Phishing in the C-Suite: 96% of Executives Vulnerable to Attacks

By   ISBuzz Team
Writer , Information Security Buzz | May 10, 2015 05:05 pm PST

This problem is spreading across the organisation as 80% of users failed to detect at least one of seven phishing emails.

Phishing in the C-SuiteAccording to a recent survey, 96% of executives failed to tell the difference between a real email and a phishing email 100% of the time.

This is among one of the key findings featured in Harpooning Executives: How Phishing Evolved into the C-Suite, a joint eBook written by Intermedia and Intel Security. This eBook highlights how phishing has evolved into “whaling” and why executives are optimal targets. Phishing and spear phishing have become increasingly popular attack strategies. Today’s cyber criminals use phishing tactics to evade traditional spam and malware filters in order to wreak havoc on corporate infrastructures.

Spear Phishers Go upstream To Reel In The Big Fish

Corporate data presents significant profit opportunities for today’s cyber criminals. As “phishers” look to increase their financial reward, executives have become prime targets for spear phishing attacks. These spear phishing attacks, also known as “whaling,” leverage personal information regarding an executive to gain access to confidential data that can be exploited for profit.

Spear phishing (a fraudulent attempt to obtain confidential information from a specific organisation, using spoof email messages that appear to come from a trusted source) is one of the most commonly used cyberattacks. According to research from the SANS Institute, 95% of all attacks on the enterprise network are the result of successful spear phishing. Spear phishing attacks no longer only target large, publicly-traded companies. They can have dangerous ramifications to any business, regardless of size.

“Companies are fighting a never-ending battle against phishing attacks. This poses real risks to businesses including data theft, financial loss, and tarnished reputations,” said Michael Baker, Vice President, Intel Security. “As the phishing landscape continues to evolve, businesses need to take a more strategic approach to mitigate potential threats. Education, protection and preparation are the first steps.”

How Companies Can Avoid “Getting Hooked”

To help businesses lower their risk of an attack, Intermedia and Intel Security recommend a three-pronged approach:

  • Educate Employees and Executives – Educating users and executives is one of the most important things you can do to reduce your company’s vulnerabiliy to an attack. Having a step-by-step training program that leads users through active learning exercises, designed by certified security experts, can help ensure users don’t fall victim to an attack. A prime example of this is Facebook’s annual Hacktober initiative. A full list of phishing best practices can be found in our eBook.
  • Install Comprehensive Propetction – Think beyond anti-virus protection. An advanced email protection suite that includes real time URL scanning and email continuity provide additional layers of protection to help fend off sophisticated phishing attacks.
  • Prepare for the Worst – Email can be made more vulnerable by adding applications and other services because it creates additional security gaps in your infrastructure. When it comes to filling these security gaps, it’s important to think beyond email. Deploying an integrated cloud solution with single sign-on, secure file sync and share, Data Loss Prevention and email archiving capabilities helps ensure you fill these gaps should one layer of protection fail.

“Many businesses operate under the false assumption that traditional client-based anti-virus technology will be enough to protect against a phishing attack,” said Jonathan Levine, Intermedia’s Chief Technology Officer. “An integrated, cloud-based email protection solution backed by a 24/7 security team can help companies significantly reduce their risk of an attack.”

For more detailed information on our three-pronged security approach –including a downloadable list of educational best practices – read Intermedia and Intel Security’s eBook at HERE.

About Intermedia

intermediaIntermedia is a one-stop shop for cloud business applications. Its Office in the Cloud(tm) suite integrates the essential IT services that SMBs need to do business, including email, file syncing and sharing, conferencing, instant messaging, identity and access management, mobility, security and archiving. Office in the Cloud goes beyond unified communications to encompass a wide breadth of fundamental IT services, delivered by a single provider.Think of Office in the Cloud as your “Business Cloud Platform.” Intermedia’s services are integrated into its HostPilot(R) Control Panel. This means you’ve got just one login, one password, one bill and one source of support–which makes the cloud easier to use and more efficient to manage.Intermedia further streamlines the experience by offering enterprise-class security, a 99.999% uptime service level agreement and 24/7 phone support with typical hold times of less than 60 seconds.Intermedia serves over 65,000 businesses and has more than 5,500 active partners, including VARs, MSPs, telcos and cable companies. Its award-winning Partner Program lets partners sell under their own brand with control over billing, pricing and other elements of their customer relationships. Intermedia is the world’s largest independent provider of hosted Exchange.

Intermedia has over 600 employees worldwide who manage numerous datacenters to power its Office in the Cloud–and who work to deliver customers and partners Intermedia’s Worry-Free Experience(tm). Learn more at [4]

About Intel Security

Intel securityMcAfee is now part of Intel Security. With its Security Connected strategy, innovative approach to hardware-enhanced security, and unique McAfee Global Threat Intelligence, Intel Security is intensively focused on developing proactive, proven security solutions and services that protect systems, networks, and mobile devices for business and personal use around the world. Intel Security is combining the experience and expertise of McAfee with the innovation and proven performance of Intel to make security an essential ingredient in every architecture and on every computing platform. The mission of Intel Security is to give everyone the confidence to live and work safely and securely in the digital world. [5].

Note: Intel, the Intel logo, McAfee and the McAfee logo are registered trademarks of Intel Corporation in the United States and other countries. HostPilot, Office in the Cloud and Worry-Free Experience are registered trademarks or trademarks of, Inc. in the United States and/or other countries. Other names and brands may be claimed as the property of others.

No computer system can be absolutely secure.