Security Awareness — Executive Security Briefings

What You Don’t Know Can Hurt You

• Who is the most vulnerable person to social engineering in your organization?
• Have you been personally trained on avoidance of threats that could affect you and your company?
• Have you searched www.WikiLeaks.org or www.CSOonline.com for ‘hacking’ or ‘social engineering?’ It’s an eye-opening experience.

While it’s unlikely you or your employees will fall prey to the Nigerian windfall email, there are now highly sophisticated emails that appear to be from your company, a bank, or other trusted sources. But that’s not the greatest risk for divulging critical and sensitive information. Risk number one is upper managment — especially those at the C-Level.

CSOonline had an article entitled “Social Engineering: 3 examples of human hacking” by Joan Goodchild, Senior Editor. There are two takeaways especially interesting to exectives.

“Takeaway 1: No information, regardless of its personal or emotional nature, is off limits for a social engineer seeking to do harm.

Takeaway 2: It is often the person who thinks he is most secure who poses the biggest vulnerability. One security consultant recently told CSO that executives are the easiest social engineering targets.”

Initially you may find that surprising, but social engineers (human hackers) know the executive team has the most confidential and important information and they generally have the least security protection. As Jayson E. Street, known security expert and our senior trainer explains, there are four primary reasons these executives are targeted:

1. Executives don’t think they need to follow security rules. By not wanting to be monitored, often for the sake of keeping information private, unwittingly they open themselves for full exploitation of that information.
2. Executives think they’re protected. One example is bypassing an email verification system. That means their email is fair game for hackers. When their email is sent within the company, it may be carrying a virus or worm that affects the entire company. They are not protected.
3. Executives, especially CIOs, use the latest technology. They are often the ones who get the latest mobile phones, laptops, tablets, and other devices. Because these devices are new to the market, they can have bugs and security risks, and often are not configured securely to the corporate network. Since these devices are generally small, they’re brought home where they use the home network — that adds an exponential shift of the possibility of malicious intrusion.
4. Executives’ families are targets. Since attackers search for the easiest access to the information, they can bypass the network administrator and go directly after the executive’s wife, husband, or child via Facebook or other social media sites. Jayson says, “Why not compromise the spouse’s computer system and then, when the CIO brings a laptop home, that laptop is now on the internal network. This home network is more of a private network, which is more trusted, and that means the firewall lets more stuff in. It makes more sense to compromise the CIO that way. If you have millions of dollars at stake, and you are doing corporate espionage and want to steal secrets or money, you don’t go after your target only, you go after everyone in your target’s network too.”

This doesn’t have to happen to you or any of your executive team. The Enet 1 Group provides Executive Security Training and Briefings that will bring you up-to-date on the latest scams and schemes of those who want to do you and your company harm. We have trainers, including security expert Jayson Street, well known for their knowledge of executive hacking tricks and tools.

Give us a call and we will set up a briefing.