In 2015, the CEO of an Austrian aircraft parts manufacturer was dismissed after he fell victim to a whaling attack that cost the company €40.9 (approx. $50 million at the time). Although whaling attacks aren’t new, they are becoming increasingly common, endangering not only the jobs of C-level employees but also the financial and brand security of the organizations they work for.
The next level of a phishing attack, whaling is the method attackers use to attempt to gain unauthorized access to executive-level credentials and data. As CSO puts it, the idea is that whaling “lands the big one.” And attackers are wise to focus their efforts on whales: Although executives usually have a greater level of access to data, they often aren’t any better trained in cybersecurity than other staff, making them a worthy target. In a Verizon study of 150,000 phishing emails, almost a quarter of executive recipients opened them and 11% opened attachments.
Part of the reason executives make easy targets is that they’re so busy and receive so many communications via email. While trying to efficiently make it through their inboxes, they often don’t take notice of red flags. Another reason they’re vulnerable is because so much of their information is easily available—their workplace, social and professional contacts, vacation plans, the conferences they attend—giving hackers plenty of material to spearphish.
To help keep your executives—and your company—safer, you can implement a handful of tools and techniques:
As whaling attacks become more common, organization are wise to invest in security measures that protect the corner office. As InfoWorld states, the cost of getting harpooned can be huge.