Why the C-Suite is Being Targeted by Hackers and What You Can Do

By Amisha Shah | Tuesday, September 10th, 2019

Senior management and c-level executives are a staggering 12 times more likely to be the target of social engineering related incidents (Verizon Data Breach Investigations Report 2019). This is due to attacks becoming increasingly sophisticated and convincing with hackers using familiar email addresses and posing as trusted entities.

What’s more is that breaches are no longer just ‘smash and grab’ in style. Through gaining the trust of their targets hackers are now stealing confidential data and money over long periods of time. How, you ask? Whaling is the most common and perhaps the favourite approach used by cyber criminals to trick senior management personnel into sharing confidential data.

Whaling attacks are specifically angled at c-level and senior management employees at a firm, known as ‘whales’ to hackers in comparison to smaller 'fish' at an organisation. This group of individuals are a prime target due to their decision-maker status and control over a firm's purse strings. A combination of a busy schedule and the frequency of signing things off and approving costs on a regular basis makes it very easy for leaders to overlook a threat and fall victim to a whaling attack.

These types of attacks are typically more difficult to identify in comparison to phishing attacks due to the highly personalised nature of the threat. Hackers will spend more time putting these traps together because the ROI can be extremely rewarding. The most common technique used is email. What would otherwise seem like a perfectly legitimate looking email is designed to acquire sensitive company and/or client information. Other malicious methods such as phone calls and post mail are also deployed by hackers to trick employees in powerful positions to give access to confidential data.

How to reduce C-suite phishing attacks

Therefore, businesses are encouraged to invest time and money into security awareness for all employees. And, leaders should be made aware of how attractive they are to cyber-crime due to the power they hold and the doors they are able to unlock. To be one step ahead of cyber criminals firms are advised to follow the easy tips outlined below.

•   Educate senior management on how desirable a target they are
•   Implement regular managed phishing and training
•   Mark all external emails to help employees be more cautious around requests for personal information
•   Promote safe and secure sharing of confidential information
•   Encourage senior management to have minimal personal information in the public domain as this can be used to create compelling attacks against them

How to spot a whaling attack

Be wary of short, generic messages
Double check before clicking or downloading anything and send anything suspicious you come across to IT
Watch out for emails to groups