CAMBRIDGE, Mass.–(BUSINESS WIRE)–Sep 23, 2020–
PiiQ Media concludes a cyber security risk assessment of exposed online PII for top executives across all US Fortune 100 companies. The assessment was conducted using PiiQ Media’s Threat Intelligence software, automating risk analysis and scoring of exposed PII across the top social media platforms. The results underscore the extreme weakness in personal social media, email, and password security. The effects of these vulnerabilities have devastating effects on corporate risk and enterprise data security for companies large and small.
PiiQ Media ran a comprehensive information security assessment of top executives for the highest valued companies in the US. The premise being, even companies with the largest security budgets and security teams are likely not implementing effective measures to improve employee personal security and thus have blind spots in corporate security. The results are more startling than we expected. Collectively, we have a serious problem.
The largest corporate attack surface being exploited by criminals today is social engineering employees through phishing and spear phishing attacks. Spear phishing attacks have the greatest rates of success due to the personal nature of the attacks, typically imitating familiar people or organizations with relevant content to the target. The source of the information that allows criminals to build targeted spear phishing attacks is exposed PII through social media and other online services.
To compound matters, social engineering based attacks are evolving in sophistication, using Artificial Intelligence to automate PII collection (reconnaissance) as well as victim engagement (targeting). Current anti-phishing solutions tend to focus on the targeting side by looking for markers that may indicate an email is suspicious. These types of detection technologies fail frequently in detecting the more advanced phishing or spear-phishing based attacks that don’t use usual markers.
PiiQ Media is committed to delivering software and solutions to mitigate the unanswered risks off PII exposure collected in the reconnaissance phase, identifying and mitigating exposed Personally Identifiable Information (PII), as well as email security compromises and protections and thus helping organizations reduce successful attacks today as well as the more sophisticated attacks tomorrow! We encourage companies that recognize these vulnerabilities to adopt a more detailed and actionable corporate social media use policy that details steps employees can take to improve their email and social media security. PiiQ Media has a free for use corporate social media use policy, with a personal checklist, that can be downloadedhere.
Cyber criminals are increasingly turning to exploiting people rather than systems. Corporate cybersecurity teams are challenged to effectively protect employees who increasingly use personal devices (BYOD) for work purposes while using the same devices to access personal online social media platforms and services. Additionally, the trend in adopting work from home (WFH) business models in response to COVID-19 reduces visibility and control over the digital security of employees, thus increasing the risk of personal and corporate exploitation. COVID19 based Phishing attacks alone are up 667% in March 2020 1. Phishing attacks account for more than 80% of reported security incidents 2 with the average breach costing $11.45M to US corporations 3. Cyber criminals are finding increased success in targeting and exploiting specific individuals because of the wealth of Personally Identifiable Information (PII) exposed online through social media and other online platforms and services.
PQ-Risk CXO Scores Social Media PII Exposure and Risk Click here for PiiQ explainer video
FIRST TO MARKET – PQ-RISK CXO offers a Cybersecurity SaaS solution, successfully aggregating publicly available, profile data across the major social media platforms with the capability to automatically contextualize a unique spear phishing email based on the analyzed PII and assessment results. It identifies where personal data provides potential inroads for criminals to exploit personal or corporate attack surfaces through family, friends, interests, SMS check-ins, or email/domain security.
PiiQ Media Illustrates Executive Exposure In First of Its Kind Fortune 100 Social Engineering Risk Assessment
Through this analysis, PiiQ Media creates both a risk-trend analysis as well as risk exposure reports based on 500 top executives. Some of the key trends identified in the analysis;
The F100 Assessment highlights the expanse of publicly available information that criminals and hackers have at their disposal. These vulnerabilities exist across top executives for the highest valued companies in the US, which indicates the PII exposure on average for the rest of corporations is likely extensive. The exposed PII allows criminals to cultivate familial phantom identities and content that increases the success of targeted spear-phishing attacks. The more data bad actors can acquire, the more targeted and plausible the “hook” or the penetration of the “spear”. In such efforts, context is king. The F100 Assessment report is broken down into ten identifiable PII exposure points, its associated risk, and the percentage of executives found to be at risk within the fortunate 100 executives.
Table 1. Cross section of PiiQ Media Fortune100 Executive Assessment
|
EXPOSED PII |
ASSOCIATED RISK |
% |
|
Exposed relationships that divulge shared employment |
Personal relationships can expose key personal attributes as well as providing context. This allows an attacker to impersonate someone and have necessary context to fool the victim. |
99% |
|
Passwords exposed in Data Breaches |
Breaches that contain passwords pose serious risk to individuals and corporations primarily due to password reuse across services |
44% |
|
Business email accounts associated to personal social media accounts |
A business email should never be associated with personal internet services, such as social media. It opens up a larger set of responses through business email that needs to be policed. |
23% |
Of paramount concern is email security protocols and adherence. The ability to map business emails to personal networks presents a clear pathway for bad actors to infiltrate business networks and should be avoided at all costs. Password exposure is similarly a point of significant cybersecurity concern for all too obvious reasons. The F100 Assessment continues to list other such areas of exposure as well as elaborate on why they present risk.
Chief Technology Officer, Aaron Barr elaborates, “We can’t remove everything. For many professionals self-promotion in social media runs tandem with promoting and building company business and therefore is encouraged in social media, specifically Linkedin. It is vital to clearly understand and develop procedures to use social media effectively for personal and professional pursuits while limiting the exposure and risks to compromise. It is vital to personal and professional security to manage social media information effectively”.
If you take anything away from this study, it is 4 tips to immediately improve your personal and corporate security.
About PiiQ Media
Headquartered in Cambridge, MA PiiQ Media is a privately funded, post seed, pre-series A, Data Science and Social Media Analytics company, specializing in SaaS & Cybersecurity solutions while also offering consulting engagement services.
To review the PiiQ Media Fortune 100 Executive Assessment in its entirety, please click here.
To receive your own Corporate Cyber Security PII Risk Assessment, please contact Alanna Nardella-Frost, alanna@piiqmedia.com.
*** Prevention is the New Detection ***
———————————————————————————————————————
1 ”Coronavirus-Related Spear Phishing Attacks see 667% Increase in March 2020” Security Magazine, April 16, 2020
https://www.securitymagazine.com/articles/92157-coronavirus-related-spear-phishing-attacks-see-667-increase-in-march-2020
2 Fruhlinger, Josh ”Top Cybersecurity facts, figures and statistics for 2020” CSO Online, Mar 9, 2020
https://www.csoonline.com/article/3153707/top-cybersecurity-facts-figures-and-statistics.html
3 Coble, Sarah ”Cost of Insider Threats Rises 31%” Infosecurity Magazine
https://www.infosecurity-magazine.com/news/cost-of-insider-threats-rises-31/
View source version on businesswire.com:https://www.businesswire.com/news/home/20200923005658/en/
Alanna Nardella-Frost, alanna@piiqmedia.com
KEYWORD: MASSACHUSETTS UNITED STATES NORTH AMERICA
INDUSTRY KEYWORD: PROFESSIONAL SERVICES SECURITY TECHNOLOGY LEGAL INSURANCE SOFTWARE FINANCE
SOURCE: PiiQ Media
Copyright Business Wire 2020.
PUB: 09/23/2020 10:20 AM/DISC: 09/23/2020 10:21 AM
http://www.businesswire.com/news/home/20200923005658/en
‘;
var element = document.getElementById(“sub_message”);
element.appendChild(subMessage);
console.log(“Code Loaded!”);
} else {
var subMessage = document.createElement(‘div’);
subMessage.id = ‘sub-message-top’;
subMessage.class = ‘panel panel-default’;
subMessage.style.backgroundColor = ‘#eee’;
subMessage.style.borderRadius = ‘5px’;
subMessage.style.padding = ’10px’;
subMessage.style.marginTop = ’25px’;
subMessage.style.marginBottom = ’25px’;
subMessage.innerHTML =
‘
We are making critical coverage of the coronavirus available for free. Please consider subscribing so we can continue to bring you the latest news and information on this developing story.
Subscribe Today’;
var element = document.getElementById(“sub_message”);
element.appendChild(subMessage);
console.log(“Code Loaded!”);
}
}
