Malia Spencer | July 01, 2013

Executives fall for phishing scams, too

All that IT security training that companies are giving rank-and-file employees may well be needed for those at the top, according to findings from Wombat Security Technologies.

Looking across its customer base, the firm found that 33 percent of Fortune 500 corporate executives are be taken in by phishing scams.

Last week, we noted that insider threats need to be considered when establishing a security plan, and now it looks like companies shouldn't overlook training for its executives, including CEOs.

Wombat, which conducts simulated phishing attacks as part of its training course, said it found executives were not only clicking on malicious links in emails but they also were giving up log-in credentials, which can give outsiders a way in to conduct other attacks.

According to research by the Ponemon Institute in 2012, the average cost of cyber crime for the 56 organizations the group studied was $8.9 million, up 6 percent over 2011. The most costly crimes were denial-of-service attacks, malicious insiders and Web-based attacks. However, the study noted that smaller organizations had a higher proportion of cyber crime costs related to viruses, worms, trojans, phishing and stolen devices.

After looking at results of executive phishing attacks, the team at Wombat has a couple tips:

  • Remember the assistants. Anyone with access to an executive's email should be trained on how to avoid phishing attacks.
  • "My time is too valuable," is no excuse to not learn about phishing.

Read the article at Pittsburgh Business Times