As the richest person in the world, Jeff Bezos is an extraordinary individual, but he may have more in common with your own CEO than you think. If hackers can get to him, then they could also get to your own C-suite.
Forensic analysts believe that a WhatsApp message containing a video was ground zero for a hack that slurped large amounts of data from the phone of Bezos. The exploit would have been a targeted attack using software purchased from a malware company. These are the kinds of targeted attacks that hit high-value victims and cost large amounts of money to launch.
The average CEO might not warrant an attack costing hundreds of thousands, but hackers might not need to spend that much to compromise your head honcho. If companies don’t protect senior executives’ corporate accounts properly, they could still be vulnerable. Even with decent internal protection, there’s always the risk that a hacker could get to a business leader via their personal accounts. If a kid can do it to Jack Dorsey, or to director-level executives at the CIA and the FBI, what are the chances they could hit your leaders too?
It’s a question that many CEOs are asking. In its 23rd annual CEO survey, PWC found that CEOs were most worried about cyber-threats ahead of skills and the speed of technological change. What’s more, 48% of those senior executives said that they had altered their own behavior online, deleting social media accounts and virtual assistant applications, for example.
So, how can you help protect your own senior executives from hackers? Here are some tips.
Conduct a Personal Digital Audit
Learn about the apps and online services that your high-value executives use, and how they use them. What private data are they exposing online? Facebook, Twitter and Instagram are obvious first places to look, but don’t stop there. What other services are they using to post photos or other entries that hackers could use to work out their address, vehicle details or route to work? It’s amazing what you can learn about someone from an old forgotten Flickr account, for example.
Offer Personal Cybersecurity Training
You may have a corporate security training program, but it’s worth schooling your CEO in personal cyber-hygiene, explaining how hackers can mount personal attacks using everything from phishing to vishing and SIM swapping.
Scan for Exposure
Use an online service that scans for potential personal compromise. There are services that will monitor not only the clear web but also the dark web, looking for a mention of the executives or their personal details. Credit protection will also help to highlight anyone trying to steal your CEO’s identity.
Make Multi-Factor Authentication a Priority
Executive accounts ranging from email to ERP systems are the keys to the kingdom for hackers. MFA should be a standard for all employees today, but it’s especially important for C-suite executives with elevated account privileges who may travel to different places, making it difficult to govern their access based on IP address. While you’re at it, ensure that their personal accounts have MFA protection too.
Hackers targeting director-level executives are likely to be more aggressive and persistent than those casting the net for employees generally. Using techniques like these will make it harder for them to find a foothold and gain access to your senior management’s digital assets – along with the secrets that come with it.
