No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Cybersecurity

Executive Digital Hygiene: The Threat Is Coming From Inside the C-Suite

Proliferation of IoT devices means not only are leaders’ email accounts targets for hackers, but so are their home security cameras

by Staff and Wire Reports
June 29, 2022
in Cybersecurity, Governance
executive data security retro concept

Illustration by Luis Xavier Moreno | For CCI


Never mind the risk of a board member leaving a folder of sensitive documents in the back of a taxi. The greater threat today exists once executives leave the boardroom and cross the threshold of home.

 “Alexa, how many execs and board members of U.S. companies have unsecured home networks and open ports on public IP addresses?”

The answer is: way too many. Experts warn that the modern attack surface has expanded, and board members’ homes are now the soft underbelly of enterprise security. Ignorance or negligence relating to securing today’s connected homes is creating substantial risk for board members with access to and influence over company finances, confidential information and proprietary data.

Be it ever so humble, the home is now a prime target for cybercriminals — but studies show execs and security teams typically overlook the vulnerabilities represented by things like home security cameras, routers and firewalls, home theater setups, home data storage solutions and various smart-home gadgets.

Recent data analysis from BlackCloak quantifies the problem. Researchers found that nearly a quarter of executives have open ports on their home network public IP address. Of those with open ports, 20 percent have completely open home security cameras.

The company aggregated and anonymized data from about 1,000 customers who subscribe to BlackCloak’s digital executive protection platform as part of its onboarding process for new clients. They looked at data from more than 1,000 board members and C-suite executives, plus high-profile/high-value employees at more than 55 U.S.-based Fortune 1000s. Roles spanned CEO, finance, legal, operations, sales, R&D, engineering, IT and other positions of prominence and responsibility, according to BlackCloak.

These open ports are often set up by third-party solutions providers for home theater and home automation, internet-accessible security cameras, networking devices like routers, firewalls and VPNs and other “internet of things” (IoT) uses.

While 23 percent represents only a minority of ports, the company notes that any number of open ports is considered highly unusual, as they are not typically accessible in standard home environments. Oftentimes they are misconfigured or running on outdated firmware and have multiple vulnerabilities.

According to the U.S. Cybersecurity & Infrastructure Security Agency (CISA), there’s a common misconception that home networks are too small to be at risk of a cyberattack. Perhaps true 10 to 15 years ago, CISA now estimates that most attacks “are not personal in nature and can occur on any type of network — big or small, home or business. If a network connects to the internet, it is inherently more vulnerable and susceptible to outside threats.”

In the case of high-profile board members for large companies, however, the homes in question are presumably larger, so is the size of the home network, and so is the potential for targeting by cybercriminals.

And in fact, board members’ homes are indeed vulnerable to personal attacks, as board members are common targets for online data brokers, according to BlackCloak. Some of the more concerning data points from the study include:

  • 99 percent of executives have their personal information available on more than three dozen online data broker websites, with a large percentage listed on more than 100 sites.
  • 70 percent of executive profiles found on data broker websites contained personal social media information and photos, most commonly from LinkedIn and Facebook.
  • 40 percent of online data brokers had the IP address of an executive’s home network.

Should a cybercriminal successfully breach a home network, they can easily intercept and reroute traffic and can gain access to personal and work devices, including files and applications connected to that home network. 

“For professional cybercriminals, it’s infinitely easier for them to breach the poorly secured, or completely insecure, home network and move laterally into the digital infrastructure of an organization than it is for them to directly attack the well-defended corporate network itself,” Said BlackCloak CEO Chris Pierson. “That’s because there are currently no consumer-grade network security solutions built to protect home networks against targeted cyberattacks, and enterprise-solutions cannot simply extend into the home. As a result, the home network is largely responsible for the massive expansion of the attack surface that’s occurred in recent years.”

Personal devices often lack the most basic security and privacy protections

However vulnerable an executive’s home may be, personal devices are equally, if not more, insecure. BlackCloak research found that many personal devices lack the most basic security software and regularly leak data due to missing or improperly configured device settings, potentially exposing the individual and corporate assets to risk. 

Highlights include:

  • 27 percent of executives’ personal devices contain malware
  • 76 percent of executives’ personal devices are actively leaking data
  • 87 percent of executives’ personal devices have no security installed

BlackCloak identified the most common device threats as malware (viruses and Trojans), exploits from unpatched devices, adware, potentially unwanted applications and WiFi threats from malicious networks. 

Attacks on personal devices also pave the way for lateral attacks. This occurs when a cybercriminal uses an executive’s compromised device as a conduit to breach the broader organization, potentially leading to widespread damage and disruption. 

Executives’ digital privacy is not very private

 New BlackCloak research also found that most personal accounts, such as email, e-commerce and applications, lack basic privacy protections. By default, many devices have geo-location enabled, which can make an executive’s whereabouts available for anyone to see, putting them at risk of physical harm.

The research also indicates that the security credentials of executives, such as bank and social media passwords, are readily available on the dark web, making them susceptible to social engineering attacks, identity theft and fraud. 

Highlights include:

  • Only 8 percent of executives have multi-factor authentication active across a majority of apps/devices.
  • 87 percent  of executives have passwords currently leaked on the dark web.
  • 53 percent of executives are not using a secure password manager.
  • 54 percent of executives have poor password hygiene, referring to re-use of passwords and lack of a secure password storage system.  

Protect executives to protect the company

Not all cybercriminals are attacking executives’ personal digital lives exclusively to move laterally into their organization. Many times, the executives themselves are the target due to their wealth or status. Nonetheless, an attack on an executive as an individual almost always has some consequence for the organization.

Attacking personal digital lives might be a new risk for enterprises to consider, but it is a risk that requires immediate attention. Adversaries have determined that executives at home are a path of least resistance, and they will compromise this attack vector for as long as it is safe, seamless and lucrative for them to do so. 

Read it now: Check out BlackCloak’s executive digital security analysis.


Tags: Board Risk Oversight
Previous Post

Big Benefits of Advanced Tech for FinCrime Compliance Don’t Kick in Until Silos Are Toppled

Next Post

XM Cyber Acquires Cyber Observer

Staff and Wire Reports

Staff and Wire Reports

Related Posts

risk tunnel

From Regulation to Volume, There Is No Light at the End of the Data Privacy Tunnel

by Jim DeLoach
March 15, 2023

Data proliferation and data privacy regulatory activity across the globe have created the need for focused boardroom discussions. An underpinning...

shifting sands risk

Shifting Sands: Leaders Are Feeling the Pressure of an Uncertain, Dynamic Risk Landscape

by Jim DeLoach
February 22, 2023

The global risk landscape has rarely been more unsettled over the past half-century than it is right now, and a...

board tech purchase

Directors: Don’t Approve a Tech Purchase Without Asking These Questions

by Jean Hill
January 25, 2023

Board directors don’t need to be able to fix a broken server, but they do need basic technology competence, which...

frayed_white

New Year, Same ESG Challenges: Overstretched Boards Face Barrage of Global Regulation

by Helle Bank Jorgensen
January 25, 2023

Global economic uncertainty notwithstanding, 2023 is certain to bring a host of emerging risks for board directors to navigate. One...

Next Post
XM Cyber Acquires Cyber Observer

XM Cyber Acquires Cyber Observer

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT