Friday, March 29, 2024

CEOs & Board Members “12 Times More Likely” To Be Target Of Cyber Attack

As the value of data increases, those with top-level access are fast becoming the target of choice. Here’s how, why, and what to do about it…

In the digital era, data is big business.

Recent studies have shown that just a small portion of the world’s data is publicly available. The rest? It’s stored away on private servers held by some of the largest government agencies, corporations, and enterprises.

Data like this is valuable. Increasingly so. That’s why it’s fast to become the most sought-after commodity among the less-than-savory types that scour the internet. In fact, it’s now their prime target. With a successful breach promising a big payout, they’re set on getting hold of that information via any means necessary.

Why? Well, it’s big business, after all…

Why are Board Members and CEOs such prime targets?

The answer to this question is found in another question:

Who is most likely to have the high-level privileges required to access this data?

You see, IT and cybersecurity aren’t just about protecting documents and data these days. It’s about people, too. Gone are the days where cybercriminals would waste their time chasing small targets. Nowadays, they operate just like any other business. They demand a high return on their investment.

Those at the top – CEOs, CFOs, and Board Members – are their #1 target.

The trouble is, ask most higher-ups and they’ll tell you that they feel mostly immune to these threats. That’s despite Verizon’s 2019 Data Breach Investigations Report finding those in the C-Suite are 12 times more likely to fall victim to a cyber attack. With 40% of companies citing “…their c-level employees, including the CEO, as their highest cybersecurity risk…”, change is needed.

How do these breaches occur?

CEOs, Board Members, and other executive members of the C-Suite are just as susceptible to everyday cyber-attacks, hacks, and fake emails as the next person. Staff may afford higher-ups some modicum of respect, but cybercriminals do not.

Many of these threats will sound familiar to anyone who has used the internet in the last decade. Phishing emails, malware, and viruses are all significant players. Other threats are more targeted, using the unique power dynamics afforded to those in power against them to manipulate and gain access.

Without action, those at the top are putting themselves at risk. The fallout can be catastrophic. For many, it already has been. In 2014, Target’s CEO was ousted following a severe data breach. Just three years later, a data breach at credit reference agency Equifax saw the CEO, CIO, and CSO all lose their jobs.

Those aren’t the only cyber incidents that have cost those at the top their jobs.

If changes aren’t made, they won’t be the last.

The top 3 threats facing CEOs, Board Members, and other executives

Ultimately, the responsibility for cybersecurity falls on the shoulders of those at the top.

For those eager to avoid paying the ultimate price for a cybersecurity mishap, it’s time to step up, pay attention, and take the issue seriously. While all threats carry an air of inevitability, prevention is always better than a cure. Knowledge is power – as they say – so here’s what you need to know.

1. Business Email Compromise (BEC) uses your authority against you

When cybercriminals go phishing these days, they’re looking to catch bigger fish.

Phishing emails have been around for decades, but this latest variation – commonly referred to as Business Email Compromise (BEC) – is designed to play on the inherent trust given to those at the top by secretaries, assistants, and other members of staff.

You see, those in the C-Suite don’t just have access to data. They have authority, which is often unquestioned. New phishing emails harness this inherent trust, impersonating high-ranking executives with emails to staff that ask for important information, access details, or even monetary payments.

In high-stress environments where time-poor staff are already struggling, emails like these are hardly questioned. Within seconds, sophisticated – yet fake – emails can grant cybercriminals access to important documents, data, and most anything else they desire.

Staying safe is as simple and straightforward as it’s always been. Always double-check the ‘To:’ field, the ‘From:’ field, never click on a link or download a file that looks untrustworthy, and if you’re feeling unsure? Shoot the sender a text to make sure. It’s always better to be safe than sorry.

2. Personal mobile devices put your documents at risk

Executives spend much of their time on the road or in the air.

This propensity for travel often means an increased reliance on mobile devices.

Laptops, phones, and tablets are the ultimate convenience, but convenience comes at a cost. Mobile devices are inherently insecure, as well as prone to being lost, misplaced, or stolen. As are many other portable devices the modern executive carries with them, such as USB Drives and external HDDs.

Many executives also use mobile devices to serve dual purposes – personal and business – which means they’re more likely to circumvent the exact security protocols they suggested be put implemented for staff in the first place.

Stricter use policies and procedures will help executives remember that even they have to follow security protocols to the letter, while the use of Cloud-based board management software and systems will ensure that access can be revoked at the touch of a button if a mobile device is lost, misplaced, or stolen.

3. Public WiFi is a cybersecurity minefield

Public WiFi is as much a blessing as it is a curse.

It’s wildly convenient, but it’s also vulnerable and often one of the easiest ingress points for cybercriminals looking to gain access to sensitive information. And they know it. Fake WiFi networks are nearly indistinguishable from the real thing and an absolute breeze to set up. Start one up at a local cafe, airport, or hotel, and you’re bound to get a hit.

To keep sensitive information secure and ensure nefarious third parties aren’t able to listen in on incoming or outgoing traffic, it’s best to avoid public WiFi altogether and instead tether to your mobile or personal WiFi device for internet access.

You don’t need to be yet another statistic.

Cyber attacks target executives for a reason: they’re vulnerable.

Complacency plays a significant role in making executives such an easy target for those looking to strike it big. But while Board Members, CEOs, and other executives may be a higher value target, there’s no reason why they should be more vulnerable than any other member of staff.

With a more mindful approach to day-to-day cybersecurity, cybercriminals will soon find that the big fish they’re looking to catch are starting to bite back.

Website

Latest articles

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles