15 May 2019

Companies warned c-suite is latest target of cybercrime

C-level executives, who have access to a company's most sensitive information, are now the major focus for social engineering attacks.

Senior executives are twelve times more likely to be the target of social incidents, and nine times more likely to be the target of social breaches than in previous years, and financial motivation remains the key driver according to the Verizon 2019 Data Breach Investigations Report.

"Table stakes"

A successful pretexting attack on senior executives can reap large dividends as a result of their, often unchallenged, approval authority, and privileged access into critical systems. This year’s findings also highlight how the growing trend to share and store information within cost-effective cloud based solutions is exposing companies to additional security risks, including cloud-based email accounts compromised via the use of stolen credentials and publishing errors increasing year-over-year. George Fischer, president of Verizon Global Enterprise said, “Security must remain front and center when implementing these new applications and architectures.” He added, “Technical IT hygiene and network security are table stakes when it comes to reducing risk. It all begins with understanding your risk posture and the threat landscape, so you can develop and action a solid plan to protect your business against the reality of cybercrime.” Bryan Sartin, executive director of security professional services at Verizon comments, “As businesses embrace new digital ways of working, many are unaware of the new security risks to which they may be exposed.”

Major findings in summary

The DBIR continues to deliver comprehensive data-driven analysis of the cyber threat landscape. Major findings of the 2019 report include show that attacks on Human Resource personnel have decreased from last year. Ransomware attacks are still going strong, but media-hyped crypto-mining attacks were hardly existent: These types of attacks were not listed in the top 10 malware varieties, and only accounted for roughly 2 percent of incidents. Outsider threats remain dominant, with external threat actors still the primary force behind attacks (69 percent of breaches) with insiders accounting for 34 percent. “Every year we analyze data and alert companies as to the latest cybercriminal trends in order for them to refocus their security strategies and proactively protect their businesses from cyber threats. However, even though we see specific targets and attack locations change, ultimately the tactics used by the criminals remain the same,” comments Mr Sartin.

Industry findings

In educational services, where there was a noticeable shift towards financially motivated crime (80 percent), with 35 percent of all breaches due to human error. Healthcare: This business sector continues to be the only industry to show a greater number of insider compared to external attacks (60 versus 42 percent respectively). For the second year in a row, financially motivated attacks outnumber cyber-espionage as the main reason for breaches in manufacturing, and this year by a more significant percentage (68 percent). In the public sector cyber-espionage rose this year, though nearly 47 percent of breaches were only discovered years after the initial attack. The complete Verizon 2019 Data Breach Investigations Report can be found here.

Email your news and story ideas to: news@globallegalpost.com