The digital exposure of high-ranking corporate executives through social media activity, professional profiles, and metadata represents a growing threat vector in the cybersecurity landscape says a new report from Rapid7.
The report says 60 percent of an individual’s digital risk exposure is easily retrievable through a general search on the web. This publicly-available information includes public records, videos, and articles, as well as details like educational and career histories, and even signatures.
Individually these may seem to be pieces of innocuous information, but when pieced together they can be exploited in various cyber scams, including business email compromise (BEC), phishing attacks, and impersonation attempts, posing a direct threat to organizational security.
“When you look at LinkedIn, which is probably the best platform for threat actors to target C-level people from different organizations, it’s a very sensitive platform and we observe that a lot of people don’t sometimes set up it correctly and disclose a lot of things,” says Jeremy Makowski, senior threat intelligence researcher at Rapid7. “You can observe what they like, what they don’t like, what they comment, what they don’t comment, all this kind of information is a mine of gold for threat actors.”
Public records represent a significant and accessible vulnerability for executives and their companies. Information like property deeds, voter registrations, business licenses, and official company appointments can be easily found and aggregated. This data fuels Open-Source Intelligence (OSINT) activities, allowing malicious actors to construct detailed profiles containing physical addresses, family connections, financial assets, and personal routines.
As well as the information being used to target executives themselves it can also be used to launch BEC and impersonation attacks against other staff in the organization. Makowski adds, “If you have not only the name, family name, phone number, email address, sometimes for Americans social security number, you can go very, very far, and it’s very easy to impersonate someone, especially someone who is well exposed like the CEO of a company.”
You can read more and get the full report on the Rapid7 blog.
Image credit: karelnoppe/depositphotos.com
![the-role-of-encryption-in-the-cybersecurity-landscape-[q&a]](https://thetechbriefs.com/wp-content/uploads/2025/01/2324-the-role-of-encryption-in-the-cybersecurity-landscape-qa.jpg)