minute read

What is Executive Protection?

The Changing Threat Landscape
Adversaries can now impact an organization’s security without ever attempting to break through a corporate perimeter. In today’s digital-first world, threat actors access and exploit your data, information, and people across the external attack surface. Here’s what you need to know.

The Growing Threat to High-Profile Individuals

An overarching security trend in recent years has been the convergence of the digital and physical worlds. Once thought to be only financially motivated, ransomware attacks now threaten hospitals, schools, and critical infrastructure. Deepfake technology used to impersonate Tom Cruise may seem innocuous, but when the same technology is used to have a phony President of Ukraine order his troops to lay down their arms, the stakes are much higher. And executives who were once safe behind a level of anonymity and digital distance are now often targets of online and physical threats. Being in the spotlight is great—until it isn’t. 

As executives increase their online presence, they put hundreds of data points out into the world that, if not protected properly, can be a massive liability for themselves and their company. These include social media posts, travel plans, email addresses and contact information, online accounts, things posted on job boards, and additional sensitive information like places of travel, office location, corporate events, and home addresses.

Executive protection is the logical extension of this precipitating threat trend. More and more, malicious hackers are using creative means to get the upper hand in a high-stakes version of cat and mouse. Six in 10 executives have personally identifying information (PII) for sale on underground marketplaces, and we have seen executive impersonations increase year after year. Between 2021 and 2022, ZeroFox data showed a 26.2% increase in impersonations and a 29% spike in scams, fraud, and piracy targeting the C-suite and VIPs. While it seems like the mouse might be winning, executive protection is on the rise. Today, ZeroFox is protecting more than twice as many executives as we did a year ago, filling an ever-widening need.

What is Executive Protection?

There are a lot of misnomers surrounding this category. First, let’s start by defining what executive protection is not:

  • Exclusively a physical bodyguard to escort corporate VIPs to high profile events. 
  • A solution solely designed to cover your boss’s assets should a malicious link lead to uncharted reputational territory online. 
  • A private service that allows your CEO’s family to book their travel safely and cleans up any embarrassing pool photos along the way. 
  • Something that exists outside of the well-being of your enterprise as a whole. 

However, a good executive protection platform does all of this and ensures the safety of your company in the process.

Now for the textbook definition. Executive protection “refers to the cybersecurity monitoring, threat intelligence, and threat remediation capabilities used to protect corporate executives, VIPs, and other high-value targets from phishing, impersonation, doxxing, account takeovers, and other digital attacks.”

In other words, executive protection secures the digital—and physical—assets of the C-suite and executives to safeguard your people and the enterprise from widespread malicious attacks. These services can extend to family members as well.

The Executive as a Weapon

Today, executives are both an asset and an attack vector. Their information is not only valuable to an enterprise but can be abused for personal defamation and exploited as a gateway. Especially for organizations that pride themselves on state-of-the-industry cybersecurity controls, executives and employees are increasingly becoming the easiest access point for criminals.

Malicious actors have a myriad of objectives, including financial fraud, data leaks, theft of identities and protected personal information, ransomware attacks, reputational damage, and even physical threats. These attacks are planned and executed across a variety of spaces, including social media, the surface web, email, and the deep and dark web; and in some cases, result in real-world physical harm and danger.

Notably, 75% of executives have experienced credential exposure as a result, and more than half of CEOs have received a physical threat within the last year. Not surprisingly, these all begin with a data leak. Each day, more sensitive information belonging to executives ends up in the public domain, either on social media, data broker sites, or the dark web. We largely have social media impersonations, account takeovers, and phishing attacks to thank, and the fact that 50% of executives reuse their passwords. It’s a common mistake, but it’s one that introduces tangible risks. Consequently, there is a general sense in the industry that executive protection is needed, but many organizations don’t know what to look for.

Employee Protection

Threat actors are after more than your VIPs. According to the Verizon 2022 Data Breach Investigations Report, 82% of data breaches were caused by human error. In most companies, the majority of humans work outside the C-suite. A poll by the National Cybersecurity Alliance revealed that less than half of employees used even basic password security hygiene. Of those, nearly half had never heard of multi-factor authentication (MFA). Millennial and Gen Z users have been shown to have less interest in privacy than their Gen X and Baby Boomer counterparts, and one 2020 study noted that one in five Gen Z-ers did not want more privacy online. However, the decision may no longer be theirs as compliance regulations ramp up and data privacy becomes an issue of corporate, and even national, security. 

The 3 Pillars of Executive Protection

The ZeroFox approach to executive protection breaks things down into three focus areas—protection from cyberattacks, privacy protection, and physical security—because thousands of hours serving hundreds of customers has proven this to be an effective and easily understood approach to this complex issue. To that end, we’ve been able to secure critical assets for four out of the Fortune 10, including the number one eCommerce platform, the number one US bank, the number one US technology firm, and the number one US retailer—plus hundreds of the Global 2000. Let’s dig into the details.

Executive Protection from Cyberattacks

While this seems to encompass the whole terrain, protecting executives from cyberattacks is actually a very specific part of our strategy because it focuses specifically on three things:

  • When and where were an executive’s credentials exposed through a data breach?
  • Was the executives’ information sold on the criminal underground marketplace (i.e., dark web)?
  • Is anyone impersonating the executive?

Answering these questions requires seeking out and analyzing phishing campaigns, smishing schemes, and online threats before they reach the real world. Following these reconnaissance tactics, executive protection teams neutralize threats in physical-time with proactive takedowns when and where they originate. That’s the first step: stop the bleeding. Or, in the case of ZeroFox, make sure the bleeding never starts.

The cost of executive data leaks are designed to be extremely high. Executives are often the unwitting bait in large-net phishing schemes, and a C-level’s information floating around online is just as good as a bobber in the water. Conversely, protecting that information removes the bait, leaving criminals empty-handed. The return on investment (ROI) for this kind of proactive defense can be hard to calculate specifically because prevention yields few metrics. However, a few figures should paint the picture: a Texas energy company lost $3.2M in an invoice to the fake CEO; an AI voice generator conned a UK employee into wiring nearly a quarter of a million dollars in cash to a fake employer; and the FBI’s Internet Crime Complaint Center (IC3) has reported over $8B in losses due to BEC just since the beginning of 2016. The annual reported losses from those BEC attacks have grown by 800% in just six short years, showing a steep upward trend.

ZeroFox has been responsible for more than half a million (630K+) successful takedowns in the past 12 months. In fact, Forrester named us “best in class for brand intelligence and takedown services.” In the last year, we’ve experienced a 770% increase in TikTok takedowns, a 39% increase in Facebook takedowns, and a 201% increase in YouTube takedowns.

Executive Privacy Protection

Securing the PII of executives—and preventing ongoing attack campaigns—will always be step number one. However, since leaks are still bound to happen, removing that sensitive information from public exposure as quickly as possible is the next vital step in protecting an executive.

Malicious hackers use PII to achieve ATOs (account takeovers), which means they have fully infiltrated and commandeered a user’s account and can use it, their privileges, and their access permissions to their full advantage. This is usually done with the intent to siphon funds out of the victim’s account or initiate fraudulent wire transfers. Unfortunately, PII is readily searchable and available for purchase for the express purpose of targeting your executives and employees. Just one of the larger data brokers already purportedly possesses the PII of 68% of the world’s population. Chances are that your executives’ data is in there and can be exploited to target the executives’ organization.

The buying and selling of PII happens every day and is perfectly legal. In fact, there is an entire industry of data brokers who collect, aggregate, and sell databases of PII. Unfortunately, cybercriminals access those same databases and use the PII to victimize and more effectively target people, particularly high-value targets like executives. Removing sensitive information from these broker sites helps secure your digital footprint, but it’s a tedious manual process that requires continuous monitoring and updates. 

ZeroFox’s PII Removal finds and automatically removes PII from hundreds of data broker sites – many you probably don’t even know exist – to reduce the digital footprint criminals rely on for targeting executives. This doesn’t only encompass what you might find on a company website, subreddit, or social media post. This is full-scale removal of your digital footprint after it’s been skimmed and packaged for use on a data broker site. Known as ‘takedowns’, we’re best-in-breed for these operations.

Less PII out there means less ammunition for subsequent cyberattacks seeking to use exposed C-levels to gain access into the network. If you don’t already have a solution to mitigate this risk for your executives, they are much more likely to become targets. It’s just a matter of time.

Physical Security

Ten years ago, no cybersecurity company mentioned physical security because the two realms were considered to be independent. Unfortunately, times have changed. Data leaks and social media campaigns can lead to physical harm and massive real-world consequences.

From ‘internet banging’ that can lead to fist fights amongst teens to the Cambridge Analytica scandal that leveraged social media to influence geopolitics, the digital world has long since breached its bounds. What happens on social media certainly doesn’t stay there; instead, it starts there. When a CEO fired 900 employees via a one-way video call, social media outrage was enough to cause three of the company’s top executives to step down. Other online exposures have had similar real-world consequences, from a leaked Applebee’s email to the Panama Papers.

Physical Security Intelligence (PSI) is the ongoing monitoring and reporting of real-time digital threats with risk assessments and recommendations for defending against the most dangerous threats before the noise of meaningless chatter hides them from sight. This is all the more important when we’re focused on protecting executives. The Center for Protective Intelligence released a study conducted by a Fortune 50 technology company that revealed some alarming statistics. Hundreds of cases of cyber and physical attacks on executives in the past 10 years, 69% were CEOs and 50% were from the tech, financial, and entertainment industries. Over half took place in the executive’s city of residence, 44% happened at home, and 41% occurred in public. As cyber-related physical attacks persist, organizations need to be prepared with a service that can scale—one that integrates cyber and physical security—to defend executives against this growing hybrid threat.

The Inside Approach

As we’ve stated before, as threats to executives and celebrities have evolved significantly in the past decade, the teams that protect their VIPs must evolve as well.

Right now, this means understanding the malicious terrain, the adversary, and the security tools available. This means leveraging threat intelligence to understand a client’s exposure. And this means a highly trained security force that can go beyond the reaches of established search engines. In order to fully grasp the extent of an executive’s exposure to the threat landscape, you have to understand that landscape yourself.

Our vantage point in the market puts us in a unique position to know what works—and what doesn’t—in an executive protection approach. Our team has established online personas that operate across the criminal underground to engage directly with cybercriminals for the remediation of your data leaks on 175+ dark web forums. We use AI-powered threat analysis and a team of intelligence researchers to provide insights and access second to none in the industry. With access to both the underground economy and extremist forums, we collect the human intelligence necessary to know where your data is, who has it, and what it will take to keep it safe. When C-levels need “that” kind of security service, we’re who they call.

So far, we’ve secured over 21K executives, generated more than 70 million alerts, and protected over four million assets. Our team has garnered top awards in the industry, such as Red Herring Top 100 North America, the SINET16 Champion, Dark Reading’s Top Security Startups to Watch, Tech Council of Maryland’s Technology Company of the Year and the Security Tech Trailblazer of the Year.

An executive protection solution centers on three major elements:

  • Protecting good information.
  • Ensuring privacy by removing bad information.
  • Keeping executives safe—physically, as well as digitally.

(Ready or Not) The Age of External Cybersecurity is Here

A complete cybersecurity posture, especially one that claims to be zero-trust, must address threats across the entire physical and cyber landscape. Yes, secure your network. Yes, lock down your digital assets. Yes, run the best AI-driven next-generation technology you can in the cloud and make sure your vendors have your back. But frankly, that isn’t enough.

This is the era of long technological reach combined with a low barrier to entry for anyone who seeks to exploit vulnerabilities for profit or for harm. As the machinery of the world goes digital, it becomes accessible in cyberspace. Hostile forces in that domain have an expanded capability to affect the real world and won’t stop at stealing your password. As data—especially C-level confidential data—continues to be the key that unlocks the modern world, businesses, economies, critical infrastructure, and national security will more heavily depend upon how well that data is protected.

ZeroFox is the global leader in external cybersecurity. Intel’s Anthony Lin attested that our “best-in-class SaaS platform, AI capabilities, and exceptional business profile are a testament to the unquestionable value [we] deliver to [our] customers,” and we credit that to our unique approach.

  • External Cybersecurity While most enterprises are focusing on internal security, cybercriminals are increasingly turning to external threats. We help companies gain control over their expanding external attack surface by operationalizing the data that falls in the gray space between threat actors and corporate targets. Attackers operate beyond the corporate perimeter, and so do we.
  • Dark Ops Our experts have inroads into the criminal underground that most other companies do not. It takes time, experience, and expertise to navigate the dark web and gain the trust of those that can provide you with the right information. Because of our unique vantage point within the industry, we can provide a niche level of service nearly impossible to find elsewhere.
  • Patented SaaS Technology Built as a defense system against external threats, our patented ZeroFox SaaS technology addresses risks across social, mobile, email, collaborative, surface, and deep and dark web platforms. This allows ZeroFox executive protection to guard against targeted physical and digital attacks, account hacking, and impersonations across the public attack surface. And right now, cyberattacks on that external attack surface represent a leading cause of breaches.

In a world of increasing executive threats, ZeroFox has the experience and expertise outside the perimeter to protect your executives and organization. We’re good at what we do, and we’re proud of it. We are purpose-driven threat hunters, researchers, and analysts who have thousands of years of combined experience. We get the terrain. We know the ropes. And we see the threat future as one of customized attacks, executive targets, and external cybersecurity.

Ready to learn more? 

Get the full report for a deep dive into what executive protection is and why it’s more important than ever. 

Keep Learning

Why ZeroFox for Executive Protection?

The only cybersecurity company to go public in 2022, ZeroFox protects the world’s leading companies, organizations, and governments with the only unified platform for external cybersecurity.

What is External Cybersecurity?

Expose, disrupt, and respond to threats outside your perimeter—the new attack surface that traditional security can't see or control, and where business, customers, and attackers all converge. 

What is External Cybersecurity?

ZeroFox has 700+ global disruption partners, including the biggest hosts, registrars, and social media platforms

ZeroFox has <span class="text-fox-red">700+ global disruption partners,</span> including the biggest hosts, registrars, and social media platforms

More popular resources