Security leaders and IT professionals work hard to ensure everyone from the C-suite to interns have the right security measures in place to protect the cybersecurity of an organization. However, this gets increasingly more difficult when those employees are not all in the same building.
The rise in remote work means that security leaders need to consider how to protect information when employees and executives are within their own homes. According to a survey by BlackCloak, 42% of respondents reported that their executives or family members were attacked by cybercriminals. Attacks ranged from malware and doxing to instances of extortion and even physical attack. The survey focuses on the protection of executive digital assets, which include addresses, phone numbers, personal device accounts, Wi-Fi information and potential scam information, including doxing and swatting.
According to the survey, 58% of respondents say the prevention of cyber threats against executives and their digital assets is not covered in their cyber, IT and physical security strategies and budget. Moreover, 38% of respondents say there is a team dedicated to preventing and/or responding to cyber or privacy attacks against executives and their families.
Unfortunately, the effects of cyberattacks on executives’ personal devices are not limited to personal consequences. Forty-five percent of survey respondents reported a loss of important business partners and 33% reported reputation damage due to the information exposed. Even with these risks, executives are most likely to unknowingly reuse a compromised password from their personal accounts inside their company (71% of respondents) and 67% say it is highly likely that an imposter would send a text message to another employee at their company. Fifty-one percent of respondents say it is highly likely that an executive’s significant other or child receives an unsolicited email and clicks on a link taking them to a third-party website.
According to the research, the following areas lack visibility: personal devices (74% of respondents), executives’ personal email accounts (66% of respondents), executive’s home network (64% of respondents), executives’ privacy footprint (61% of respondents) and password hygiene (57% of respondents).
Fifty-nine percent of respondents say ensuring executive protection is more difficult due to the increasing attack surface. However, about half of respondents (53%) say attacks against the digital assets of executives outside the office domain is as much a priority as preventing such attacks when they are in the office. This split, in combination with a general lack of training, makes executives’ personal devices and networks vulnerable to cyberattacks.
For more information, click here.