BlackCloak: C-Suite Execs Easy Targets for Cybercriminals
BlackCloak, a digital executive protection provider, this week released its latest study, “Examining the Modern Attack Surface: Quantifying the Risks to Individuals and the Enterprise.” The study reveals just how shockingly vulnerable C-suite execs are.
BlackCloak polled over 1,000 members just before they onboarded onto its digital executive protection platform.
Key findings include:
- Eighty-seven percent of execs’ personal devices have no security installed.
- Another 87% have passwords leaked on the dark web.
- Twenty-seven percent of execs’ personal devices contain malware.
- Seventy-six percent of execs’ personal devices are actively leaking data.
- Twenty-three percent of execs have open ports on their home network.
- Twenty percent of those have open security cameras.
- Fifty-three percent aren’t using a secure password manager.
Chris Pierson is BlackCloak‘s founder and CEO.
“The two findings that stand out the most to us are the fact that 23% of executives have open ports on their home network, and that 40% of executives have their home IP address available on data broker websites,” he said. “Open ports in home environments are very unusual and the fact that data brokers have evolved from harvesting names, emails and addresses to collecting home IP addresses presents all sorts of new risks. It’s like having the front door for your executives’ homes wide open.”
On the personal level, executives are exposing themselves to a variety of threats, including spoofing and impersonations, identity theft, financial fraud, account takeover, malware and ransomware, reputation damage, and communications hijacking, among others, Pierson said.
“What’s notable here is that these threats can also have direct impact or collateral damage on their company,” he said. “For example, malware and home network compromise can serve as the path of least resistance into the executives’ company, while reputation damage and impersonations can negatively impact business continuity.”
The challenge is that security teams cannot simply extend corporate security into personal digital lives, and that consumer-grade security is not built to protect those who are directly targeted, Pierson said.
“For organizations that don’t provide digital executive protection solutions, imploring that executives set up and use antivirus software, password vaults, and multifactor authentication (MFA) across all personal accounts is a daunting, yet important task,” he said. “But then the challenge becomes who is going to monitor it and check the yes or no box when something that is unknown tries to run? In addition, going through the arduous process of data broker removal, or finding and remediating your dark web password exposure, are two other security measures that will improve an executive’s risk profile.”