The spearphishing risk from publicly exposed employee contact info

    The biggest risk of a data breach comes from spearphishing (something that keeps business IT departments nervous). No amount of training or software filters will prevent a highly targeted, highly personalized email from scaring an executive into thinking their daughter was in a car accident (or something else personal and jarring, using her name and info). These risks are real, and even the best prepared companies fall victim to highly surgical attacks, and the main reason bad actors are able to craft these attacks is the Data Broker industry. Data Brokers and People Search Sites make it easy to research any employee of a company and find out everything about them and their family members, including contact info, home address, cell phone numbers, etc. This information is frequently used to craft spearphishing attacks which have an incredibly high success rate. The hypothesis is if companies invested in protecting their employees' external info (publicly exposed in Google, outside of the walls and purview of IT), this would mitigate the risk. Companies like Privacy Bee could be hired to clean up all the publicly exposed contact info from a company's employees, which will make it harder for hackers to craft highly personalized attacks, decreasing the spearphishing risk. It doesn't stop everything, but this paper should present a compelling hypothesis to a highly technical business audience (CTO-type persona) that scrubbing employee contact info from Data Brokers will result in a substantially lower risk of experiencing a data breach from spearphishing attacks.'