Securing executives in a digital age
The rapid growth of technology, coupled with increasing scrutiny of public figures, has expanded the scope of executive risks.
But while the internet gives threat actors greater means to plan and execute attacks against executives, it also equips protective intelligence teams with advanced tools for early threat detection and neutralization that can ensure the safety of key personnel.
Flashpoint recently hosted a webinar detailing this evolving executive risk landscape. The session offered practical steps for security teams to enhance cyber and physical protection of executives. Here are four essential takeaways from the webinar, aimed at bolstering security measures for executive personnel.
Executive risks are growing
Flashpoint has observed an uptick in threats to executives, which can be attributed to two major shifts in the executive risk landscape.
Routine business decisions are more likely to be scrutinized or politicized, which leads to an increase in threats from ideologically motivated threat actors.
The main goals of ideological threats may include:
- Causing embarrassment to executives
- Doing harm to executives or those around them
- Changing business decisions
Greater technical capability:
Technology has made it easier than ever for threat actors to execute scams against executives. The advancement of technical capabilities has reduced barriers to entry for financially motivated threat actors to gain access to executives’ accounts and information, which can then be leveraged to extort or steal from the organizations they work for.
The main goals of financial threats may include:
- Engaging in extortion
- Gain access to sensitive business info
- Expanding access into an organization’s network
Executive protection requires an accurate risk assessment
Just because you’re a target, does not mean you’re a likely target.
Executive risk assessments are impacted by two main factors: visibility and controversy. If an individual is at the extreme high end of either one of these categories, their likelihood as a target increases. If they are high in both categories, that is an indicator that they are at an elevated risk to be targeted by executive threats.
If it isn’t obvious to security teams where their organization or executives fall in their risk assessment, it is critical to lean on intelligence collection to get an understanding of overall sentiment and what it means for threat level. Having this honest assessment not only improves security posture, but also has a trickle down effect to influence budget and resource management.
Executive risks are fluid
Depending on the climate surrounding an organization and its executives, the threats that they face can change. Controversy and visibility may be influenced by business decisions or current events, and can draw heightened attention to executives from threats actors with ideological or financial motives.
There are also routine factors that affect executive risk and may warrant a reassessment of an organization’s executive risk landscape:
- Traveling to a volatile region
- Promotion or status change
It is important that executive security programs are able to scale up or down depending on fluctuations in risk assessment. This ensures that security teams are able to accommodate periods of elevated risk as needed.
Know your threat actors
Much as it is essential that organizations assess their executives and the risk landscape they face, it is also crucial that security teams analyze threats as they’re uncovered to understand their viability and priority level.
When looking at a threat actor, consider the following three qualities:
- Capability: Do they have the finances, technical skills, or weapons needed to carry out this threat?
- Opportunity: Will they ever be in a position to carry out this threat?
- Intent: How can the threat actor’s other online behavior be leveraged to understand their intent?
If a threat or threat actor presents indicators of being capable, having the opportunity, and wanting to act on their intent, then the risk level is higher. If they are missing any of these factors, the likelihood of the threat materializing goes down.
Watch the full webinar