High-level executives are increasingly likely to be targeted by hackers looking to gain access to businesses’ most valuable information, a new security report has found.
Verizon’s 2019 Data Breach Investigations Report, which analysed 41,686 security incidents over the past 12 months, including 2,013 confirmed breaches, revealed C-suite personnel have become a major focus for criminals due to the high level of access they have to enterprise data.
Social engineering attacks aimed at these personnel have therefore risen hugely over the past year. The report found senior executives are now 12 times more likely to be the target of social incidents and nine times more likely to be the target of social breaches than in previous years.
Successful attacks on these executives can reap major dividends for hackers as a result of their approval authority and privileged access into critical systems, which often goes unchallenged.
“Typically time-starved and under pressure to deliver, senior executives quickly review and click on emails prior to moving on to the next (or have assistants managing email on their behalf), making suspicious emails more likely to get through,” Verizon noted.
Elsewhere, the report warned that as businesses transform how they collect and analyse data – particularly at the edge of the network – criminals will increasingly look to target these edge-based applications, so security must be a top priority when implementing these new Internet of Things and big data solutions.
The trend towards convenient, cost-effective cloud services must also be a security focus, as Verizon’s analysis found that there was a substantial shift towards compromise of cloud-based email accounts via the use of stolen credentials.
Meanwhile, misconfigured cloud applications were responsible for many massive file storage breaches, exposing at least 60 million records analysed in the report. This accounts for 21 per cent of breaches caused by errors.
Bryan Sartin, executive director of security professional services at Verizon, said: “As businesses embrace new digital ways of working, many are unaware of the new security risks to which they may be exposed. Security needs to be seen as a flexible and smart strategic asset that constantly delivers to the businesses, and impacts the bottom line.”