"Spear phishers are heading up stream to reel in the big phish..."
"They have the power!" The C-Suite's authority over access to funds, systems and data, makes them a highly lucrative target to phish. Typically, we see those that lead functions related to security, risk, and compliance are the least targeted... but we'll cover that in more depth as we go.
According to a recent survey conducted by Spear Shield's partner KnowBe4, 96% of executives fail to tell the difference between a real email and a phishing email 100% of the time.
Phishing and spear phishing attacks are becoming increasingly popular attack strategies. Why? Hacking a human is a lot easier than hacking software. Phishing can be an effective way for a cyber criminal to evade detection from your traditional spam and malware filters.
Between 1st January and 30th April 2023, Spear Shield's partner Egress saw that:
Chief Finance Officer's (CFOs) was target numero uno. Receiving almost one-third (31% as seen in the infographic below), followed by Chief Executive Officer's (CEOs) in close second at 25% and Chief Marketing Officer's (CMOs) ranked third at 13%.
(Do you think the board would be okay disguising their roles as CPO - Chief Phishing Officer, or CHO Chief Hacking Officer? It could be a good deterrent, but it might be a hard sell...😅)
The data found by our friends in the Egress Defend Threat Intelligence team, found that the payloads used to target the top three CFO, CEO & CM's varied based on their position.
The Highlights
With the CFO's, there was an even split of no payload (social engineering) representing 28% and phishing links at 28%.
(Traditional SEGs be like:)
With CEO's, 33% contained phishing links and 32% contained malicious attachments.
With CMO's, 40% contained malicious attachments!
A full breakdown of the phishing attack payloads used to target the C-suite in the infographic below:
Whilst there is a slight drop... unlike Craig David's 7 day's, there was no chill on Sunday.
But, there's some interesting insights in the day's typically used to target the C-Suite that you can see below.
'Manic Monday's' can be well, manic. People are either catching up from the previous week or attempting to start their week as efficiently as possible - Lot's of rushing around can open up the risk of mistaking a phishing email with a legitimate one. Then interestingly, seeing a spike on a Saturday. With the bulk of corporate mail flow volume typically reducing over the weekend, there's less noise in the targets email and send a phishing on a Saturday could improve the cyber criminals chances of it being seen...
Phishing attacks (and cybercriminals tactics in general) are constantly evolving. They use many sophisticated techniques to evade detection by email security controls.
Whilst traditional Secure Email Gateway's (SEGs) are typically great at filtering spam, we've seen first hand that they struggle to deal with phishing links, attachments, cases of business email compromise (BEC) and payload-less attacks. Cyber criminals are evolving their approaches... it's time we do too.
Pulling user's away from their day jobs to perform online training modules can be a challenge. Pulling your C-Suite away from their day jobs to perform online training modules can be even harder..!
So, how are Spear Shield customers achieving such great results?
It's time we reset expectations from traditional user training method's. We broke down in a previous blog post insight about the human brain and tying that to cybersecurity training and found that we as human's forget approximately 50% of new information within an hour of learning it. That goes up to an average of 70% within 24 hours and 90% after a week. (you can read more here)
So, providing our C-Suite (and all of our user's!) with a technological safeguard Gartner has coined: an ICES (Integrated Cloud Email Security) layer that will help you reduce your organisations risk profile.
Spear Shield are currently running a FREE Email security assessment. Over a 2-week period, we can give you insight into:
Set-up is simple, there's no agents, minimal resource is required PLUS it includes x2 FREE Managed Phishing Simulations.
If you'd like to learn more, you can schedule a session with a member of the team today or contact the Spears at:
01473 948980
Check out some of recent customer success stories below.
About Spear Shield
Here at Spear Shield, we are continuing to invest in our goal to create one of the most cyber-secure client communities in Suffolk, East Anglia and across the UK.
Our approach is to work closely with IT teams and business leaders to help identify cyber risk, understand core business drivers and challenge the conventional approaches to legacy cybersecurity strategies to enable our customers to exceed their cybersecurity goals.
Spear Shield has a portfolio of award-winning cybersecurity solutions and services that we align to enable our customers to be able to solve even the most complex and advanced cybersecurity challenges.
The team at Spear Shield specialises in:
- Mitigating the risk of social engineering attacks and human-activated cyber risk
- Real-time asset discovery, device security and compliance
- 24/7 Managed Threat Hunting and proactive Incident Response
If you would like to learn why organisations are choosing to secure with Spear Shield, please do contact a member of the team to arrange a confidential conversation today.
The team has several year's experience working within both the private and public sector, have a very consultative approach and would welcome the opportunity to learn more about your organisation.