Are insurance executives safe after the murder of UnitedHealthcare CEO?

Polak: We’ve already seen lookalike crimes since the murder of Brian Thomson, including the stabbing of a CEO in Michigan and a Florida woman threatening a health insurance company with the same wording associated with the UnitedHealthcare CEO’s shooter.

One popular page, Eat the Rich, includes a series of posts that include (now inaccessible) photos and personal biographies of leaders of companies such as UnitedHealthcare, Elevance, and CVS.

As the political tensions continue to rise, we are likely to see copycat crimes continue, especially targeting organizations that are perceived to be profiting from the misery of others.

PropertyCasualty360.com: Are insurance executives, in particular, now more concerned with travel safety?

Polak: Insurance executives are the faces of their organizations, and the public will hold them responsible for corporate decisions, including those that disappoint or negatively impact customers. Insurance executives must think about their safety not just at home and in the office but everywhere they travel to ensure they are vigilant and can thwart any threats.

As executives take the road, they should view their safety and security as closely intertwined with their family unit. In addition to being targeted directly, family members often post on social media about family travel, not realizing that they are providing key information to those interested in tracking the location of their family members.

PropertyCasualty360.com: How might potential threats find their executive targets? Are family members also targets? Are they doing it online?

Polak: It is often easiest to hunt someone online by targeting family. In addition to targeting family social media accounts, which are often overlooked by executives and their security details, threat actors most frequently start on LinkedIn to obtain basic geographic information and an image of the executive.

The next most common place threat actors look for personal information is on public data brokers, which provide a wealth of personally identifiable information (PII) such as home addresses, family information, personal contact information, and much more.

In addition to social media, data brokers, and a general web search, threat actors also scour the Dark Web for additional information on their targets. The Dark Web is most useful for threat actors looking for additional PII and exposed passwords, which we have seen be used to break into online photo storage, hotel and travel rewards accounts, 401k accounts, and more.

It’s very easy to connect personal and professional identities, which leads to increased information for threat actors keen on learning personal details.
The most dangerous information exposure for an executive is personal information found on the first page of Google.

For a motivated attacker, information such as a personal mobile number can be used to track and target an executive in near real-time, although such sophistication is not often needed when a home address is freely available on any executive who has not taken action to remove it.

The scale of the personal data exposure problem for American executives is an epidemic. Picnic data on more than 10,000 C-Suite executives in the U.S. indicates that 93% have at least one home address exposed on the public web, emanating from an average of 11 data broker profiles and 43 dark web data breaches.

PropertyCasualty360.com: Is there an underlying political climate to blame for the threat on corporate executives?

Deteriorating political environments can increase uncertainty and create ideal conditions for threat actors who operate in the shadows.

As the situation in Washington unfolds, some may think their behaviors might be forgiven or pardoned, given recent events. This hasn’t happened yet, but it creates a false sense of security for threat actors who think the current political climate has created a safe space for bold, aggressive action against a perceived evil.

PropertyCasualty360.com: Are security teams for Fortune 500 companies now on high alert?

Polak: We have seen a large increase in inquiries to protect executive leaders in the past 60 days. The recent events serve as a reminder that security leaders at Fortune 500 companies should always be on high alert.

Their C-Suites are prime targets for adversaries, cybercriminals, and hacktivists. Security teams recognize that now is the time to go beyond their traditional remit – corporate buildings and systems – to protect executives and the enterprise from physical and cyber threats everywhere. Proactive prevention is the most cost effective approach. We all know the saying: an ounce of prevention is worth a pound of the cure.

PropertyCasualty360.com: What can corporate executives do to mitigate their digital exposure?

Polak: It’s crucial to reduce unnecessary and dangerous digital footprints continuously. The most important place to start for both executives and their families is PII found on the public web.

Unfortunately, data brokers sell PII to anyone, good and bad people alike. Identifying and taking down the PII on data broker profiles needs to be a continuous process, because this data is usually re-published after a certain period of time.

It’s critical that corporate executives talk to their CSOs and CISOs to seriously consider enterprise-grade, turnkey managed services to mitigate digital exposure automatically and continuously.

See also:

• U.S. pharmacies crippled by cyberattack at UnitedHealth's Change Healthcare
• Policyholder communications in the wake of UnitedHealth cyberbreach
• Senators blast UnitedHealth CEO for lackluster cybersecurity, monopoly