The recent reports of the battle between Jeff Bezos and the National Enquirer shows that even the chief executive officer (CEO) of a major global business and the owner of a prominent national newspaper can be vulnerable to hacking. At issue is that it’s not just about embarrassment to an individual. The top leadership of a company is a beacon to hackers due to their access to the most sensitive information of an organization. Their weakness becomes the company’s weakness.
Quoting CEO Mark Johnson of Sovereign Intelligence, Economic Times writes, “It’s a curious irony that billionaires demonstrate astounding acumen related to their own industries, and yet seemingly ignore the minutiae of common-place security measures.”
As Johnson tells Economic Times, executives’ data and their access to corporate assets and intellectual property becomes attractive for hackers and competitors alike. Ultimately, when organizations don’t invest in protecting their CEOs and others in the C-suite, they risk exposing access to the thinking and strategies of the organization.
According to Wired, at least some of the giants of Silicon Valley seem to have gotten that message. Surprisingly, Bezos’ Amazon is near the top of the list, while Google and Apple are lower down on the list. Here’s a rundown of how much they’re investing in their executives’ security.
Today The Daily Beast reports that the brother of Bezos’ mistress is the likely source of the leaked data. Regardless of whether it was the brother or a hacker, it seems more could have been done to protect the information.
Beyond ensuring the organization itself has a strong cybersecurity posture, implementing some protections at the individual level is also critical:
- Provide periodic training/updates covering how to spot phishing attempts.
- Ensure executives are using encryption and strong passwords for apps. And remind them that just because data is encrypted, if it’s stored on the device, it’s still potentially accessible.
- Remind leaders to never use unprotected public Wi-Fi. Better to use a personal hotspot if it’s necessary to be online outside a secure perimeter.
But even the best security measures can sometimes not be enough–particularly when it comes to mobile devices. As Kyle Johnson reports on BrianMadden.com, “…More and more malware is coming pre-installed from the factory. Before users themselves have a chance to do something stupid, their device is already infected. Forty-two low-cost smartphone models had the Triada Banking Trojan. Meanwhile, millions of devices from a variety of manufacturers like Huawei, Xiaomi, Vivo, and Samsung had RottenSys, mobile adware disguised as a secure Wi-Fi service, already on their devices.”
Granted that top executives are not likely to be using cheapy phones, having measures in place to test and monitor devices before they end up in execs’ hands is not a bad practice. Mobile security is often overlooked and in many ways poses the biggest risk. With cameras and microphones built in, spying is easy. Plus, apps, email, and texts provide all kinds of opportunities to hack into a network.
When President Obama was in office, his phones were examined every 30 days to check for hacking and other suspicious activity. That contrasts significantly with how the Trump administration has been operating in the context of mobile security.
Last year, Check Point Software reported that only 38 percent of companies deployed a mobile threat defense solution. For sure, organizations must double down to protect their top leadership from cyber threat actors. But the more vigilant executives can be with their own digital practices, the safer their organizations will be.