Protecting executives today is about much more than physically shielding them from danger. The cyber security risks are higher than ever, and organizations need to ensure that the network and data access many high-level executives have doesn’t become an easy entry point for attackers.
CSOs and CISOs need to make executive protection a high priority for the organization. Here are five fundamentals that security leaders should keep in mind.
1. Conduct a risk analysis
The first step CSOs and CISOs need to take is to conduct a comprehensive risk analysis. This includes identifying those individuals in the organization who are critical to the business and likely targets, and assessing the impact to the organization if they are the victims of attacks.
Some questions to ask as part of the analysis: Has there been a history of threats against any of these executives? Do they travel regularly to dangerous places? To what kinds of attacks are they most vulnerable?
Once you’ve determined which individuals need protection, learn about their public and private lifestyles—to the extent that it makes sense and can help reduce the risk factor. This step requires the executive's full cooperation, because you will need to know all about the work and home life of the individual. Look into how easy it is for someone to get information on the executive and his or her family.
Based on what you learn about executives, you can get a clearer picture of what kinds of risks your facing and what security measures you'll need to take. It's important to keep in mind that risks are ever-changing, so you need to establish a baseline level of security for executives that can be increased as needed.
“Risk analysis should start off with their home life, where they live, the current crime climate in the area, whether or not they have a home security system,” says Robert Siciliano, a security consultant and identity theft expert. “A large factor here is determining the individual’s ‘significance’ and whether or not they are considered a high-value target.”
2. Make a strong case for protection, even if executives resist
Some executives will no doubt be unhappy about having their work and personal life under scrutiny, but that’s part of the price of achieving success in business and having lots of responsibility. To make this less of an ordeal for everyone involved, CSOs and CISOs need to demonstrate to executives why security is so important. One way to do this is to have executives pay attention to what they see when they do simple Google searches of their names.
“Periodic ego searches demonstrate to them that they are a target,” says Jason Taule, CSO at FEI Systems, a provider of health-related technology. Once they’ve done this they can see how a hacker could easily find out all kinds of information about the executive, and launch an attack by leveraging that knowledge.
Sign up for CIO Asia eNewsletters.