-criminal once they have their hands on the credentials of an executive. Attackers can pose as an executive, email a finance department member with an urgent request for a funds transfer, and the team may never suspect a threat actor is the real author.
- Impersonation and CEO Fraud: Email isn’t the only way cyber-criminals impersonate an executive. Hackers are increasingly using phone calls and text messages while pretending to be a member of the C-suite, preying on employees eager to please an authority figure in their company.
Major social media platforms have invested in sophisticated content monitoring and cybersecurity teams to detect inflammatory or violent rhetoric. Alas, many threat actors are moving to non-traditional forums and social media platforms that are in a more nascent stage of self-regulation. Despite this, corporate security functions focus their intelligence efforts on decidedly physical security challenges, putting less emphasis on threats developing within the digital space.
Reigning in the Digital Footprint with Managed Intelligence
Most threat intelligence vendors will assess public content from the top four or five social media platforms, but less popular and more restricted platforms are rarely considered. As a managed intelligence offering, Nisos’ Executive Shield allows corporate security teams to offload intelligence gathering and analysis of emergent threats against executives to our team of seasoned, expert analysts.
Executive Shield provides comprehensive vulnerability assessment for key personnel. We provide specific remediation recommendations and full-service removal of PII from people sites, databases, and other web locations, including takedowns of impersonated social media accounts.
Our unique analyst-led approach goes beyond scanning solutions that identify only easily accessible data. Using expertly crafted mis-attributable infrastructure and aged personas, Nisos analysts access the deepest corners of the internet, covering over 130 sites and forums across the open internet and the deep and dark web.
Want to learn more about executive protection?
- Episode 64: The Cyber5 Podcast – Building an Intelligence Program to Protect Executives
- Episode 38: The Cyber5 Podcast – Digital Identity Reduction for Executive Protection
- On-demand Webinar – “Digital Executive Protection: Reduce Risk and Stop the Attacks”
Nisos is The Managed Intelligence Company®. Our services enable security, intelligence, and trust and safety teams to leverage a world-class intelligence capability tailored to their needs. We fuse robust data collection with a deep understanding of the adversarial mindset delivering smarter defense and more effective response against advanced cyber attacks, disinformation, and abuse of digital platforms.