Sign in
  • Governance
  • Sostenibilidad
  • Tecnología
  • Regulación
  • Riesgo
Sign in
Welcome!Log into your account
¿Olvidaste tu contraseña?
Password recovery
Recupera tu contraseña
Buscar
Círculo de Directores
  • Governance
  • Sostenibilidad
  • Tecnología
  • Regulación
  • Riesgo
Inicio Intercambio de ideas CEOs are the top cybersecurity targets. Here’s how to protect them.
  • Intercambio de ideas
  • Riesgo

CEOs are the top cybersecurity targets. Here’s how to protect them.

Por
Círculo de Directores
-
enero 23, 2019
0
1084

Fuente: Chron – Autor: Dwight Silverman

“There are a different set of security concerns because of who these people are,” said Caleb Barlow, vice president of threat intelligence at IBM Security.

Modern CEOs use email and search the web — rare is the chief executive that has an assistant print out emails these days — and so they are just as likely to run into malicious websites and phishing emails, Barlow said. And with CEOs at bigger companies, they are likely to be older and not immersed in digital culture.

“There is a generational gap there,” he said. “These people didn’t grow up with computers. They know M&A, finance and corporate management because they came up learning these issues. But that’s not always true with cybersecurity.”

Barlow said there are three types of cyberthreats CEOs and other C-suite executives face.

Phishing attacks. Phishing involves sending an email that appears to come from a trusted source in an attempt to get the recipient to take some action. They may contain a link to a malicious website, or request personal or proprietary information, or may try to get the recipient to take some other type of imprudent action. Highly specific phishing emails, aimed at high-value targets, are known as “spear phishing,” and a target as big as a CEO is considered “whale.”

“CEOs meet a lot of people,” Barlow said. “A CEO might get an email that says, ‘Hey, I met you at the XYZ conference, remember we talked about how your wife and mine both went to Stanford? I’ve been meaning to talk to you about a deal.’ It’s easy to figure out what a CEO is into, and get this kind of information about them.”

Business email compromise. Known by the acronym BEC, this involves a hacker getting into a company’s email system, then using that access to spoof the CEO and order employees to perform some action. A 2017 FBI report indicated that this type of cybercrime is among the most rapidly growing, with a 1,300 percent increase in complaints and more than $3 billion in losses.

“The bad guy sends an email, it looks like it came from the CEO, and it says, ‘Hey, I am working on a deal, please keep this confidential, and I need you to wire $2 million from this account to another account,’” Barlow said. “This has resulted in some of the largest losses we’ve seen.”

Doxxing. This is the practice of digging up detailed personal information about a person and making it public. Because CEOs of larger companies have been in the corporate and public spotlight for a while, a lot is known about them. That makes them a target for doxxing, which can be used to gain leverage on a CEO.

“You can find out things like where their children go to school, you might post health records, or anything that could cause problems for a CEO,” Barlow said.

The best way to prevent these from happening to a CEO is a coordinated training effort not just for the chief executive, but also for the people around him, Barlow said. The CEO needs training similar to what all employees get, but it also needs to be coordinated with training for the people around him.

For example, the direct reports to the CEO need to know that “I am never going to ask you by email to wire money someplace,” he said. That’s true of other C-suite executives and those who report to them.

As part of its cybersecurity training products, IBM has built a mobile security command center that is aimed at teaching executives how to respond to a breach at their companies. It’s similar to the mobile command operations set up by the military or police, complete with an 18-wheeler loaded up with computers and wall-sized screens.

“CEOs are used to making decisions slowly and deliberately, with lots of research and information available to them,” Barlow said. “This teaches them what it’s like to make important decisions in real-time when they are on the right side of a security breach.”

dwight.silverman@chron.com

twitter.com/dsilverman

 

  • Etiquetas
  • noticias-directorio-home
Artículo anteriorQué empresas pesan más y menos en el nuevo IPSA de la Bolsa de Santiago
Artículo siguienteIndependent isn’t necessarily better. Why appointing independent directors can achieve little
Círculo de Directores
Círculo de Directores

Artículo relacionadosMás del autor

Las Conversaciones que el Directorio Evita: El arte del diálogo difícil

El paradójico impulso que le podría dar Trump a la sostenibilidad empresarial

El Triángulo de las Bermudas del Gobierno Corporativo Estatal: Regulador-Dueño-Cliente

Centro de Gobierno Corporativo y Sociedad lanza el libro “Directorios en Acción: Creando Valor Sostenible en América Latina”

Los Supuestos que Matan: El verdadero rol del directorio en la estrategia

Sobre el círculo

Nuestro propósito es proveer a los directores de la empresa un espacio para el intercambio de ideas y buenas prácticas, la formación continua, y de una voz representativa frente a los medios de comunicación, la opinión pública y el regulador.

Navegación

  • Governance
  • Sostenibilidad
  • Tecnología
  • Regulación
  • Riesgo
Contacto
  • 226181570 - 226181535
  • info@cdir.cl
  • Av. Plaza 1905 - San Carlos de Apoquindo Las Condes - Santiago Chile

Newsletter

© Newspaper WordPress Theme by TagDiv
  • About
  • Blog
  • Contact
© Newspaper WordPress Theme by TagDiv
×