Attackers bypass organizations and target their leaders.

What happened

Hackers broke into the Instagram account of Chief Master Sgt. John Bentivegna, the top enlisted member of the U.S. Space Force, and displayed pro-Iran and anti-U.S. propaganda. The posts contained images and videos, including pictures of Iranian leaders and references to the Vietnam War.  

The Space Force confirmed the account had been compromised but didn’t release much more information. In a Facebook post, Bentivegna said, “Experiences like this are a good reminder that cybersecurity isn’t just an issue for organizations, it’s something we all deal with in our daily lives.” 

The concern

What the Instagram hack and Chief Master Sgt. Bentivegna’s quote highlight is an important concern: An organization must consider the digital life of its senior staff, executives, and board members as part of the organization’s interconnected attack service (what we call the “Aspen Forest Effect”). Your company leaders’ personal supply chains include home Wi-Fi, personal email accounts, social media activity, and publicly available personal information. A breach here can give attackers a way into your organization to impersonate leadership, support phishing campaigns, attempt wire fraud, gather competitive intelligence, or blackmail / ransomware the company. 

What we would do 

Our discussions start with what we call the Aspen Forest Effect. Although it looks like many different trees, an Aspen Forest is actually a single living organism with all the trees connected by the same root system. Your company today is its own Aspen Forest. In addition to your internal systems, you’re a larger, interconnected organism of supplier and customer portals, cloud providers, data centers, email systems, apps, APIs, and more. Any breach in this supply chain can work its way back to you.  

Companies need to treat executives, senior staff and board members as part of the extended attack surface – part of the Aspen Forest. That means a cybersecurity solution that monitors these leaders’ personal supply chains. The solution should help leaders and their households understand where they are exposed, reduce those exposures, and respond quickly to serious issues. At the same time, it must do so in a way that balances personal privacy concerns with the need of the company to protect itself from attack.  

Key takeaway

In today’s Aspen Forest world, a company’s cybersecurity cannot just be defensive, waiting until something happens to respond and repair. Companies need cybersecurity that plays offense; preparing, predicting and protecting. It must operate from the attacker’s perspective, and then continuously root out vulnerabilities and eliminate threats before they become breaches. 

Read the original article highlighting the Space Force member’s breach. Article

Connect with our Executive Protection advisor today to learn how your company can protect against this type of incident. Luke.morrow@guardiancssp.com