Connect with us

Hi, what are you looking for?


Management & Strategy

Digital Executive Protection: Protecting Highly Visible Individuals from Personal Cyberattacks

A tailored approach to digital executive protection allows security teams to maximize resources and identify threats without relying on 24×7 physical executive protection

A tailored approach to digital executive protection allows security teams to maximize resources and identify threats without relying on 24×7 physical executive protection

Executive protection teams face threats from many sources including social media, telephone, email, and event in-person physical threats. The teams must determine which are valid threats that require action, and which are mere online rants or harassment that should be monitored, but are largely harmless. When the threat is concerning enough to cause teams to take action, a typical response consists of physical, procedural, and technical security protocols (guns, guards, gates). However, unless an individual has 24×7 executive protection (which is costly), these threats don’t often escalate while an executive protection team is present. Because of this, digital executive protection is critical.

Social Media Monitoring

The major social media platforms have teams who can detect threatening behavior and violent rhetoric, and remove it quickly. As a result of their success, a lot of the threatening content is moving to non-traditional forums or social media platforms that are less-regulated. These sites include deep web forums and dark web doxxing sites where actors are very organized and structured about who’s information to target and release on the Internet. There are also special interest forums focused on technology, finance, or even home to disgruntled ex-employees that pose significant risk. 

Technical Signature Analysis

People like to post online, and they tend to do so when they are emotionally charged. The perception of online anonymity has changed the game and sometimes individuals go so far as to make physical threats. When actors post they leave a digital trail. That trail can be monitored. Sophisticated actors don’t  use real names or locations, but timely attribution can link the actor’s real identity to an online persona,monitoring can ensue, and alerts can be generated if threats occur. In addition, the actor’s posts may unknowingly reveal a location or leave an IP address allowing him to be further identified. 

The Proper Approach to Digital Executive Protection

Advertisement. Scroll to continue reading.

A tailored approach to digital executive protection allows security teams to maximize resources and identify threats without relying on 24×7 physical executive protection. This approach includes:

Tailored Social Media and Open Source Intelligence Collection: Building a collection engine that minimizes visibility gaps is critical: everything from breach data, to external traffic sources, to foreign media posts, Protective DNS, and business information should be optimized. For example if a threat actor posts a vile threat but deletes it a day later, the collection engine should be able to catch it. This requires appropriate data engineering of structured and unstructured data  to search and alert. 

Threat Actor Engagement and Tailored Access: Seeing and engaging actors requires access to the platforms where they engage, an authentic looking profile, and research. If a threat actor is harassing or making accusations against a company’s executive team, they are likely to leave digital breadcrumbs on chat forums or websites designed to attack the company, as well as social media forums. 

Technical Signatures Analysis: Public information sources can help identify a threat actor’s patterns. This data can reveal important information enabling experienced investigators to to match  online activity, a general physical location, or movement patterns over time. 

Meaningful Analysis: A system that alerts on the proper negative sentiment in a timely manner is critical to relevant and actionable intelligence. Understanding social norms, stylometric attributes, and context to actors allows analysts  to rapidly identify and determine malicious capability and intent.

Attribution and Coordination: A critical factor in successful digital executive protection is the ability to attribute an actor’s online personas without alerting the actor. This approach includes:

• Watching for pattern of life indicators such as the threat actor conducting surveillance activities

• Collecting and analyzing content for trigger words or photos

• Recurring communication with the Client’s security or physical team. Attribution should not be resource intensive and should occur in a timely manner

None of these many elements are a solution in themselves, but together they can seamlessly bridge the physical and the digital world. Combining these pieces allows a digital investigator to continue executive protection monitoring, manage the intelligence for a threat actor as well as the victim, and ensure proper protection. 

Written By

Landon Winkelvoss is Co-founder and VP of Security Strategy at Nisos.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem