Executives Open a Whole Lot of Spearphishing Emails, Verizon Data Breach Report Says

Verizon released today its Annual Data Breach Investigations Report and among the treasure trove of findings across an impressive list of participating global organizations is that executives are the prime identified internal recipients who open threat-laden social communications, predominately spearphishing emails, according to an analysis of 2012 data breaches.  Although the vast majority of targets (69%) within organizations can't be identified for a variety of reasons, of those who can be identified, executives and managers top the list of those responsible for data breaches resulting from the communications.

Overall, executives accounted for 16% of the breaches that come from "social" sources, mostly spearphishing emails, while managers accounted for 11% of the breaches, followed by former employees, who rounded out the top three internal targets at 10% of the breaches.  At large organizations, the picture is even worse:  executives accounted for 30% of the social source breaches, while managers accounted for 27% of the breaches.  (Percentages exceed 100% because the items presented were not mutually exclusive).

The report, written by Verizon Managing Principal for RISK Intelligence Wade Baker, notes that "executives and managers make sweet targets for criminals looking to gain access to sensitive information via spear phishing campaigns. Not only do they have a higher public profile than the average end user, they’re also likely to have greater access to proprietary information."  The often jaunty report (which mentions Led Zeppelin, bemoans high school math classes and features many zingy sentences) further adds that when it comes to executives "we all know how much they love .ppt and .pdf attachments," the frequent vehicles through which spearphishing malware enter network systems.

This finding is important given that the proportion of breaches incorporating social tactics like phishing was four times higher in 2012 than it was in 2011 and that more than 95% of all attacks tied to state-affiliated espionage employed phishing as a means of establishing a foothold in their intended victims' systems.  Not surprisingly, state-affiliated actors tied to China account for one-fifth of all breaches and 96% of espionage cases were attributed to threat actors in China.

The ranks of organizations who share data with Verizon grew to 19 during 2012 and included police organizations from around the globe, major cybersecurity consulting organizations and the top U.S. entities responsible for collecting cyber threat and incident data.  The report covers 47,000 reported security incidences and 621 confirmed data breaches.

Twitter Delicious Facebook Digg Stumbleupon Favorites More