When asked about cyberthreats, many business owners immediately think of viruses, ransomware, or hackers in hoodies hiding out in some abandoned basement. However, they usually fail to consider that their own employees can also expose the company to cyberattacks and other online threats. In fact, the 2020 Verizon Data Breach Investigations Report reveals that insider threats — whether they come from a place of negligence or malicious intent — are responsible for nearly ⅓ of data breaches.
Cybercriminals target internal staff since it’s easier and more profitable than attacking a highly sophisticated operating system or cloud infrastructure. Sometimes, an unsuspecting employee clicking on a malicious link is all it takes to compromise a company’s cybersecurity.
Let’s explore the employees that cybercriminals typically target.
1. C-level executives and their executive assistants
C-level executives are extremely profitable targets since they handle high-value and confidential information, have great influence on all employees, and approve financial transactions. In fact, several of the most costly phishing attacks in history involved impersonating the company’s CEO — an act known as CEO fraud or whale phishing. These incidents include:
- Crelan Bank CEO spoof – $75.8 million
- FACC acquisition scam – $61 million
- Upsher-Smith Laboratories CEO impersonation – initially more than $50 million
- Ubiquiti Networks CEO fraud attack – almost $47 million
Interestingly, hackers are no longer just targeting C-level executives. “A CEO’s executive assistant is statistically more likely to be a very attacked person than a CEO,” says Ryan Kalember, EVP of Cybersecurity Strategy at Proofpoint.
2. Marketing and public relations (PR) personnel
Proofpoint’s Protecting People 2019 report shows that 36% of the identities associated with a data breach can easily be found online by going through corporate websites, social media accounts, and publications.
It’s no surprise then that compared to other departments, marketing and PR teams are at the highest risk from phishing and malware attacks, simply because their email addresses are readily accessible. Marketing professionals promote themselves on social media and other digital platforms, while PR executives include their full names and contact information in press releases and news sections of company websites.
3. R&D and engineering staff
In terms of volume of malware and phishing attacks encountered, the R&D and engineering department has the highest in comparison to other departments. This is most likely due to the sensitive nature of data that they deal with.
A highly publicized example is when cybercriminals stole files from Boeing related to the C-17, one of the most expensive planes that the Pentagon has ever created. The research and development costs associated with the development of the cargo aircraft amounted to $3.4 billion. The cybercriminals were able to retrieve classified information such as detailed drawings with measurements, pipeline and electric wiring systems, and flight test data.
More recently, North Korea was accused of attempting to hack Pfizer for its COVID-19 vaccine research data.
4. Sales representatives and managers
Sales representatives and managers are also among the most targeted users because of the nature of their roles. They often need to reply to unsolicited emails, which exposes them to more phishing scams. Not only that, but they also communicate frequently with finance departments and external organizations.
If hackers gain control of a sales rep’s email account, they can use it to funnel money to other bank accounts or trick the victim’s contacts into giving away personal data, financial information, and confidential records.
5. Accounting and finance employees
Cybercriminals often launch attacks for financial gain, so anyone who moves money in an organization is a prime target, such as accounting and finance staff. In fact, the Proofpoint report shows that the most common imposter email subject lines are related to payment.
Now that you’ve identified the most targeted people in your company, you can allocate the strongest threat protections to them. Do so with ease by partnering with F1 Solutions Inc. With the help of our IT experts and enterprise-class cybersecurity solutions, you won’t have to worry about cyberattacks again. Download our FREE cybersecurity eBook to learn more.