Monday, July 15, 2024

CEOs & Board Members “12 Times More Likely” To Be Target Of Cyber Attack

As the value of data increases, those with top-level access are fast becoming the target of choice. Here’s how, why, and what to do about it…

In the digital era, data is big business.

Recent studies have shown that just a small portion of the world’s data is publicly available. The rest? It’s stored away on private servers held by some of the largest government agencies, corporations, and enterprises.

Data like this is valuable. Increasingly so. That’s why it’s fast to become the most sought-after commodity among the less-than-savory types that scour the internet. In fact, it’s now their prime target. With a successful breach promising a big payout, they’re set on getting hold of that information via any means necessary.

Why? Well, it’s big business, after all…

Why are Board Members and CEOs such prime targets?

The answer to this question is found in another question:

Who is most likely to have the high-level privileges required to access this data?

You see, IT and cybersecurity aren’t just about protecting documents and data these days. It’s about people, too. Gone are the days where cybercriminals would waste their time chasing small targets. Nowadays, they operate just like any other business. They demand a high return on their investment.

Those at the top – CEOs, CFOs, and Board Members – are their #1 target.

The trouble is, ask most higher-ups and they’ll tell you that they feel mostly immune to these threats. That’s despite Verizon’s 2019 Data Breach Investigations Report finding those in the C-Suite are 12 times more likely to fall victim to a cyber attack. With 40% of companies citing “…their c-level employees, including the CEO, as their highest cybersecurity risk…”, change is needed.

How do these breaches occur?

CEOs, Board Members, and other executive members of the C-Suite are just as susceptible to everyday cyber-attacks, hacks, and fake emails as the next person. Staff may afford higher-ups some modicum of respect, but cybercriminals do not.

Many of these threats will sound familiar to anyone who has used the internet in the last decade. Phishing emails, malware, and viruses are all significant players. Other threats are more targeted, using the unique power dynamics afforded to those in power against them to manipulate and gain access.

Without action, those at the top are putting themselves at risk. The fallout can be catastrophic. For many, it already has been. In 2014, Target’s CEO was ousted following a severe data breach. Just three years later, a data breach at credit reference agency Equifax saw the CEO, CIO, and CSO all lose their jobs.

Those aren’t the only cyber incidents that have cost those at the top their jobs.

If changes aren’t made, they won’t be the last.

The top 3 threats facing CEOs, Board Members, and other executives

Ultimately, the responsibility for cybersecurity falls on the shoulders of those at the top.

For those eager to avoid paying the ultimate price for a cybersecurity mishap, it’s time to step up, pay attention, and take the issue seriously. While all threats carry an air of inevitability, prevention is always better than a cure. Knowledge is power – as they say – so here’s what you need to know.

1. Business Email Compromise (BEC) uses your authority against you

When cybercriminals go phishing these days, they’re looking to catch bigger fish.

Phishing emails have been around for decades, but this latest variation – commonly referred to as Business Email Compromise (BEC) – is designed to play on the inherent trust given to those at the top by secretaries, assistants, and other members of staff.

You see, those in the C-Suite don’t just have access to data. They have authority, which is often unquestioned. New phishing emails harness this inherent trust, impersonating high-ranking executives with emails to staff that ask for important information, access details, or even monetary payments.

In high-stress environments where time-poor staff are already struggling, emails like these are hardly questioned. Within seconds, sophisticated – yet fake – emails can grant cybercriminals access to important documents, data, and most anything else they desire.

Staying safe is as simple and straightforward as it’s always been. Always double-check the ‘To:’ field, the ‘From:’ field, never click on a link or download a file that looks untrustworthy, and if you’re feeling unsure? Shoot the sender a text to make sure. It’s always better to be safe than sorry.

2. Personal mobile devices put your documents at risk

Executives spend much of their time on the road or in the air.

This propensity for travel often means an increased reliance on mobile devices.

Laptops, phones, and tablets are the ultimate convenience, but convenience comes at a cost. Mobile devices are inherently insecure, as well as prone to being lost, misplaced, or stolen. As are many other portable devices the modern executive carries with them, such as USB Drives and external HDDs.

Many executives also use mobile devices to serve dual purposes – personal and business – which means they’re more likely to circumvent the exact security protocols they suggested be put implemented for staff in the first place.

Stricter use policies and procedures will help executives remember that even they have to follow security protocols to the letter, while the use of Cloud-based board management software and systems will ensure that access can be revoked at the touch of a button if a mobile device is lost, misplaced, or stolen.

3. Public WiFi is a cybersecurity minefield

Public WiFi is as much a blessing as it is a curse.

It’s wildly convenient, but it’s also vulnerable and often one of the easiest ingress points for cybercriminals looking to gain access to sensitive information. And they know it. Fake WiFi networks are nearly indistinguishable from the real thing and an absolute breeze to set up. Start one up at a local cafe, airport, or hotel, and you’re bound to get a hit.

To keep sensitive information secure and ensure nefarious third parties aren’t able to listen in on incoming or outgoing traffic, it’s best to avoid public WiFi altogether and instead tether to your mobile or personal WiFi device for internet access.

You don’t need to be yet another statistic.

Cyber attacks target executives for a reason: they’re vulnerable.

Complacency plays a significant role in making executives such an easy target for those looking to strike it big. But while Board Members, CEOs, and other executives may be a higher value target, there’s no reason why they should be more vulnerable than any other member of staff.

With a more mindful approach to day-to-day cybersecurity, cybercriminals will soon find that the big fish they’re looking to catch are starting to bite back.


Latest articles

Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code

A critical vulnerability has been discovered in the Cellopoint Secure Email Gateway, identified as...

Singapore Banks to Phase out OTPs for Bank Account Logins Within 3 Months

The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS)...

GuardZoo Android Malware Attacking military personnel via WhatsApp To Steal Sensitive Data

A Houthi-aligned group has been deploying Android surveillanceware called GuardZoo since October 2019 to...

ViperSoftX Weaponizing AutoIt & CLR For Stealthy PowerShell Execution

ViperSoftX is an advanced malware that has become more complicated since its recognition in...

Malicious NuGet Campaign Tricking Developers To Inject Malicious Code

Hackers often target NuGet as it's a popular package manager for .NET, which developers...

Akira Ransomware Attacking Airline Industry With Legitimate Tools

Airlines often become the target of hackers as they contain sensitive personal and financial...

DarkGate Malware Exploiting Excel Files And SMB File Shares

DarkGate, a Malware-as-a-Service (MaaS) platform, experienced a surge in activity since September 2023, employing...

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles