C-level executives increasingly and proactively targeted by social breaches – correlating to a rise of social-engineering attacks with financial motivation.
C-level executives increasingly and proactively targeted by social breaches – correlating to a rise of social-engineering attacks with financial motivation, says a new report titled: Verizon 2019 Data Breach Investigations Report.
Senior executives are 12x more likely to be the target of social incidents, and 9x more likely to be the target of social breaches than in previous years – and financial motivation remains the key driver. Financially-motivated social engineering attacks (12 percent of all data breaches analyzed) are a key topic in this year’s report, highlighting the critical need to ensure ALL levels of employees are made aware of the potential impact of cybercrime.
“Enterprises are increasingly using edge-based applications to deliver credible insights and experience. Supply chain data, video, and other critical – often personal – data will be assembled and analyzed at eye-blink speed, changing how applications utilize secure network capabilities” comments George Fischer, president of Verizon Global Enterprise. “Security must remain front and center when implementing these new applications and architectures.
“Technical IT hygiene and network security are table stakes when it comes to reducing risk. It all begins with understanding your risk posture and the threat landscape, so you can develop and action a solid plan to protect your business against the reality of cybercrime. Knowledge is power, and Verizon’s DBIR offers organizations large and small a comprehensive overview of the cyber threat landscape today so they can quickly develop effective defense strategies.”
A successful pretexting attack on senior executives can reap large dividends as a result of their – often unchallenged – approval authority, and privileged access into critical systems. Typically time-starved and under pressure to deliver, senior executives quickly review and click on emails prior to moving on to the next (or have assistants managing email on their behalf), making suspicious emails more likely to get through. The increasing success of social attacks such as business email compromises (BECs -which represent 370 incidents or 248 confirmed breaches of those analyzed), can be linked to the unhealthy combination of a stressful business environment combined with a lack of focused education on the risks of cyber crime.
This year’s findings also highlight how the growing trend to share and store information within cost-effective cloud based solutions is exposing companies to additional security risks. Analysis found that there was a substantial shift towards compromise of cloud-based email accounts via the use of stolen credentials. In addition, publishing errors in the cloud are increasing year-over-year. Misconfiguration (“Miscellaneous Errors”) led to a number of massive, cloud-based file storage breaches, exposing at least 60 million records analyzed in the DBIR dataset. This accounts for 21 percent of breaches caused by errors.
Bryan Sartin, executive director of security professional services at Verizon comments, “As businesses embrace new digital ways of working, many are unaware of the new security risks to which they may be exposed. They really need access to cyber detection tools to gain access to a daily view of their security posture, supported with statistics on the latest cyber threats. Security needs to be seen as a flexible and smart strategic asset that constantly delivers to the businesses, and impacts the bottom line.”