Research launched Monday by a cybersecurity companies supplier reveals how widespread the dangers are to executives and the organizations they ramrod from information brokers accumulating delicate information about them.
The supplier, BlackCloak, printed in a weblog the outcomes of an evaluation of 750 of its prospects, most of them executives and board members at Fortune 1000 or different giant establishments. Among the corporate’s findings:
99% of our executives have their private info out there on greater than three dozen on-line information dealer web sites, with a big share listed on greater than 100;
70% of government profiles discovered on information dealer web sites contained private social media info and photographs, mostly from LinkedIn and Facebook;
95% of government profiles contained private and confidential details about their household, relations, and neighbors;
On common, on-line information brokers maintained greater than three private electronic mail addresses for each government document.
“While maintaining data on three personal email addresses may not seem that significant to the novice eye, access to any personal email address raises the risks of unauthorized access, fraud and impersonation emails, among other digital threats,” wrote BlackCloak Director of Marketing Evan Goldberg.
Home as Soft Underbelly
The analysis additionally discovered that 40% of on-line information brokers had the IP tackle of an government’s dwelling community. “Not only could you use address information held by the broker to physically go to an executive’s home, but you could use the IP address to digitally break into their home from anywhere in the world,” noticed BlackCloak Founder and CEO Chris Pierson.
“We see corporate executives targeted all the time in their personal lives,” he advised TechNewsWorld. “If you’re targeting the CEO of GE, are you going to hack him at his GE email address, where he’s protected by corporate cybersecurity, or are you going to target him at his Gmail account or his wife’s account or his kids’ accounts, and get a foothold in his home?”
“Because everyone has been working from home for the past two years, it’s created the home as the soft underbelly of the corporation,” he mentioned.
“Data broker information has been leveraged to commit identify theft and unemployment fraud over the past two years,” he added.
Some of the dangers cited by BlackCloak are overblown, maintained Daniel Castro, vice chairman of the Information Technology & Innovation Foundation, a analysis and public coverage group in Washington, D.C.
“Data brokers are often selling data that is already public, such as information on voting records or campaign contributions,” he advised TechNewsWorld.
“Similarly,” he continued, “information that is publicly accessible on social networks or on websites is not particularly sensitive.”
However, he acknowledged that cybercriminals can use that info to perpetrate phishing assaults and impersonate an government.
Danger to Top Brass
“The reality is that data brokers present fertile grounds for hackers, abusers and stalkers,” noticed Liz Miller, vice chairman and a principal analyst at Constellation Research, a expertise analysis and advisory agency in Cupertino, Calif.
“Where else could you pay $29 for a complete dossier on an ex-girlfriend including current address and phone number, current associates residing in the same location and basic detail about that person?” she advised TechNewsWorld. “When you actually think about what this intensely sensitive data can mean in the hands of someone with no moral or ethical compass, it should terrify people.”
Data brokers have just one cause for being, famous Greg Sterling, co-founder of Near Media, a information, commentary and evaluation web site. “Their raison d’etre is to collect as much data on as many households and people as possible,” he advised TechNewsWorld.
A D V E R T I S E M E N T
“By definition then, they expose and transfer information that individuals might not want exposed or sold, or that might be sold non-consensually or without knowledge of the individuals involved.”
Armen Najarian, chief identification officer at Outseer, a supplier of cost fraud safety options in Bedford, Mass. maintained that information brokers current important dangers to executives. “In the digital era, data is power,” he advised TechNewsWorld. “It’s dangerous for any company to have such detailed profiles of highly influential business professionals.”
“Often these profiles will include highly personal information, like income and assets, which are used by cybercriminals to target and steal a victim’s identity,” he continued.
“By studying the online behavior of these executives, fraudsters have an intimate look at what’s going on in these individuals’ lives, making it easier for them to deploy highly targeted attacks,” he added.
Not So Anonymous Anonymity
Some information brokers and functions justify their voracious urge for food for information by claiming they solely share anonymized info, a declare disputed by the Electronic Frontier Foundation in a July 2021 article on its web site written by Gennie Gebhart and Bennett Cyphers.
“Data brokers sell rich profiles with more than enough information to link sensitive data to real people, even if the brokers don’t include a legal name,” they wrote. “In particular, there’s no such thing as ‘anonymous’ location data. Data points like one’s home or workplace are identifiers themselves, and a malicious observer can connect movements to these and other destinations.”
“Another piece of the puzzle is the ad ID, another so-called ‘anonymous’ label that identifies a device,” they added. “Apps share ad IDs with third parties, and an entire industry of ‘identity resolution’ companies can readily link ad IDs to real people at scale.”
While governments in another areas of the world have taken a more durable line towards information brokers, that hasn’t been the case within the U.S. “It’s an area where the laws in the United States are not as robust as they could be,” Pierson mentioned. “Over time, there have been a number of different legal proposals, but there have been no meaningful restrictions in what data brokers can do in the United States.”
“The best way to regulate data brokers would be to create a federal data privacy law that establishes basic consumer data rights, especially for sensitive personal data,” Castro suggested. “Federal law is the best way to ensure that Americans have control of their information and avoids creating a complicated state-by-state patchwork of laws.”
“The U.S. government should absolutely consider enacting legislation to regulate data brokers,” added Najarian. “This is an issue that extends beyond Fortune 1000 executives. It affects every single person who uses the internet.”