Out of the blue, a user of a low-level hacking forum distributed personal data and phone numbers of hundreds of millions of Facebook users. Now everyone with an internet connection has access to them for free. It seems that the newest Facebook data leak and the EP industry are as intertwined as ever.
The incident impacted a total of 106 countries and 533 million Facebook users. As for the developed world, citizens in the US and UK were hit the hardest, with 32 million and 11 million records disclosed, respectively. Some of the data lost to the hackers include full names, locations, Facebook IDs, phone numbers, bios, and even email addresses.
As it turns out, the incident happened due to a vulnerability that the company patched back in 2019. Cybercriminals are now ecstatically celebrating the Facebook data leak and can’t wait to impersonate and scam people. Thereby, they will harm the security and safety of people worldwide, including high-level executives and ordinary citizens alike.
Executive Protection is a well-balanced system that protects four assets (people, information, reputation, and property). As with any interconnected system, a breach in one of the pillars affects all others. In the case of the recent Facebook Data Leak, a well-designed EP system should have had the provision to protect executive’s personal data from being posted on social networks in the first place.
Kevin Palacios, Owner of Latam Protection Services (Ecuador Security)
Actually, the impersonation of CEOs has been on the rise during the Covid-19 crisis we are currently experiencing. As soon as cybercriminals collect as much personal information as possible, they can start impersonating and scamming people en masse. A path to inevitable disaster.
All in all, the newest Facebook data leak will shape the security business in the months to come. Furthermore, it opens up additional avenues for misuse of data and information, with no industry or individual spared.
How the Facebook Data Leak Impacts the EP Industry
As opposed to 20 years ago, executive protection agents nowadays have a lot more on their plate. They need to consider the physical safety of their clients and be on the lookout for social media. And both duties simultaneously. The internet age has wholly devoured the once simple and straightforward business of EP.
EPAs must at least have some digital skills to safeguard online identities and reputations. But not only that. If malicious actors use social media, websites, or emails to deliver threats, proficient security professionals need to know how to respond.
As per Verizon’s 2020 Data Breach Investigation Report, senior executives in companies are twelve times more likely to fall prey to engineering incidents. Additionally, the paper shows how nearly 9 out of 10 breaches were financially-driven.
This plays a dominant role, especially because executives often share too much data on their social media profiles. The culture of over-sharing in the world of CEOs and VIPs can lead to potential criminals easily planning future attacks. And this is where risk mitigation enters the stage.
Physical and Digital Threats
It isn’t only the job of the IT department to educate the executive about the threat landscape. This burden falls on the EP team as well. As we have seen in numerous incidents involving principals and data breaches, executives are usually nonchalant about their communication channels.
I see this recent Facebook data breach as a huge reminder to all of us in Executive Protection. On the surface, it demonstrates the massive vulnerability posed by digital footprints, either our own or of those we protect. More importantly, it should serve as an example of how we need to focus on the full landscape of protection.
For individual protectors and organizations, all of our activities, capabilities, and limitations are linked. We must ensure that everything we do overlaps in an effort to improve the full spectrum of protection.
The protection of others needs to be all-encompassing. EP agents need to ensure they have a robust understanding of both physical and digital threats, as well as how to reduce or mitigate their associated risks.
They must also have a solid trust relationship with those they protect and others involved in the protective infrastructure. This will ensure protection efforts in the physical world blend with the digital world and all work in conjunction with the protected individual’s lifestyle.
Nothing we do is done in singularity, and forgetting the need to overlap physical with digital protection can create unnecessary vulnerabilities. Hopefully, every EP agent is currently using this incident to evaluate their own situation and taking a closer look at the impact this will have on their clients.
Then take the steps necessary to address any deficiencies in their own capabilities, their organization’s, or with the relationships that ultimately scope the effectiveness of any protection program.
Justin Hanson, Founder/CEO, SpecVIP Protection Group Inc.
The Expanding Job Role of EPAs
Instead of allowing their EP team to handle the information flow, principals habitually post online whatever seems adequate. However, asking for advice from EPAs could be a life-saver. That’s not to say that EPAs don’t make mistakes. Yet, that way, principals would significantly reduce the likelihood of serious data breaches.
Another job of any affluent EP team ought to be to remind the executive about being more proactive against online threats. A frequent method in this regard is self-scouting. The term entails searching for executives’ information online and educating them about how nefarious actors could exploit them.
Putting all the effort into removing personal data has never been more critical for EP industry clients. Experts urge that the security team explain the problem first and then develop an effective strategy with the IT department. At the very least, the EP team’s considerations should play a notable role in designing preventive measures.
When taken at face value, the newest Facebook data leak and the EP industry look like they don’t have much in common. But that’s only a misleading appearance that can only wreak havoc on the persons involved.
Another factor nobody is even weighing in on is the executive’s entourage, family, friends, or coworkers. Their online presence can definitely impact the threat landscape for better or worse. But like most things in life, less is more, so carefully checking all information that spreads out into the world is the only smart move.
Newest Facebook Data Leak and the EP Industry in Conclusion
The practice of collecting information from publicly available sources or OSINT is yet another playfield for malicious actors. They thrive on gathering vital and seemingly less critical data in an attempt to scam and impersonate people.
However, all data is essential in some sense.
Say a person on a principal’s entourage posts a photo on Instagram indicating the executive’s location. That’s a clear sign that the principal’s life could be recklessly put at risk.
CEOs, VIPs, and other high-level individuals aren’t immune to this phenomenon. For this reason, EP teams need to augment their knowledge and revise their skill set to include digital competencies. That’s the only way the security industry can move forward.