IT pros training CEOs to spot phishing attacks
Out of 300 IT professionals attending the Infosecurity Europe conference, almost half (49 percent) believe their CEO has fallen victim to a targeted phishing attack.
The results have been published in a new paper by unified security management and crowd-sourced threat intelligence company, AlienVault.
More than three quarters (82 percent) still worry their CEO might be vulnerable to such attacks, but many fail to educate their CEOs and help them spot them.
Less than half (45 percent) are training everyone in their organization, including the CEO, to spot phishing attempts, 35 percent offer such training to "most employees", while 20 percent do not conduct any training, whatsoever.
"The challenge that lies here is two-fold. Firstly, most phishing scams that target execs are well-crafted and researched. Similar-looking domains are registered and execs are carefully researched. Secondly, many execs have personal assistants who manage their day-to-day operations and who are often more susceptible to social engineering techniques", says Javvad Malik, security advocate at AlienVault.
"As such, it is important to train all users within an organization as attackers will always try to strike at the weakest links, who may not even be internal employees. CEO fraud also routinely targets third party suppliers, partners and customers, so awareness should be spread to all associated parties. To stay a step ahead, security teams need to monitor third party activity closely and use threat intelligence networks to keep abreast of the latest scams being employed by criminals".
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.
Image Credit: wk1003mike / Shutterstock