Recent research found that 99% of executives have personally identifiable information (PII) on over three-dozen data broker websites. There were more than three personal email addresses for every executive record on average. Cybercriminals are increasingly exploiting the PII of executives and taking advantage of their unique authority and broad access to sensitive information and systems.
This poses a significant risk to an organization’s security posture and underscores the reality that the threat attack surface of an organization expands beyond network walls. This is an opportunity for MSPs to look beyond these walls to demonstrate to their clients that they are taking a more robust and comprehensive approach to managing digital risk. Understanding where and what executive information is stored and potentially leaked on public online networks is also a significant differentiation and value-add service opportunity.
3 Tips to Make your Clients’ Executives Less Vulnerable
Threat actors recognize the vulnerability of executives and see them as the path of least resistance to move laterally into the organization that they lead. Here are three actionable steps MSPs can take to make their clients’ executives less susceptible to digital attacks.
1. Make sure executives are following security policies
This is truly one of the most proactive, straightforward, and apparent actions executives can take toward reducing their vulnerability compared to other high-profile targets. In addition to fundamental security practices such as strong passwords and multi-factor authentication (MFA), MSPs should advise their clients to address the need for proper PII management in their security policies. Executives need to be knowledgeable of the changing digital threat landscape and the dangers that their information can pose to themselves and the organization.
2. Conduct digital risk assessments for executives
Digital risk assessments traditionally focus on technical assets – devices, endpoints, etc. But with an expanded attack surface that includes public online networks, organizations need to look to include corporate assets such as executives, brands, and even supply chain vendors in their asset risk assessment inventory. Knowing where executives and their digital identifiers exist across the public attack surface is key to identifying executive vulnerabilities and attack surface reduction opportunities. Regular digital risk assessments will keep an organization aware of changes to their corporate asset digital footprint. When exposed assets are identified, the details of their vulnerabilities can be assessed to plan for prevention or appropriate risk management of potential exploitation attempts. MSPs can offer corporate asset digital risk assessments as a recurring and easy-to-implement service for their clients using platforms and DRA services offered through vendors like Media Sonar.
3. Limit what’s out there
MSPs must work with their clients to suppress as much existing PII related to executives as possible and be cautious about reintroducing new information on the public attack surface. This won’t stop them from being a target altogether, but it will make it more difficult for threat actors, and they’ll inevitably target someone else. There are services available to help keep data away from data brokers, but generally speaking, the complete obliteration of PII is near impossible – especially when it hits the Dark Web.
Breaches are top of mind for business resilience
Threat actors are replicating rapidly, and technology is getting to a place where it’s too easy to breach the weak ones. While it’s not destiny, and we’re not all going to get breached, MSPs should adopt the mindset of “it’s not a matter of if, it’s a matter of when” in terms of their clients (or themselves) experiencing a breach. That time might not be tomorrow – it could be six months or a year down the line. By taking measures to provide greater visibility into digital risks now, MSPs can avoid being blindsided by the exposure of information before it becomes available for access and abuse in the future. Offering services that work towards detecting and controlling the damage of potential breaches with a comprehensive awareness of the digital identifiers that exist in the public attack surface for critical corporate assets such as executives is a tactical way for MSPs to demonstrate how they can help protect against the potential, if not inevitable, client breach.
Responding to data breaches
In the event of any breach incident, time is invaluable. Communication and information spread nearly at the speed of light in our digital world. Once a breach is detected, the focus should shift to understanding how that changes the threat landscape for the organization. MSPs can use a breach as a marker to guide clients into adopting better policies, techniques, and procedures. To remediate financial repercussions and brand damage as quickly as possible, MSPs must understand the answers to these five questions in working with and supporting their client:
- Do we understand the who, what, when, where, and how of the vulnerability?
- What measures are we taking to control the damage as much as possible?
- Are the actions we are taking part of an established plan or are they reactive countermeasures?
- What are the impacts on our clients and their customers now and in the future?
- What was the breach’s aftermath in terms of churn for our clients and us?
Security Posture Matters
Some MSPs are already looking beyond network walls to protect their clients’ executive online vulnerabilities, but it is often a very manual effort. Legacy security tools and processes aren’t built to collect, triage, and verify the volume and complexity of human-generated content to identify leaked information associated with executives effectively.
With low barriers to implementation, MSPs can deliver consolidated risk assessments of the digital footprint of their clients’ executives with Media Sonar, increasing the standard of care that they provide to their clients. With Media Sonar’s Digital Risk Assessments, you get:
- Detection of web content associated with the executive digital footprint using expert-built queries across social media, code-sharing sites, paste sites, forums, and marketplaces where leaked credentials and data are bought, sold, and discussed.
- A comprehensive yet easily consumable report of information leaks, reputational risks, and threats of violence related to executives and other corporate assets.
- Analyst curation of detected content for perceived risk levels with remediation recommendations based on findings.
- One time or recurring engagement risk assessment services
You can book a demo here to learn more about how Media Sonar’s Digital Risk Assessment protects your clients and saves you valuable time.