TheCorporateCounsel.net

Verizon recently published its 2023 Data Breach Investigations Report, and one of its more interesting findings is that, when it comes to cybersecurity, a company’s senior leaders are often its weakest link – particularly when it comes to the burgeoning category of “social engineering” attacks.  Here’s an excerpt from Verizon’s press release:

The human element still makes up the overwhelming majority of incidents, and is a factor in 74% of total breaches, even as enterprises continue to safeguard critical infrastructure and increase training on cybersecurity protocols. One of the most common ways to exploit human nature is social engineering, which refers to manipulating an organization’s sensitive information through tactics like phishing, in which a hacker convinces the user into clicking on a malicious link or attachment.

“Senior leadership represents a growing cybersecurity threat for many organizations,” said Chris Novak, Managing Director of Cybersecurity Consulting at Verizon Business. “Not only do they possess an organization’s most sensitive information, they are often among the least protected, as many organizations make security protocol exceptions for them. With the growth and increasing sophistication of social engineering, organizations must enhance the protection of their senior leadership now to avoid expensive system intrusions.”

Like ransomware, social engineering is a lucrative tactic for cybercriminals, especially given the rise of those techniques being used to impersonate enterprise employees for financial gain, an attack known as Business Email Compromise (BEC). The median amount stolen in BECs has increased over the last couple of years to $50,000 USD, based on Internet Crime Complaint Center (IC3) data, which might have contributed to pretexting nearly doubling this past year.

– John Jenkins