Why is senior management at risk?
All levels of an organisation are at risk from hackers – but senior management is coming under increasing risk of attack. Executives in these positions may well have considerable access to sensitive data, including personal records and financial details. This creates a potential way in for malicious actors. Senior management personnel are also more likely than more junior professionals to take such data on business trips. Some may also use a single device for both personal and business information – a significant weak spot.
What kinds of attack target executives?
So-called "whaling attacks" are increasing. These target "big beasts" in a company, rather than smaller "fish". Such attackers may attempt to obtain credentials that let them request financial transactions such as wire transfers. They may also try to gain access to sensitive personal data to use in future attacks. A well-known but still-used phishing attack involves informing an executive that they have gained travel rewards privileges that require high-level access to their computer.
Hackers will use whatever they can find
Not all sensitive data is contained within an organisation. Today's massively connected business world means that most senior staff will have public profiles on social media platforms such as LinkedIn. Hackers often use this information to try to persuade managers that they are well-informed potential clients or contacts, and to get them to relax their guard. With some social media platforms, simply deleting a hasty message is unlikely to make it permanently inaccessible.
Not all hacking happens online
Attacks do not always come via electronic means. Some hackers are even moving away from email and malicious websites, and are using older technology. With so much information out there about "computer hacking", many managers may feel reassured by requests that come in phone calls or postal mail. Lulled into a false sense of security about the authenticity of the contact, executives may be freer with their comments on sensitive subjects such as trade secrets than they would be online.
What can you do to mitigate the risks?
Ensure that security is taken seriously at all levels of the organisation, and consult with IT and security specialists. Email spoofing attacks form a common way in for attackers, so verify emails through an offline forum, such as by phone. Implement all security patches for your email software as soon as possible, and implement endpoint security measures to stop malicious attachments getting through. Training executives to identify spoof attacks is also a worthwhile investment.
Stay one step ahead
New threats are constantly emerging as hackers get wise to improved defences, so senior managers must stay abreast of these. Implement regular education refreshers for senior executives, and make sure the information given is timely – last year's strong protection may prove far weaker this year. Controlled phishing is also helpful. Here, managers are deliberately sent phishing emails enticing them to enter sensitive information or click on unchecked links. If they do, in-the-moment training is given to help strengthen awareness and encourage future caution. The following infographic will help you identify some common social engineering red flags.
By IT Force
