C-suite executives are increasingly being targeting in social engineering attacks, according to a new report from Verizon.
“C-level executives were twelve times more likely to be the target of social incidents and nine times more likely to be the target of social breaches than in years past,” the Verizon 2019 Data Breach Investigations Report found. The social engineering attacks appear to financially motivated, the report found.
“Financially motivated social engineering attacks 12 percent of all data breaches analyzed are a key topic in this year’s report, highlighting the critical need to ensure all levels of employees are made aware of the potential impact of cybercrime,” Verizon said.
The Verizon report also found that enterprises are using more edge-based applications to deliver credible insights and experience.
“Supply chain data, video and other critical – often personal – data will be assembled and analyzed at eye-blink speed, changing how applications utilize secure network capabilities,” said George Fischer, president/CEO of Verizon Global Enterprise in a statement.
Another finding from the report was that “A successful pretexting attack on senior executives can reap large dividends as a results of unchallenged approval authority, and privileged access into critical systems.”
Typically, very occupied senior executives quickly review and click on emails prior to moving on to the next, making suspicious emails more likely to get through.
“The increasing success of social attacks such as business email compromises, can be linked to the unhealthy combination of a stressful business environment combined with a lack of focused education on the risks of cybercrime,” the report stated.
The 2019 report also found that the growing trend to share and store information within cost-effective cloud based solutions is exposing companies to additional security risks.
“Analysis found that there was a substantial shift towards compromise of cloud-based email accounts via the use of stolen credentials,” Verizon said.
In addition, publishing errors in the cloud are increasing year-over-year. Misconfiguration led to a number of massive, cloud-based file storage breaches, exposing at least 60 million records analyzed in the DBIR dataset. This accounts for 21 percent of breaches caused by errors, Verizon explained.
Other key takeaways from the report include:
- c-level executives were twelve times more likely to be the target of social incidents and nine times more likely to be the target of social breaches than in years past;
- ransomware attacks account for nearly 24 percent of incidents where malware was used;
- the number of physical terminal compromises in payment card-related breaches is decreasing when compared to web application processes;
- attacks on Human Resource personnel have decreased from last year, including 6x fewer HR personnel being impacted compared to last year; and
- click-through rates on phising simulations for data partners decreased from 24 percent to 3 percent during the past seven years.
The big takeaway from this report is that many businesses are unaware of the new security risks to which they may be exposed.
“They really need access to cyber detection tools to gain access to a daily view of their security posture, supported with statistics on the latest cyber threats,” Fischer said in a statement. “Security needs to be seen as a flexible and smart strategic asset that constantly delivers to the businesses, and impacts the bottom line.”
To learn more findings from the 2019 report, click here.