Sunday Security has found a new way to close what has been a potential weak point in cybersecurity in the enterprise. That potential weak point is the organization’s executives, specifically their personal online accounts.
“Anyone who does any basic phishing can probably get into one of those accounts,” said Sunday Security CEO Zack Ganot. Ganot was explaining that attackers have found out that the easiest way to attack a well-protected enterprise is to start by attacking senior executives who have access to the organization’s most sensitive data. In many cases, once they get access to that person’s information, they have what they need to break into the enterprise itself.
Ganot said that Sunday Security grew out of a consulting practice in which he and others found that they were spending several days with each senior executive to help secure their accounts. “And even then it wasn’t really an ongoing protection situation,” he said.
“We’d go over the settings, then go beyond the settings and actually take a deep dive into the accounts to see who’s connected and who has permission,” Ganot explained, then they’d see if anything malicious or suspicious was going on in the account.
“That would take a really long time to do in a consulting capacity,” he said. This led to the realization that these tasks needed to be automated.
The result is Sunday Security, a service that monitors the online accounts of senior executives in the organization for suspicious activities.
“The executive alone may not have enough incentive to do this,” Ganot said. “A lot of executives don’t necessarily recognize that this is really a threat. Should they be dedicating time, resources energy to this?”
Business to Business to Consumer
“I think that’s one of the reasons why, unlike some of our competitors, we’ve gone through the B2B2C approach, which is, we think there’s a combined interest both on the enterprise and on the personal side.”
Ganot said that’s why Sunday Security wants to tackle this through the enterprise security team, as opposed to trying to convince someone to download an app from the store.
“Essentially, it protects these accounts from getting hacked. Once you connect these accounts, the algorithm analyzes them. It goes over all the connected accounts and scores them, then it will tell you how secure your accounts actually are.”
Once the accounts are analyzed, Sunday Security helps configure them so that they meet the organization’s security requirements, then it makes sure they aren’t compromised in the future.
The goal is to close the gap between enterprise cybersecurity and personal security for senior executives where the two areas merge. This gives the enterprise team the visibility it needs into the security of their executives’ personal accounts.
Because the security monitoring is performed remotely from Sunday’s security operations center, the whole thing can be up and running in less than a day. The company says that it takes less than thirty seconds to secure an individual account.
Once Sunday Security is in place, you’ve eliminated important risks to the organization, including the possibility that someone takes over a senior executive’s social media account to the detriment of the company.
Ganot gives an example of someone pretending to be the CEO of a company announcing on Twitter that he was selling the company, or perhaps providing a malicious link. Such a social media post would be assumed to be genuine because it came from the CEO’s account, and would result in significant damage to the company’s reputation, not to mention its stock price. That’s the kind of damage that Sunday Security works to prevent.