The rise of social engineering claims, along with the number and sophistication of attackers, has grown exponentially in recent years. Cybercriminal agendas range from political to economic to social. As attacks and attackers have matured in recent years, c-suite leaders and their teams are continually targeted in new and innovative ways.
To mitigate these factors, companies must plan around individuals who are more at risk for an attack, specifically those that attackers can easily link to the company. Cyber criminals often target the most visible individuals within a company, primarily those in the c-suite and those who support and have access to them. Executives must be constantly proactive in promoting the importance of security to employees.
What Makes C-suite Leaders Vulnerable?
C-suite leaders are often vulnerable for a number of reasons. They’re the face of the company and visible to the community physically and online. C-suite executives are decision makers on everything from partnerships to budgets, have the authority to approve large payables, and have comprehensive access within the organization. Lastly, these individuals are on the move. Their schedules are tight and direct reports are expected to get the job done with minimal guidance. Compromising C-suite credentials gives attackers key placement and access within an organization to perform reconnaissance, move laterally across networks and execute on their malicious objectives.
The Human Angle
Attackers continue to find success by leveraging an essential company asset: trust. CFOs have trustworthy teams charged with diligently overseeing company financials. From their executive assistants to internal counsel to IT departments to accounts payable/receivable teams, CFOs of complex organizations trust their teams to get the job done. Trained attackers are skilled at leveraging this trust to conduct an initial attack, maintain multiple footholds on a network, conduct reconnaissance and escalate privileges, all in an effort to carry out their specific mission.
Protecting Your Organization
Creating a holistic IT security plan is critical for leaders in today’s organizations. Conducting a full IT audit will allow c-suite leaders to map out key objectives for hiring, vendor vetting and management, technology enhancements, and prioritization of budgeting for IT spend. Once a plan is in place, leaders can set clear goals for executing on their defense-in-depth plan in a multi-year process. In short, c-suite leadership needs to expect that breaches will happen on their networks, plan and budget for quick identification and remediation, and train their teams to continuously harden their defenses.download full article