Half Of CEOs Have Fallen Victim To Phishing Attacks

Half of chief executives have fallen victim to a phishing attack, indicating that they lack the right cyber security training to protect themselves.

Research conducted by threat intelligence firm AlienVault found that 82 per cent of IT security professionals worry that their CEOs and other executives are still vulnerable to phishing scams.

Yet despite this concern only 45 per cent provide cyber security training to all  employees, including the board, while 20 per cent do not conduct any training and instead tackle the fallout of such cyber attacks when they occur.

Javvad Malik, security advocate at AlienVault, explained that the threat from phishing is more pervasive than it ought to be, given that there are many tools to prevent scam emails being opened or executing rogue code.

“The challenge here is twofold. Firstly, most phishing scams that target execs are well crafted and researched. Similar looking domains are registered and execs are carefully researched. Secondly, many execs have personal assistants who manage their day-to-day operations and who are often more susceptible to social engineering techniques,” he said.

“As such, it is important to train all users in an organisation as attackers will always try to strike at the weakest links, who may not even be internal employees. CEO fraud also routinely targets third-party suppliers, partners and customers, so awareness should be spread to all associated parties.

“To stay a step ahead, security teams need to monitor third-party activity closely and use threat intelligence networks to keep abreast of the latest scams being employed by criminals.”

Threat intelligence tools in the IT security market allow IT professionals to get insight into nefarious activity on their networks, but phishing still presents companies with an expensive threat.

The FBI recorded a 270 per cent increase in CEO victims of fraud since the beginning of 2016. Such fraud has cost US organisations more than $2.3bn over the past three years, while each attack is estimated to cost $25,000 to $75,000. 

At times when there are numerous economic challenges and competition from all sides, such attacks have the potential to erode a company’s success.

More damming is AlienVault’s research showing that 45 per cent of IT professionals think it likely that their organisation would pay a ransom demand if their network was infected by ransomware, often trigged after a successful phishing attack.

“It’s worrying to see how many people would consider paying up if they were infected with ransomware. Negotiating with criminals is a dangerous game that offers no guarantees, and cooperating in this way just encourages more attacks,” said Malik.

Phishing scams have risen by rise by 20 per cent in 12 months, and even major cloud services are used as a vector for such attacks, so the problem is not likely to go away anytime soon.