Image: Pixaby

The Strategic Security Survey report by Dark Reading shows that 58% of organizations in 2021 accused phishing of being the primary cause of problems. 53% cited phishing as a direct cause of security incidents, and for 48%, this would be the most likely cause of an incident. Because of this, corporations must increase phishing precautions.

According to Tempest Security Intelligence, a Brazilian cybersecurity company, phishing that has CEO and other high-level executives is the main kind is spear phishing – which occurs from a previous study and data collection on certain users to make a personalized approach, which can culminate in the theft of the credential of one of these executives.

In possession of a CEO’s credential, the criminal can, for example, request funds, financial transfers or sensitive information without raising suspicion in an attack known as CEO Fraud. These attacks can reach a high complexity depending on the target and interest.

Tempest Security Intelligence and phishing precautions

A recent report released by Tempest Security Intelligence rescues the case of an executive of a UK company who reports a telephone conversation with the CEO of the company’s headquarters (based in Germany), who requested the urgent transfer of more than €200 thousand to a Hungarian supplier. According to the deposition, the voice on the phone sounded like the company’s CEO; however, the victim talked to a fraudster using a deep fake system.

According to IC3 (Internet Crime Complaint Center) records, the FBI body centralizing Internet scam complaints and account theft (executive and non-executive) generated more than US$ 1.7 billion in financial losses in 2019. and more than US$ 1.8 billion in 2020. With this issue in mind, security experts have a consensus that companies need Security Awareness solutions, including training and security awareness in the company’s routine, to position employees as the front line of business security.

Even so, there is a long way to go. A survey conducted late last year by the National Cybersecurity Alliance found that 64% of respondents had no access to any cybersecurity advice or training.

Steps to increase security

According to Gartner, there are three success factors for a Security Awareness service:

1 – The first is to have leadership aligned with a vision of awareness of the importance of digital security.

2 – The second is results-oriented metrics and behavioural indicators through reports indicating employee training engagement.

3 – Finally, there is the effective communication of the business values, a moment of application of the insights obtained in the previous steps.