If you’re in the C-suite, you’d better get yourself some phishing protection. The hackers are coming after you, and they’re not going to stop because you’re just too lucrative a target.
According to the 2019 Verizon Data Breach Investigation Report, social engineering attacks were up last year against C-level executives. Further amplifying the point, an article on SC Magazine website went on to say, “Compared to previous years covered by the report, C-level executives last year were 12 times more likely to be the target of a social engineering incident and nine times more likely to be the target in a breach caused by social engineering.”
“Whereas before, a global phishing email might elicit a worthwhile haul of bank details and other criminally commoditized data, the modern cybercrime organization recognizes the value in more targeted, high level attack,” said Brian Higgins, security specialist at Comparitech in response to the report.
If you’re not going to provide phishing protection for every employee, you also better be prepared to replace their missing salaries. According to an article on HelpNetSecurity website, BEC scammers have now added “payroll diversion” to their repertoire in which “The attacker creates an email account, makes it look like it belongs to the individual they are attempting to impersonate, and contacts the personnel in charge of payroll.”
“Assuming the identity of the CEO seems to be the preferred tactic for the threat actors, but there is no reason that this type of attack cannot utilize the identity and role of any employee within a company. As the primary aim is to divert a monthly salary payment to a bank account the criminal gang controls, it’s logical they would ideally purport to be those most likely to receive the highest compensation,” email security outfit Agari points out.
Just in case you’re are hoping that “this too shall pass,” the latest numbers show why BEC/EAC scams are here to stay. And why are they here to stay? Because they’re the most lucrative.
According to an article on Security Week, during 2018 “the greatest financial loss to internet crime came from business email compromise (BEC) and email account compromise (EAC) scams. Here, 20,373 victims lost a total of $1.298 billion.” Seeing as how BEC losses in 2017 were reported to be $676 million, it would seem the number has doubled in one year.
Most executives know about phishing attacks and the damage they can do to their organizations, but apparently they’re not doing much about it because the numbers keep going up. The very people in a company who can prevent these kinds of attacks by demanding corporate-wide phishing protection, are falling down on the job.
With low-cost, cloud-based email security with Advanced Threat Defense quickly and easily deployable, CEOs and other executives have run out of excuses to protect themselves and their employees. There’s only question left to ask: what are you waiting for?