Digital Threats To High Value Targets Pose Physical Security Risks

There is increasing attacks against extended enterprises such as cloud providers and vendors

In a recent report on protecting executives from cyberattacks, Cypient Black found that along with rising traditional enterprise attacks against corporate devices, networks and information, there have been increasing attacks against the extended enterprise such as cloud providers and vendor. Now a third attack area is also increasing but often not addressed by corporate budgets: entangled enterprise risk.

Entangled enterprise risk is the risk borne by an enterprise from targeted attacks against the personal digital lives of the enterprise’s executives and other high value targets (HVTs)  These include senior executives, board members, executive assistants and their family members. Two types of attacks that malicious actors use to target HVTs are pivot attacks and endgame attacks.

To get access to the enterprise, pivot attacks leverage vulnerabilities in devices and networks that HVTs use that are not under the control of their organisations, such as a personal smartphone or laptop. Pivot attacks also use access to HVTs’ personal devices for reconnaissance and intelligence gathering. The information gathered through these attacks is then used to conduct social engineering or business email compromise campaigns.

Access to HVTs’ personal digital lives to get corporate data or harm the HVT are used in endgame attacks as a method of hurting the organization he or she is associated with. Example: when an auto manufacturer was in the middle of a labour dispute, the CEO’s daughter went out to lunch at a restaurant and protestors showed up outside. Even though she had not disclosed her location online. An analysis of her smartphone later found malicious tracking software on it. This tactic instilled fear and distracted from the business at hand, a similar attack could enable blackmailing or kidnapping of an HVT.

Universally, hackers are good at shifting from an enterprise approach to a targeted, personal attack on the executive of that enterprise as they are a much softer target but can have the same kind of impact. Another critical area to cover with protectees is social media and how protectee individuals share with associates. ‘Shares’ can have security ramifications.
 

Some businesses simply have higher risk due to the nature of their work. Examples include construction businesses, entertainment venues, industries that deal with vulnerable persons (such as aged care), and any other business that may attract adverse behaviour from those with opposing ideologies - such as RSL clubs, places of worship and sporting organisations.

Barringtons security risk management and assessment team has decades of experience working with clients of all shapes and sizes across a broad range of industries. Their arsenal of Risk Assessment Management Services includes Cyber Security Risk Assessments and Cyber Penetration Testing and they are able to provide a quick turnaround on any enquires and develop valuable solutions in addition to reporting on any weaknesses in an organisation.

For more information on how Barringtons can help our business please click here.

Source: https://www.asisonline.org/security-management-magazine/articles/2019/06/digital-threats-to-high-value-targets/