A new study shows that executives are more vulnerable to security breaches than ever. BlackCloak, a cybersecurity company, surveyed 1,000 of its members—and discovered that 23% of executives have open ports on their home networks. And what’s worse, 20% of those with open ports have open security cameras.
To top it off, 27% of executives’ own devices contain malware, 76% of their own devices are actively leaking data, and 87% of executives’ own devices have no security installed.
For security professionals, this is the most disturbing finding of all: Only 8% of executives have multi-factor authentication enabled on the majority of their apps and devices. And 87% of them have passwords that are leaked on the dark web. Thats a damn shame.
The general population is very vulnerable to cyber threats, but executives are even more susceptible to them. According to John Hellickson, CISO at Coalfire, executives often put pressure on the IT department to enable the use of their personal devices for work. The C-suite are valuable targets to threat actors since they have access to highly sensitive corporate information.
Cybercrime is not just about stealing information from one device. It can be a way to get into a broader corporation. For example, if a cybercriminal steals information from your personal devices, they can use that information to easily get into your company and do damage.
BlackCloak’s research found that most people don’t have privacy settings on their personal accounts. This can leave them vulnerable to physical harm. For example, a person’s location can be detected when they use an e-commerce app on their phone. They could be tracked down by anyone with malicious intent.
Additionally, research found that the security credentials of executives – such as banking information and social media passwords – are readily available on the dark web, making them susceptible to social engineering attacks, identity theft, and fraud. The dark web is a dangerous place where anyone can buy or sell anything anonymously. It’s no wonder that corporate identities are getting stolen.
- 99% of executives have their personal information available on more than three dozen online data broker websites, with a large percentage listed on more than 100
- 70% of executive profiles found on data broker websites contained personal social media information and photos, most commonly from LinkedIn and Facebook
- 40% of online data brokers had the IP address of an executive’s home network
Cybercriminals are not only attacking personal lives. They are also after executives who control valuable information. Sometimes, the executives themselves are the target because of their status or wealth. However, cyber criminals can still attack the organization indirectly. For example, they may gain access to an executive’s email account and send malicious emails to others within the company, which could then result in a data breach.
It’s time for companies to re-think their strategies for protecting executives’ digital lives and pushing proper cyber security. The C-Suite needs to stop being lazy and take cyber security more seriously. As long as it’s safe, seamless, and profitable for cybercriminals, they will find ways to compromise personal devices used by executives.