Careless employees with access to highly sensitive information and weak cybersecurity protocols have proven to be primary causes for successful phishing attacks. However, surveys and activity analysis have shown that C-suite represents a significant percentage of those targeted by today’s sophisticated phishing attacks.
The FBI’s 2020 Internet Crime Report revealed that phishing incidents doubled in the last year with a victim count of 241,342, making it the most common form of cybercrime in 2020. And according to Verizon’s 2021 Data Breach Investigations Report, 43% of cybersecurity breaches involved phishing.
Historically, cybercriminals have used generic strategies to execute phishing campaigns targeted towards IT and finance department professionals. However, surveys and activity analysis have shown that C-suite represents a significant percentage of those targeted by sophisticated phishing attacks.
Recognizing that the broad-based approach was not yielding expected results, attackers evolved and started targeting selected C-suite leaders in organizations. Attackers hope to catch C-level executives and their executive assistants off guard by leveraging tactics like legitimate-looking domains and well-crafted phishing methods designed to bypass email authentication and other email defenses. Respondents in a survey focused on email security reported that they felt their CEO “undervalued” email security; 40% agreed that their CEO was a “weak link” in the organization’s cybersecurity operations.
Scammers may set the stage by spoofing the C-level executive’s email address to impersonate them and authorize the finance department to make wire transfers and payments. Another tactic involves hacking the C-suite executive’s email account directly. According to CSO, organizations lose $17,700 every minute, with data breaches costing $3.92 million on average because of phishing attacks.
Protecting Your C-Suite and Organization
Malicious attackers have focused their attention on C-level executives in the hopes that they believe they are low on the target list. Therefore, organizations can protect themselves by recognizing that phishing attacks are no longer only targeted at careless employees from the IT and finance departments. Here are some ways to protect your C-suite:
Change the culture - C-suite needs to recognize that they are also high-risk targets and convey this to the whole organization. The message should be that no one should lower their guard even if an email comes from the highest authority, mainly when there are money-related requests or actions. Moreover, C-level executives need to recognize that they may also become victims of impersonation attacks. Their own carelessness and lack of phishing knowledge may lead them to accidentally send sensitive data to the wrong people.
Therefore, cybersecurity mindset and practices should be embedded into the company’s culture with C-level executives spearheading and promoting initiatives. Conversations on cybersecurity should increase awareness and communicate risk-reduction models, training, and technological improvements.
Focus on risk management – Recognize that end-users are not the only ones receiving messages that threaten security; C-level executives are as much at risk. While there is no way to eliminate risk entirely, there is a way to manage and reduce it. Security teams can lower risks by preparing for worst-case scenarios; this involves identifying various forms of attacks and knowing how to respond in the event of a breach. To address potential C-suite-related threats, consider the various methods criminals may pull to carry out a phishing attack.
Tighten email security – Because email remains the number one threat vector, companies need advanced protection against advanced email threats. AnubisNetworks' Mail Protection Service (MPS) protects against phishing by leveraging real-time network intelligence and sophisticated spoofing threat detection.
Let’s talk more about a robust email security solution with a high operationalization level. Contact us today.