IT pros believe their CEOs are phishing victims

Out of 300 IT professionals attending the Infosecurity Europe conference, almost half (49 per cent) believe their CEO has fallen victim to a targeted phishing attack.

The results have been published in a new paper by unified security management and crowd-sourced threat intelligence company, AlienVault.

More than three quarters (82 per cent) still worry their CEO might be vulnerable to such attacks, but many fail to educate their CEOs and help them spot them.

Less than half (45 per cent) are training everyone in their organisation, including the CEO, to spot phishing attempts, 35 per cent offer such training to 'most employees', while 20 per cent do not conduct any training, whatsoever.

“The challenge that lies here is two-fold. Firstly, most phishing scams that target execs are well-crafted and researched. Similar-looking domains are registered and execs are carefully researched. Secondly, many execs have personal assistants who manage their day-to-day operations and who are often more susceptible to social engineering techniques,” said Javvad Malik, security advocate at AlienVault.

“As such, it is important to train all users within an organisation as attackers will always try to strike at the weakest links, who may not even be internal employees. CEO fraud also routinely targets third party suppliers, partners and customers, so awareness should be spread to all associated parties. To stay a step ahead, security teams need to monitor third party activity closely and use threat intelligence networks to keep abreast of the latest scams being employed by criminals.”

Image Credit: wk1003mike / Shutterstock