Most Read Articles
Verizon: hackers are targeting C-level executives with social engineering attacks
Corporate computer attacks are on the rise as hackers increasingly target the C-level executives who have easy access to sensitive information, according to a report from technology provider Verizon released today.
The trend poses an escalating risk for supply chains as companies increasingly digitalize their operations and conduct e-commerce sales through online payments, placing vast amounts of personal data on computer databases.
C-level executives are now the major focus for socialÂ engineering attacks, where hackers pretend to befriend their targets through fraudulent business emails, winning their trust to convince victims to click on links or reveal passwords, according to theÂ Verizon 2019 Data BreachÂ Investigations Report (DBIR).
Also known as "pretexting," these attacks can reap large dividends because of senior executives' often unchallenged approval authority, and their privilegedÂ access to critical systems, Verizon said. One reason for the growing trend is that top execs are typicallyÂ time-starved and under pressure toÂ deliver, so they tend to quickly review and click on emailsÂ prior to movingÂ on to the next, or even have assistants manage that email on their behalf.
Statistically, senior executives are now 12 times more likely to be the target of social incidents—andÂ 9 times more likely to be the target of social breaches—than in previous years, the report found. Now in its 12th edition, the Verizon report analyzed 41,686Â security incidents, and 2,013 confirmed breaches, from 86 countries.
Cyberattacks have received growing attention in recent years, following supply chain incidents like a 2013 hack that stole millions of shoppers' credit card data from retailer Target Corp., and the 2017 "Petya" and "Wannacry" ransomware attacks that hobbled container shipper Maersk A/S and Mondelez International Inc.
The report also highlighted how the growing trend to share and storeÂ informationÂ within cost-effective cloud based solutions is exposing companiesÂ to additional security risks.Â Analysis found that there was a substantial shiftÂ towards compromise of cloud-based emailÂ accounts via the use of stolenÂ credentials.
"EnterprisesÂ are increasingly using edge-based applications to deliver credible insights andÂ experience. Supply chain data, video, and other critical--often personal--data WILL be assembledÂ and analyzed at eye-blink speed, changing howÂ applications utilize secure network capabilities,"Â George Fischer,Â president of Verizon Global Enterprise, said in a release. "SecurityÂ mustÂ remainÂ front andÂ center when implementing these new applications andÂ architectures."
Other trends identified in the report showed that:
- cyber-attacks on human resources personnel have decreased six-fold from last year, as W-2 taxÂ form scams have almost disappeared from the study's dataset,
- credit card chip and pin payment technology has started delivering securityÂ dividends, pushing theÂ number ofÂ physical terminal compromises in payment card-related breaches toÂ decrease compared to webÂ application-based compromises,
- ransomware attacks are still going strong, accounting for nearly 24 percentÂ of incidents whereÂ malware was used,
- crypto-mining attacks were hardly existent, despite receiving much attention in media reports, accounting for roughly 2Â percent of incidents,
- outsider threats remain dominant, with external threat actors remaining as the primary force behindÂ attacks (69 percent of breaches) with insidersÂ accounting for just 34 percent.
To build up defenses against these changing risks, enterprise businesses should see technicalÂ IT hygiene and network security as "table stakes" to help employees at every level to understand their risk posture and the threatÂ landscape, Verizon said.
"AsÂ businesses embrace new digital ways of working, many are unawareÂ of the new security risks toÂ which they may be exposed," BryanÂ Sartin, executive director of security professional services at Verizon, said in a release. "They really need accessÂ to cyber detection tools to gain access to aÂ daily view of their securityÂ posture, supported with statistics on the latest cyber threats. SecurityÂ needsÂ to be seen as a flexible and smart strategic asset that constantly delivers toÂ the businesses,Â and impacts the bottom line."
Join the Discussion
After you comment, click Post. If you're not already logged in, you will be asked to log in or register.
We Want to Hear From You! We invite you to share your thoughts and opinions about this article by sending an e-mail to ?Subject=Letter to the Editor: Quarter : Verizon: hackers are targeting C-level executives with social engineering attacks"> . We will publish selected readers' comments in future issues of CSCMP's Supply Chain Quarterly. Correspondence may be edited for clarity or for length.