BlackCloak report concludes that executives and board members are easy targets for threat actors trolling for sensitive information.
Protecting leaders' digital lives.
Companies spend millions on cyber security to protect their corporate infrastructure, but what are the cybersecurity mitigations in place to protect the devices of the executives of the company when not at work?
C-suites' and boards' digital lives may be vulnerable.
This is the question posed in a study by BlackCloak in their report titled “Understanding the Serious Risk to Executives’ Personal cybersecurity and Digital Lives.” “Organizations are allocating millions of dollars to protect their information assets and employees but are neglecting to take steps to safeguard the very vulnerable digital assets and lives of key executives and board members. Sponsored by BlackCloak, the Ponemon Institute surveyed five-hundred-fifty-three IT and IT security practitioners familiar with programs and policies used to prevent cybersecurity threats against executives and their digital assets,” write researchers. Apparently most companies don’t protect the personal devices of their executives and board members. 58% of companies polled didn’t incorporate the risk of key executive member’s personal devices into their cyber security risk portfolio, and 62% of the companies had no dedicated services to respond to attacks on the high ranking members.
Risks aren't merely theoretical.
It isn’t as though these risks are just hypothetical, either. The study concluded, “The finance and marketing departments are most likely to send sensitive data to executives’ personal emails, according to 23% and 22% of respondents respectively. However, the executive suite (21% of respondents) and board members (19% of respondents) are also guilty of sending sensitive information to personal emails to one another.” The researchers add, “Executives are the weakest link in the ability to protect their lives and digital assets. Only 16% of respondents say their organizations are highly confident that a CEO or executives’ personal email or social media accounts are protected with dual- factor authentication.” 42% of respondents said that their executives and family members have been attacked, and 25% said they had an average of 7-10 attacks in the last two years. The information at risk on an executive’s personal device can include sensitive financial information about the company, new business deals occurring, and sensitive conversations between the executive and members of the board.