Attributed to Brendan Read, Partner in KordaMentha’s Forensic, Cybersecurity and Forensic Technology service
Company managers should waste no time addressing c-suite cybersecurity.
Holidays and the prospect of a well-earned break are fast approaching. Unfortunately for senior level executives, any time spent away from the office nowadays, whether for vacation or work, increases their cybersecurity risk. With access to highly sensitive data, they can be lucrative targets to cyber criminals. The rise in data breaches is no longer confined to within organisations, and c-suite executives must understand that they become personally vulnerable the moment they step outside their physical office.
Personal networks belonging to captains of industry are now equally attractive to hackers as the networks of the large organisations they run. The problem stems from the fact that private devices and non-work-related accounts used by even the highest ranked executives are generally never protected or enforced to the same levels as those within corporate environments. This area of weakness is widespread and one that we are seeing increasingly exploited by cyber criminals.
What makes personal attacks on c-suite even more alarming is that hackers are targeting not only sensitive corporate data – they will almost always be searching for incriminating personal information to use for extortion. Even something as seemingly innocuous as browser history is fair game for a cybercriminal on the lookout for private information that could cause embarrassment or reputational damage to an individual if it fell into the wrong hands. The same applies to any potentially sensitive data or other media stored in personal documents and files.
Hackers have been specifically targeting executives’ personal email accounts and personal phones in recent times. Typically, home networks are nowhere near as sophisticated as those in the workplace and can present easy pickings for cybercriminals experienced in cracking far more difficult networks. Executives must also consider the risk posed to them by devices owned by their family members, especially their children, and investigate how to strengthen their entire home network against potential cyber breaches. Even educating family members about how to recognise phishing emails can be a vitally important part of defending a personal network.
Cyber attacks on c-suite level are coming from all angles too, which means any approach to strengthening personal IT defences needs to be thorough and well-rounded. In one of the most recent incidents dealt with by KordaMentha, cybercriminals were contacting telecom agencies, masquerading as the senior executive they were targeting, and requesting for specific account details to be updated. If successful, these threats open the potential access to private accounts. We have also seen board members utilising personal email accounts as a method for communicating business-related content, which is a recipe for disaster. In other cases, we see executives forwarding sensitive and confidential information within secure applications or platforms to their minimally protected private accounts and devices.
Cyber criminals often target third party suppliers to break into an organisation’s network. C-suite executives should also be aware that the same tactic also applies to their own networks. On this personal level, cybercriminals commonly target an individual’s close connections starting with their family – children and partner – and friends. The extent to which cybercriminals go cannot be underestimated, nor the temptation presented to them by a vulnerable personal network belonging to someone with power and influence.
The sharp increase in this area of cybercrime has caught scores of executives and organisations off guard. As more reports of major, high-profile cyber attacks surface, we are seeing more c-level executives requesting expert assistance to protect themselves against personal cyber attacks. Highly confidential and detailed assessments can be conducted, identifying any weaknesses in personal home networks that could lead to a cyber breach. This could include a review of the risks posed by mobile phone and other devise use, password use (especially repeated across platforms and devices) and social media and messaging accounts.
As the festive season looms and more time is spent at home, company managers should waste no time addressing the issue of c-suite security. Engaging IT departments and/or outside expertise to examine executives’ home networks is an absolute must. These personal networks should adhere to minimum security levels at the very least and be subject to regular, ongoing reviews that check for breaches, suspicious activity and areas of weakness. For, in the same way cyber breaches in organisations can remain undetected for several months or more, so too can they within executives’ personal networks.