It should be no surprise, but C-level executives are under attack.
It only makes sense since he or she have access to a company’s most sensitive information, which means the executives are now the major focus for social engineering attacks, according to the Verizon 2019 Data Breach Investigations Report.
Manufacturing Report: Financial Attacks on Rise
Siemens, TÜV SÜD Partner on Safety-Security
Security Spotlight: Triton Fallout, Securing Supply Chain
How Executives Think about Security
Senior executives are 12 times more likely to be the target of social incidents, and 9 times more likely to be the target of social breaches than in previous years. What is the motive? Financial remains the key driver.
Financially-motivated social engineering attacks (12 percent of all data breaches analyzed) are a key topic in this year’s report, highlighting the critical need to ensure ALL levels of employees are made aware of the potential impact of cybercrime.
“Enterprises are increasingly using edge-based applications to deliver credible insights and experience. Supply chain data, video, and other critical – often personal – data will be assembled and analyzed at eye-blink speed, changing how applications utilize secure network capabilities,” said George Fischer, president of Verizon Global Enterprise. “Security must remain front and center when implementing these new applications and architectures.
A successful pretexting attack on senior executives can reap large dividends as a result of their – often unchallenged – approval authority, and privileged access into critical systems. Typically time-starved and under pressure to deliver, senior executives quickly review and click on emails prior to moving on to the next (or have assistants managing email on their behalf), making suspicious emails more likely to get through. The increasing success of social attacks such as business email compromises (BECs -which represent 370 incidents or 248 confirmed breaches of those analyzed), can be linked to the unhealthy combination of a stressful business environment combined with a lack of focused education on the risks of cybercrime.