C-level executives with access to their company’s most sensitive information are now the major focus for social engineering attacks by cyber criminals.
According to the Verizon 2019 Data Breach Investigations Report 2019, organisational leads are 12 times more likely to be the target of social incidents, and nine times more likely to be the target of social breaches than in previous years – and financial motivation remains the key driver.
Financially-motivated social engineering attacks – which account for 12% of all data breaches analysed – are a key topic in the 2019 study, and highlight a ‘critical need to ensure that ALL levels of employees are made aware of the potential impact of cybercrime’, the report states.
“A successful ‘pretexting attack’ on senior executives can reap large dividends as a result of their – often unchallenged – approval authority, and privileged access into critical systems,” says Bryan Sartin, Executive Director of Security Professional Services at Verizon. “Typically, time-starved and under pressure to deliver. Senior executives quickly review and click on emails prior to moving on to the next – or have assistants managing email on their behalf. This makes suspicious emails more likely to get through.”
The increasing success of social attacks such as those involving Business Email Compromise (BEC) – which represent 370 incidents or 248 confirmed breaches of those analysed – can be linked to the unhealthy combination of a stressful business environment combined with a lack of focused education on the risks of cyber crime.