show image

GlobalData Technology

Providing actionable insight into the technology industry

Why business leaders are 12 times as likely to fall victim to social engineering attacks

With their access to high-value systems and data, C-suite executives are a prime target for social engineering hacks. This year’s Verizon Data Breach Investigation Report (DBIR) found social attacks, including business email compromises (BECs) against enterprise executives, are on the rise.

Speculating that the combination of proximity to high-value assets and the intensive pressure of their roles, which limits the time they have to scrutinise messages, makes them more vulnerable than most employees in less critical positions, the Verizon DBIR reported that employees in leadership roles are 12 times more likely to be the victims of credential theft or other social engineering attacks, such as being tricked into transferring money to an adversary’s bank account.

Such attacks are initiated through a social platform but are not associated with malware or malicious employee behaviour. Incidents such as financial pretexting and phishing are among the 370 financially-motived social engineering incidents recorded by the report last year, 248 of which were verified to be breaches.

The Verizon DBIR, which examined 41,686 security incidents including 2,013 confirmed data breaches, did find that one notable type of social engineering attack – W-2 phishing attacks against human resources workers used to file false tax returns – were virtually eliminated. The theory is that widespread awareness led to better protections and controls over employee tax information, but there is no definitive proof of what dramatically reduced the number of these incidents.

In the report, which divides incidents into nine categories, Verizon found that as organisations move more of their data to the cloud and other digital depositories, they may be putting assets at risk by failing to institute appropriate controls. Cloud solutions may offer cost and efficiency benefits, but a lack of safeguards can leave companies vulnerable to attacks.

This article initially featured on Verdict, which is part of the same group as NS Tech and GlobalData