The label of this category of cybercrime may be CEO fraud. But that doesn’t mean the CEO is the only one in the criminal’s crosshairs. In addition, the HR team, IT manager, C-level and other senior executives and anyone with finance approval is likely to be on the receiving end of one of these attacks.
Finance: The finance department is especially vulnerable in companies that regularly engage in large wire transfers. All too often, sloppy internal policies only demand an email from the CEO or other senior person to initiate the transfer.
Cybercriminals usually gain entry via phishing, spend a few months doing recon and
formulate a plan. They mirror the usual wire transfer authorization protocols, hijack a relevant email account and send the request to the appropriate person in finance to transmit the funds. As well as the CFO, this might be anyone in accounts that is authorized to transfer funds.
HR: Human Resources represents a wonderfully open highway into the modern enterprise. After all, it has access to every person in the organization, manages the employee database and is in charge of recruitment. As such, a major function is to open résumés from thousands of potential applicants. All the cybercriminals need to do is include spyware inside a résumé and they can surreptitiously begin their early data gathering activities. In addition, W2 and PII scams have become more commonplace. HR receives requests from spoofed emails and ends up sending employee information such as social security numbers and employee email addresses to criminal organizations.
Executive Team: every member of the executive team can be considered a high-value target. Many possess some kind of financial authority. If their email accounts are hacked, it generally provides cybercriminals access to all kinds of confidential information, not to mention intelligence on the type of deals that may be ongoing. Thus executive accounts must receive particular attention from a security perspective.
IT: The IT manager and IT personnel with authority over access controls, password management and email accounts are further high-value targets. If their credentials can be hacked, they gain entry to every part of the organization.
No matter the size of the company the involvement of the CEO and communication with their staff is critical in the leadership, lively hood and company success.
Next post find out ~ Board Oversight and Fiduciary Duty ~ Think Before You Click!
Tina Louise ~ www.cloudplusservices.com ~ 888.871.6584