Thought Leadership
In today’s digitally networked world, companies are increasingly the target of cyber attacks. Attackers are primarily targeting managers, who are a particularly attractive target group due to their access to sensitive data and extensive rights within IT systems.
A new study by GetApp examines the vulnerability of executives to cyberattacks and how companies can improve their cybersecurity.
Highlights of the study:
- 64% of managers in Germany have been the target of a cyberattack at least once in the last 18 months.
- 65% of respondents in whose companies managers have already been the target of cyber attacks state that these have increased in the last 3 years.
- 34% of managers ignore safety training.
- Phishing attacks are still considered to be the biggest cyber security risk among executives in Germany.
Managers are more likely to fall victim to a cyberattack than other employees
When it comes to cyber security, simple mistakes can have big consequences. For example, things like an easy-to-guess password can lead to a successful break-in by a hacker. The consequences are even more devastating when the cyber attack hits a person in a leadership position.
Cyber criminals are aware of these consequences and target executives: 64% of the IT experts surveyed stated that senior executives in their company had been the target of at least one cyber attack in the last 18 months. In addition, 72% of IT experts stated that managers are more likely to fall victim to cyberattacks than other employees.
What’s more, attacks are on the increase: 65% of respondents whose managers have been the target of a cyber attack state that these attacks have increased in the last three years.
Senior employees are still falling for phishing attacks
Although the way in which hackers attack executives varies, in many cases known vulnerabilities are exploited. The study shows that the attacks were mainly enabled by email phishing (56%), malware (43%) and attacks on passwords (31%).
Often elementary mistakes lead to companies being exposed to cyberattacks. When it comes to the actions of executives that have led to a cyberattack, downloading files from unknown or untrusted sources (41%) is the main problem, along with weak passwords (41%). In addition, 34% of executives ignored cyber security training.
Looking at this data, it is unsurprising that email phishing is still the biggest threat. The following measures can help to reduce the dangers posed by phishing:
- Regular training: Short, regular training sessions for employees to educate them on current phishing tactics and teach them how to safely handle suspicious emails.
- Phishing tests: IT departments can send phishing emails to employees to see who clicks on an attachment. These employees can then be further trained and tested.
- Advanced security technologies: Investment in email security programs that can automatically detect and block suspicious activity.
- Multi-level authentication: Implementation of strong authentication procedures such as multi-factor authentication to further secure access to sensitive data and systems.
German companies have a higher risk of document fraud among senior executives
Identity fraud by individuals in senior management poses a major cyber risk to corporate data and financial assets and should be a cause for concern as attacks such as AI deepfakes become an increasingly serious threat.
In fact, the study shows that 27% of managers have already been affected by an AI-supported deepfake attack. This figure is above the international average of 21%.
Identity fraud has also occurred more frequently among German managers in the last 18 months. 43% work in companies that have experienced at least one case of identity fraud against a manager in this period. The international average is 41%. The figure is highest in the USA, where 54% of managers have been victims of identity fraud.
“The risk of falling for identity fraud can be greatly reduced through training. 80% of IT and security experts believe that managers should receive more cyber security training than other employees. However, in more than a third of companies (36%) this is not the case. Awareness of common attack vectors and the application of best security practices can minimize human vulnerabilities that are most often exploited by attackers,” said Ines Bahr, content analyst for the study.
(pd/GetApp)
