C-Suite: The Easy Target for Hackers
Your executives are the face of your company, often speaking at events, giving interviews to the media and traveling the world as key representatives of your brand. They’re visible and accessible, which are both great traits for leaders. However, this level of exposure also makes them (as well as the board) easy targets for hackers – and as technology advances, so does the threat landscape.
Why are your executives at a greater level of risk? The necessary visibility in their positions coupled with their inherent access to business-critical information creates a powerful combination, and one that hackers seek out when they’re looking for an entry point into your organization. Let’s dive into a few ways executives are easy targets for hackers.
- Social engineering and phishing – As visibility on social media becomes more and more important not only for the business, but specifically for its leaders, an online footprint is a job requirement for most executives today. But for every interview they give, or personal detail they share on social media or in the press, hackers are able to gain more information about them – information that is a key ingredient for social engineering and phishing attempts. Information is power here, and the information needed to make these attacks most effective comes from one hundred tiny details we all leave behind on the Internet everyday.
- Gatekeepers – It’s common for executives, who are busy juggling multiple priorities, to receive help from an administrative assistant in the form of email and calendar sharing. While this assistance can relieve the burdens of time management and the ever-growing inbox, it also leaves the door open for uninvited guests. When executives aren’t solely responsible for their email accounts, there’s an added layer of vulnerability that can easily be exploited by attackers through social engineering, phishing, spear-phishing, malware and more.
- Multiple devices – With the proliferation of the mobile workforce, the average executive is spending a good amount of time on different devices, and not all of these devices are under IT’s control. They are conducting business on phones, tablets, laptops and other mobile devices, whether they’re traveling or just taking lunch meetings. It’s increasingly difficult to ensure all devices used by an executive are implementing the same security measures.
- Network headaches – Along with these multiple devices, executives are regularly logging on to remote networks, whether at home or out on the road. As highly valued contributors, the security policies surround them and the networks they can use can often be dangerously liberal. When your CEO needs to submit sensitive data for a board meeting, it’s entirely possible that he or she is doing so on a mobile device across an unsecured network – maybe on an airplane or standing in line for their morning coffee. And you can bet he or she is not checking Wi-Fi source data and network digital certificate events as they arise. And it’s not just outside networks. This extends to the home network too. Without careful configuration and management, a home network can provide the perfect attack vector. With kids and family running unmanaged devices on the same home network segment, all of the careful corporate protection in the world is just a short ping away.
It may seem that I’ve painted a bleak picture here (and our own SailPoint executives are certainly no strangers to attack), but rest assured, there is hope. Through some common-sense solutions, you can arm your C-suite with best practices for staying out of a hacker’s reach. In my next blog post, we’ll explore some of these options.