The Value of Prioritizing Executive Protection

High profile individuals face growing online threats, which can even result in real-world physical danger. Prioritizing executive protection is critical.

An executive protection strategy protects highly valuable people within your organization by establishing corporate security and cybersecurity best practices. These best practices mitigate internal risk and continuously monitor surface, Deep, and Dark Web sources for external threats with the context and automation necessary to take action. This is important for leaders across all industries, but especially those with a highly visible online presence or who facilitate valuable user or proprietary data are the most vulnerable.

When it comes to threats outside the corporate perimeter, security teams must arm themselves with effective monitoring, threat intelligence, and remediation capabilities to protect executives and VIPs from digital attacks such as phishing and impersonations, data leaks, and account takeovers, among others.

For these reasons, having an effective executive & VIP protection solution is critical for corporate and information security teams that need to extend their visibility outside their internal firewall, enabling them to best safeguard executives and other high-profile individuals.

A strong executive protection program should include:

• Monitoring and detection for threats such as impersonations, stolen credentials, and others across social media, surface web, and Deep and Dark Web
• High-fidelity alerts for physical threats and disruptive events that pose a risk to key executives and their families
• Reputation protection to safeguard customer engagement
• Executive threat intelligence, reporting, and assessments
• Takedown capabilities for removing fraudulent profiles and offending content
• Ongoing monitoring and removal of personal information from data broker websites

The Growing Threat to High Profile Individuals

Threat actors may use a combination of tactics that put executives at risk – ranging from the rudimentary to more evolved.

• Phishing
  Impersonations, account takeovers, and business email compromise campaigns help adversaries trick everyday users into thinking they are someone else and gain the trust of others online. They may then exploit that trust to persuade employees or customers into sharing sensitive information, funds, or access via email or social channels.

• Executive Extortion And Ransomware Campaigns
  Extortion and ransomware are prevalent threats, especially when private information has already leaked to a bad actor. These actors will coerce victims into paying a ransom in exchange for restoring access to systems and data or prevent sensitive information from becoming public and causing reputational damage. Actors may even create kidnapping scams in an effort to extort someone into sending ransom money.

• Data Leakage
  An adversary with access to private information can leak proprietary data or dox an executive (releasing personal information like addresses and phone numbers) to create real harm. Additionally, illicit marketplaces exist in the Underground Economy where threat actors profit from the sale of stolen data.

• Harassment and/or Physical Threats
  When travel plans are inadvertently exposed, executives may face physical threats or harassment. Additionally, actors may brazenly post violent threats or aim to incite harm targeting an executive on social media, putting the individual and their family’s personal safety at risk.

5 Steps to Creating a Comprehensive Executive Protection Strategy

Step 1: Map Your Protected Assets

The first step in the creation of your comprehensive strategy is to map out who to protect. You’ll want to include executives and VIPs, but don’t limit protection policies and protected assets to the C-suite. It’s important to protect other key employees if they have access to sensitive data, are highly visible, have a large social media following, or are in a public-facing role.

A few examples of high-value individuals you may need to protect include:

• Public figures
• Talent/Celebrities
• Athletes
• Highly visible employees
• Employees with access to high-value information
• Executives and directors

For example, imagine that your HR director is spoofed on LinkedIn. The fake account may create a fraudulent job listing on a few different job sites, tricking applicants into sending their personal information. Not only will this tarnish your company’s reputation in the job market, but it can also erode trust between customers or potential candidates.

Furthermore, you’ll want to include location addresses relevant to a protected person, such as their home, office, or frequent travel locations. Monitoring for physical threats or disruptive events occurring in or around these locations is important to avoid risks to physical safety.

Step 2: Deploy Automation and AI

Protecting your VIPs requires a comprehensive approach to threat data collection.

You’ll need a solution in place to continuously monitor, collect, and analyze millions of data points across the web. 

To ensure your leaders aren’t being impersonated, you’ll need to continuously monitor for fake accounts and take immediate action to remove them before they can do damage. You’ll also need to monitor your protected peoples’ public accounts to avoid inadvertent sharing of credentials, IP, or customer data. You will need to do this all while monitoring malicious marketplaces and hacker forums (on the Dark Web and elsewhere) for potential exposures and sale of passwords, credentials, or attack chatter.

Manually, this would take countless hours and resources to not only locate, but go through the motions of removing the offending content. However, AI classifiers and advanced analysis models (such as OCR and facial comparison) and automation can help to streamline the process.

Your executive protection solution should enable the configuration of automated alert rules and policies specific to your organization’s needs. For instance, you can build out automated rules to alert your security team of any mentions of your executives or protected locations on known hacker forums or communities. This type of automation will allow you to better scale your solution while eliminating noise.

Put simply: the functions of automation within a platform can complete suggested actions, such as providing alerts when something is amiss, be it an errant, noncompliant post or an employee-targeted scam. 

Then, based on these alerts, you can move into the next step of submitting and processing takedown actions, which refers to the reporting of the violating content to the host providers such as social media networks, hosts, registrars, etc.

The benefit of automating some of these functions within a given platform can amount to millions of dollars in ROI.

Step 3: Extend Visibility and Analysis with Human Intelligence

Relying on AI and automated processes is only half the solution. The next step is to deploy human intelligence to proactively triage, analyze, escalate, and enact a remediation plan. That’s because context and validation via expert human intelligence is a critical component of threat intelligence and operationalizing threat data.

Human intelligence is necessary to act on alerts found via AI – without this, you risk getting bogged down with false alerts, red flags, and misaligned expectations.

Let’s say the system alerts for an impersonation of a high-ranking executive. Before we can take action, the alert must be vetted to make sure it meets the criteria of a fraudulent or spoofed account. To accomplish this, the SOC team validates the alert and confirms that it’s a relevant threat. Additionally, the SOC will triage it, apply a risk rating, and escalate it for further action (such as recommending it for takedown).

Human intelligence can also cut through the noise to quickly gauge the credibility of physical threats. This is crucial when there are dangers to public safety involving violence, emergency response situations, and natural disasters.

Finally, an expert analyst should provide deep dive assessments of executives and their related assets at regular intervals to identify risks, vulnerabilities, and malicious exploitation based on their digital footprints, along with key recommendations to mitigate digital risk.

You’ll also deploy human intelligence to create a briefing procedure for your security team and for the people you are protecting following a takedown or thwarted attack.

Step 4: Reduce Vulnerabilities Through Proactive Measures

Responding to real-time attacks is only one piece of the puzzle. It is also critical to take every appropriate prevention measure to reduce the attack surface. For example, use a PII removal service to find and remove an executive or VIP’s personal information from data brokers who will sell that information to any party, including malicious adversaries.

When creating your strategy, it’s critical to remember that your protected assets can, and should, retain full control over their own social media accounts, login credentials, and social media data.

The Security Administrator needs access to individual posts that pose a risk to you or your organization but shouldn’t have the ability to scour posts or have access to your individual social media accounts.

Further, your team and solution provider must remain committed to abiding by all appropriate laws, regulations, and social network Terms of Services (ToS) surrounding personal data.

Step 5: Empower Executives through Education

With the rise of external cybersecurity threats like social media takeovers and spoofed domains, your executives and employees are often the frontline of defense – they need the tools and information to ensure everyone stays secure.

To prevent future attacks, enlist your VIPs to help protect their own privacy.

Human error and lack of education on current threats are what attackers count on, but it doesn’t have to be that way.

You can decentralize defense by helping employees harden security settings and remediate critical security issues – all while protecting their privacy and the integrity of their personal accounts. This starts with covering the basics through central tools and training programs.

You’ll also be tasked with ensuring that your leaders are always up to date by delivering critical informational alerts and notifications around emerging threats, crucial privacy or settings changes, and global security incidents. Access to a vendor’s threat intelligence via finished reports, platform search, or feeds integrated into your toolset are all helpful ways to quickly gather and deploy those insights.