Partner Article

96% of c-suite executives vulnerable to attacks

According to a recent survey, 96% of executives failed to tell the difference between a real email and a phishing email 100% of the time* (source: McAfee Phishing Quiz, Intel Security).

This is among one of the key findings featured in Harpooning Executives: How Phishing Evolved into the C-Suite, a joint eBook written by Intermedia and Intel Security. Released today, this eBook highlights how phishing has evolved into “whaling” and why executives are optimal targets. Phishing and spear phishing have become increasingly popular attack strategies. Today’s cyber criminals use phishing tactics to evade traditional spam and malware filters in order to wreak havoc on corporate infrastructures.

Spear phishers go upstream to reel in the big fish

Corporate data presents significant profit opportunities for today’s cyber criminals. As “phishers” look to increase their financial reward, executives have become prime targets for spear phishing attacks. These spear phishing attacks, also known as “whaling,” leverage personal information regarding an executive to gain access to confidential data that can be exploited for profit.

Spear phishing (a fraudulent attempt to obtain confidential information from a specific organisation, using spoof email messages that appear to come from a trusted source) is one of the most commonly used cyberattacks. According to research from the SANS Institute, 95% of all attacks on the enterprise network are the result of successful spear phishing. Spear phishing attacks no longer only target large, publicly-traded companies. They can have dangerous ramifications to any business, regardless of size.

“Companies are fighting a never-ending battle against phishing attacks. This poses real risks to businesses including data theft, financial loss, and tarnished reputations,” said Michael Baker, Vice President, Intel Security. “As the phishing landscape continues to evolve, businesses need to take a more strategic approach to mitigate potential threats. Education, protection and preparation are the first steps.”

How companies can avoid “getting hooked“

To help businesses lower their risk of an attack, Intermedia and Intel Security recommend a three-pronged approach:

• Educate employees and executives – Educating users and executives is one of the most important things you can do to reduce your company’s vulnerabiliy to an attack. Having a step-by-step training program that leads users through active learning exercises, designed by certified security experts, can help ensure users don’t fall victim to an attack. A prime example of this is Facebook’s annual Hacktober initiative. A full list of phishing best practices can be found in our eBook.
• Install comprehensive protection – Think beyond anti-virus protection. An advanced email protection suite that includes real time URL scanning and email continuity provide additional layers of protection to help fend off sophisticated phishing attacks.
• Prepare for the worst – Email can be made more vulnerable by adding applications and other services because it creates additional security gaps in your infrastructure. When it comes to filling these security gaps, it’s important to think beyond email. Deploying an integrated cloud solution with single sign-on, secure file sync and share, Data Loss Prevention and email archiving capabilities helps ensure you fill these gaps should one layer of protection fail.

“Many businesses operate under the false assumption that traditional client-based anti-virus technology will be enough to protect against a phishing attack,” said Jonathan Levine, Intermedia’s Chief Technology Officer. “An integrated, cloud-based email protection solution backed by a 24/7 security team can help companies significantly reduce their risk of an attack.”

This was posted in Bdaily's Members' News section by Intermedia .