TECH TRENDS
The C-suite conundrum : are senior executives the Achilles ’ heel of cybersecurity ?
The C-suite are not immune to cyberattacks and are often targeted over email . Whether it ’ s inbound spear phishing attacks or outbound mistakes resulting in a damaging data breach , the C-suite are vulnerable . Jack Chapman , SVP of Threat Intelligence at Egress , a KnowBe4 company , explains how the C-suite are at risk and what can be done to mitigate this .
In today ’ s digital landscape , an organisation ’ s C-suite and senior executives hold the most valuable corporate data and sign-off authorities , representing the highest potential risk over email . Whether it ’ s inbound spear phishing attacks or outbound mistakes resulting in a damaging data breach , the C-suite are vulnerable .
But what do cybercriminals want from these individuals , are breaches always a result of external actors and what can organisations do to protect their top decision-makers ?
Decoding cybercriminals ’ fascination with the C-suite
Sometimes referred to as a whaling attack , threat actors will often dedicate more time and resources to a phishing email against a senior executive or C-level , using a less generic approach than they would against the rest of the workforce .
As a form of spear phishing , cybercriminals usually carry out heavy reconnaissance on the individual and the organisation to leverage convincing impersonation and social engineering tactics . Because the attacks often lack an attachment or link-based payload , it is difficult for technologies that rely on signature-based detection to identify them .
They may pretend to be another stakeholder within the organisation , a trusted business associate or someone within their supply chain , using minor , hard-to-notice typographical errors in an email address or a compromised legitimate account . If a compromised account is used to send the phishing email , it can be nearly impossible for an individual to identify the email as malicious , but the attacks often bypass traditional technologies that use reputationbased detection methods .
Cybercriminals aim to trick an individual into revealing valuable corporate information , transferring funds out of the organisation or heavily disrupting operations . Their considerable influence and authority makes the C-suite an attractive target .
Reasons threat actors target the C-suite
In short , C-level executives have insights , access and control over privileged company data , systems and finances . Such information and access are highly coveted by cybercriminals , due to their potential for exploitation and illicit gain .
Secondly , senior executives are often busy , with a significant workload and tight deadlines , meaning they have less time to thoroughly review emails and determine their legitimacy . Egress ’ 2023 Data Loss Prevention report revealed that 66 % of employees use a mobile phone to access their email outside of work and this percentage is likely higher for time-pressed
14 www . intelligentcxo . com