TECH TRENDS
C-suites on the go . Mobile devices make spear phishing attacks more difficult to identify , as usually only the display name is shown , so it is harder to spot an incorrect address .
Additionally , those in C-suite roles may find themselves in the spotlight , leading lives that are fairly public . Whether this is via an active social media account or speeches at conferences and events , cybercriminals have a wealth of opensource intelligence ( OSINT ) readily available to them . This can then be used to craft convincing spear phishing or impersonation attacks .
How the C-suite has been targeted over a 90-day period
Egress data reveals that , from the C-suite , Chief Executive Officers ( CEOs ) were the number one target for phishing emails , receiving 23 % of attacks , closely followed by Chief People Officers ( CPOs ), who received 21 %. Down from first place since Egress did a similar investigation in 2023 , Chief Finance Officers ( CFOs ) ranked third with 19 %.
Having access to systems , data and funds , it comes as no surprise that CEOs and CFOs have placed in the top three targeted C-levels . Similarly , senior HR executives are privy to sensitive personal data including recruitment , employee relations and payroll , making them high-value targets for threat actors .
Another interesting note is that C-suite members whose roles related to information security , compliance and technology tend to rank very low – likely because cybercriminals still anticipate a lower success rate due to their elevated cyberawareness .
Risk isn ’ t just an inbound issue
The human element accounts for 74 % of all breaches , so , when thinking about an organisation ’ s riskiest users , it is negligent to consider that employees are only vulnerable to external actors . In fact , in 2023 , 91 % of organisations experienced security incidents caused by outbound data loss within Microsoft 365 , including misdirected emails and attachments and data exfiltration .
These outbound events could include employees replying to a phishing email , clicking the wrong recipient in the Outlook autocomplete drop-down , accidentally sending the wrong attachment or sending work to a personal device to look at after hours .
As innocent as these actions may be if they are carried out by a senior executive , the www . intelligentcxo . com
15