Almost half (49 percent) of those who work in IT security feel that their executive staff have fallen victim to targeted phishing scams.
New research conducted by Unified Security Management™ and AlienVault surveyed 298 IT security pros at InfoSecurity Europe in London. It was discovered that 82 percent of respondents worry that their CEOs and executive board are still vulnerable to phishing threats.
Less than half (45 percent) give training to everyone in the organisation, including the CEO. Over a third (35 percent) conduct training so that most employees in the organisation can detect malicious emails and 20 percent don't conduct any training at all to help personnel detect phishing threats, but instead deal with issues as they occur.
Almost half (45 percent) thought that it was either likely or possible that their organisation would pay up if it was infected with ransomware. Just over a quarter (28 percent) were confident that they wouldn't pay the ransom since all of their data is adequately backed up and an additional 27 percent said they would not negotiate with extortionists on principle.
“The challenge that lies here is two-fold”, said Javvad Malik, security advocate at AlienVault, “firstly, most phishing scams that target execs are well-crafted and researched. Similar-looking domains are registered and execs are carefully researched. Secondly, many execs have personal assistants who manage their day-to-day operations and who are often more susceptible to social engineering techniques. As such, it is important to train all users within an organisation as attackers will always try to strike at the weakest links, who may not even be internal employees.Malik added that, “CEO fraud also routinely targets third party suppliers, partners and customers, so awareness should be spread to all associated parties.”